Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
There’s only so much a human security team can do in a day, yet many analysts are forced to waste time on inefficient manual processes.
In fact, 56% of large companies handle at least 1,000 security alerts per day. If each of these alerts takes 10 minutes to address, that’s over 166 hours wasted per day or 830 per week. Automation is now essential for eliminating these manual tasks so security professionals can focus on more high-value work.
That’s why today, SIEM provider, Elastic, announced the launch of Elastic Security 8.4, which introduces new native security, orchestration, automation and response (SOAR) capabilities. It also has partner integrations designed to enhance the pace of security operation centers (SOCs) and better support human analysts.
The new solution is powered by Elastic Agent and will offer native remediation and response capabilities across all users, as well as configurable alerts and integration with other SOAR vendors, enabling organizations to implement SOAR without the need to purchase additional solutions.
MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.
SOAR and open security
Elastic’s announcement comes as security automation is becoming more important for surviving the increasingly complex threat landscape.
According to IBM, organizations with fully deployed security artificial intelligence (AI) and automation spent $3.05 million less per data breach compared to those without. SOAR offers a comprehensive framework in terms of security automation.
According to Gartner, SOAR platforms are “solutions that combine incident response, orchestration and automation, and threat intelligence platform management capabilities in a single solution.” The end result is the ability to decrease the mean time-to-detection and mean time-to-respond to security incidents.
By implementing SOAR capabilities into its existing solution, Elastic hopes to advance its journey toward open security, now offering new integrations with D3 and Torq, as well as existing ones with ServiceNow, Swimlane and Tines.
“We are committed to open security, which started with us opening our security artifacts,” said Mike Nichols, vice president of product management, security at Elastic.
“By sharing the patterns of behavior we look for to identify threats and our mechanisms for stopping an attack, other companies can leverage the work we’ve already done to strengthen their own defenses,” Nichols said.
A snapshot of the SOAR market
These new capabilities place Elastic Security within the SOAR market, which researchers expect will grow at a compound annual growth rate of 14.6% to reach a value of $2.03 billion by 2025.
One of the main providers in the market is Swimlane, which provides a low-code SOAR platform designed for security professionals that don’t have coding experience, and uses webhooks and remote agents to ingest data from throughout an organization’s environment.
Earlier this year, Swimlane secured $70 million in growth funding.
Another competitor is Siemplify, acquired by Google at the start of this year for $500 million, offering organizations a cloud-native SOAR platform with a drag-and-drop user interface that analysts can use to automate administrative tasks. It also provides machine learning-based recommendations to increase the visibility of the SOC.
The main differentiator between Elastic Security and other providers in the market is its focus on open security — looking to normalize data sharing to ensure that enterprises have access to the information they need to secure their environments against modern threat actors.