The Global Security Orchestration Automation and Response (SOAR) Market size is expected to reach $2.3 billion by 2025, rising at a market growth of 16.3% CAGR during the forecast period. Market growth is influenced by factors like growing cyber-attacks, absence of staff availability, strict laws and compliance, absence of centralized views on threats, and a large amount of false alerts that contribute significantly to the SOAR ecosystem.
SOAR (Security Orchestration, Automation and Response) is a solution stack of compatible software programs that enables an organization to gather information from various sources on security threats and cope without human help to low-level security incidents. The purpose of using a SOAR stack is to make physical and digital security activities more efficient. The term can be applied to compatible products and services that assist to identify, prioritize, standardize and automate incident response functions.

The cloud, the internet of things, and mobile today has significantly expanded the surface of the attack. Threat detection tools safeguard various network components. The deployment of different safety point solutions, however, has developed gaps in visibility. Additionally, there are vulnerabilities in data silos. Closing these gaps and incorporating information needs substantial resources, let alone time. At the same time, security teams are further overwhelmed by the alerts produced by the detection tools. If it remains this way, then the analysis of threat alerts from the disparate sources remains a manual, slow, and ineffective method.

Based on Component, the market is segmented into Software and Services. Based on Application, the market is segmented into Threat Intelligence, Incident Management, Network Forensics, Workflow Management, Compliance Management and Others. Based on Deployment Type, the market is segmented into On-Premise and Cloud. Based on Organization Size, the market is segmented into Large Enterprises and Small & Medium Enterprises. Based on End User, the market is segmented into BFSI, Retail & Consumer Goods, Government, Energy & Utilities, Healthcare, Telecom & IT and Others. Based on Regions, the market is segmented into North America, Europe, Asia Pacific, and Latin America, Middle East & Africa. There are well-established economies in the North American region that allow it to make significant investments in R&D operations, thus helping to develop new technologies in security orchestration and automation. It is predicted that the existence of influential players would be the main driver of North American market growth.

The major strategies followed by the market participants are Product launches and Partnerships & Collaborations. Based on the Analysis presented in the Cardinal matrix, IBM Corporation and Cisco Systems, Inc. are some of the forerunners in the Security Orchestration Automation and Response (SOAR) Market. The market research report covers the analysis of key stake holders of the market. Key companies profiled in the report include IBM Corporation, FireEye, Inc., Cisco Systems, Inc., Palo Alto Networks, Inc. (Demisto, Inc.), Rapid7, Inc., Splunk, Inc., Swimlane LLC, ThreatConnect, Inc.,LogRhythm, Inc. and Tufin, Inc.

Market players are taking step-by-step approaches to leverage market possibilities. Companies focus on innovative market-space competitive strategies. For instance, in August 2019, Splunk integrated with Deloitte in order to provide automated security monitoring and response capabilities which helps in driving higher fidelity and greater consistency into security workflows and outputs for organizations. The same month, FireEye launched FireEye? Network Security 8.3 and FireEye Endpoint Security 4.8; are used for enhanced detection and investigation related to advanced attacks. Similarly, Tufin collaborated with Cisco in order to launch Tufin Orchestration Suite R19-2 for helping the customers to increase the mitigation process to Cisco ACI.

Recent strategies deployed in Security Orchestration Automation and Response (SOAR) Market

Acquisition and Mergers:

  • Jul-2019: IBM acquired Red Hat for strengthening its business in every aspect of business.
  • Apr-2019: Rapid7 acquired NetFort in which NetFort’s network monitoring, visibility and analytics capabilities into its Insight cloud in order to deliver a unique combination of network visibility, security analytics, and orchestration and automation capabilities.
  • Oct-2018: Rapid7 taken over tCell which helps in increasing the capabilities of application security and helps its customers in better assessing, monitoring and protecting against application based attacks.
  • Jun-2018: Splunk acquired VictorOps in order to provide incident management platform which delivers DevOps teams an analytics-driven platform for helping in monitoring, resolving and preventing issues.
  • Apr-2018: Splunk tookover Phantom in order to deliver advanced security offerings with the help of Phantom’s SOAR platform which helps the organizations in improving the efficiency of their security operations center by automating tasks, orchestrating workflows, improving collaboration and enabling incident response at machine speed.
  • Jul-2017: Rapid7 taken over Komand in order to enhance its capabilities in Security Orchestration, Automation and Response.
  • Feb-2016: IBM acquired Resilient Systems, Inc. in order to strengthen its security business.
  • Aug-2015: Cisco Systems acquired OpenDNS in order to enhance its capabilities and deliver advanced threat protection capabilities.
  • Collaborations, Partnerships and Agreements:
  • Aug-2019: Splunk integrated with Deloitte in order to provide automated security monitoring and response capabilities which helps in driving higher fidelity and greater consistency into security workflows and outputs for organizations.
  • Aug-2019: Tufin has collaborated with Cisco in order to launch Tufin Orchestration Suite R19-2 for helping the customers to increase the mitigation process to Cisco ACI.
  • Feb-2019: Swimlane teamed up with Microsoft in order to integrate Microsoft solutions with the Swimlane platform using the Microsoft Graph Security API through which users can launch automated workflows from alerts to conduct data enrichment, obtain threat intelligence, redress threats and can implement complex incident response actions.
  • Feb-2019: IBM collaborated with Bay Dynamics in order to integrate Bay Dynamics Risk Fabric cyber risk and UEBA platform now integrates with IBM Resilient’s Incident Response Platform (IRP) for Comprehensive risk identification, incident prioritization and remediation.
  • Sep-2018: Swimlane signed collaboration agreement with McAfee in which McAfee will use the security orchestration, automation and response (SOAR) platform of Swimlane that can automate and orchestrate a number of use cases.
  • Jul-2018: Rapid7 collaborated with Microsoft in which Rapid7 customers will use Azure through InsightVM and InsightIDR for increased visibility and security vulnerability.
  • Jun-2018: Demisto, a Palo Alto Networks Company collaborated with Amazon Web Services for allowing the users to use a single orchestration platform to consume alerts for their cloud infrastructure and coordinate response and operational actions.
  • May-2018: ThreatConnect expanded its footprint to Australia by singing a partnership agreement with EMT Distribution in order to fulfill the demand of security solutions.
  • May-2018: Swimlane in collaboration with Palo Alto Networks launched orchestrator application (app) for offering critical security events context to SecOps administrators throughout the incident response process.
  • May-2018: Swimlane teamed up with VMRay for helping the customers in inspecting and classifying potentially malicious files performing deep malware analysis and automating the incident response process.
  • Apr-2018: Swimlane announced collaboration with Lastline for identifying, inspecting and responding to advanced malware attacks quickly and easily.
  • Apr-2018: IBM came into partnership with McAfee for combining IBM Resilient’s Incident Response Platform (IRP) with Data Exchange Layer (DXL), for offering Resilient IRP users the ability to query McAfee Threat Intelligence Exchange (McAfee TIE) as a threat reputation service.
  • Feb-2018: Cisco Firepower came into partnership with IBM QRadar for the advanced detection of threat and solves security issues.
  • Oct-2017: Demisto, a Palo Alto Networks Company came into partnership with Securonix for enabling the security operations center analysts for improving their mean time to detect (MTTD) and mean time to response (MTTR), and respond to cyber threats more efficiently.
  • Oct-2017: Demisto, a Palo Alto Networks Company announced partnership with tCell for delivering security solution for web applications with high detection, visibility and prevention capabilities in order to improve the security posture.
  • Oct-2017: IBM teamed up with Carbon Black in order to allow the customers to use both the capabilities of Carbon Black’s market-leading endpoint detection and response (EDR) solution, CB Response and IBM Resilient’s advanced Response Orchestration Platform, empowering security teams to respond faster and more comprehensively to modern cyberattacks.
  • Sep-2017: Demisto, a Palo Alto Networks Company and CrowdStrike signed partnership agreement for enabling he customers in preventing, detecting, and responding to the cyber threat faster and accurately.
  • Jul-2017: Splunk teamed up with Booz Allen Hamilton in which Booz will offer Booz Allen Cyber4Sight for Splunk for helping the analysts in generating threat intelligence solutions with analytics security insights.
  • Jun-2017: LogRhythm collaborated with Deloitte in order to provide its NextGen SIEM Platform technology for supporting the Deloitte’s Managed Security Services and other Cyber Security offerings.
  • Jun-2017: ThreatConnect came into partnership with CenturyLink in order to identify the threats and quickly respond to those threats accordingly.
  • Jun-2017: Splunk collaborated with Aflac for offering its Enterprise Security (Splunk ES) and Splunk User Behavior Analytics (Splunk UBA) to Aflac for managing and operationalizing threat intelligence data.
  • Mar-2017: Demisto, a Palo Alto Networks Company came into partnership with ProtectWise in order to empower the security teams in moving from breach detection to response and resolution rapidly.
  • Jan-2017: ThreatConnect collaborated with McAfee in order to integrate McAfee Enterprise Security Manager (ESM) with ThreatConnect’s solutions for addressing the response times from security events.
  • Oct-2016: LogRhythm came into partnership with Dell EMC in order to enhance its ability to capitalize on burgeoning market by bringing its security intelligence and analytics solutions to more enterprises around the world.
  • Sep-2016: ThreatConnect partnered with RSA in order to allow the users to detect and act on ThreatConnect intelligence in the RSA Netwitness? Suite which can be used for the identification of most relevant threats and quickly respond to those incidents accordingly.
  • Apr-2016: Splunk came into partnership with Accenture in order to integrate Accenture’s application services, security and digital offerings with Splunk products and cloud services for the identification of trends and improving opportunities.


  • Jul-2019: FireEye expanded its footprint to London by opening a new office in UK for serving its solutions to the UK customers.
  • Apr-2019: FireEye opened a new office in Dulles Tech Corridor in order to broaden its business to Northern Virginia.
  • Sep-2018: Rapid7 expanded its security offerings with the launch of InsightConnect, a security orchestration and automation solution which helps the security teams in reducing manual workloads and create efficiency without sacrificing control.
  • Jul-2018: Rapid7 expanded its reach to Australia and Canada for helping the customers in addressing data governance with its security analytics and automation platform.
  • Apr-2018: IBM expanded its X-Force offering by adding intelligent orchestration capabilities to its resilient incident response platform for threat and vulnerability management.
  • Jun-2017: Tufin expanded its footprint to U.S. by opening a new office in Boston in order to fulfill the increasing demand of Network Security Policy Orchestration solutions.

Product Launches:

  •  Aug-2019: FireEye has launched "FireEye? Network Security 8.3 and FireEye Endpoint Security 4.8" two new software which is used for enhanced detection and investigation related to advanced attacks.
  •  May-2019: LogRhythm launched its NextGen SIEM Platform: LogRhythm Cloud which has the functionality of security orchestration, automation and response (SOAR).
  •  Mar-2019: LogRhythm introduced LogRhythm NDR, an automated network security solution in order to detect, qualify, investigate, and respond to advanced network-borne diseases.
  •  Oct-2018: Tufin introduced Tufin Iris, its latest cloud-native solution for ensuring continuous compliance and maintaining business agility.
  •  Oct-2018: FireEye released The FireEye Market in order to address security challenges.
  •  Oct-2018: FireEye introduced FireEye? Helix? for automating security operations by integrating security information and event management (SIEM) capabilities with advanced security orchestration.
  •  Oct-2018: Tufin launched Managed Security Service Provider (MSSP) Program which makes network security policy changes in minutes reducing the attack surface and ensuring compliance.
  •  Apr-2018: Swimlane introduced Swimlane 3.0, a security operations management platform which is focused towards empowering government agencies and enterprises with orchestration and data-driven automation for incident response and improved security operations.
  •  Apr-2018: Tufin released Tufin Orca, cloud-based solution for offering security to containers and microservices.
  •  Dec-2017: LogRhythm released LogRhythm UEBA, an independent analytics product in order to detect and respond to user-based threats.
  •  Nov-2017: Demisto, a Palo Alto Networks Company introduced Security Operations Platform which offers same power of automation, orchestration, collaboration and incident management currently offered in Demisto’s Security Orchestration Platform but without the need to setup and host the infrastructure for improving the mean time to response.
  •  Feb-2017: Tufin announced the launch of Orchestration Suite R16-4 for delivering managed network security across multi-vendor and hybrid cloud networks.
  •  Aug-2016: LogRhythm announced the release of NetMon Freemium, a free version of its NetMon product which is used for commercial-grade network monitoring, forensics and analytics solution ideal for advanced threat detection and incident response.

Scope of the Study
Market Segmentation:

By Component
• Software
• Services

By Application
• Threat Intelligence
• Incident Management
• Network Forensics
• Workflow Management
• Compliance Management
• Others

By Deployment Type
• On Premise
• Cloud

By Organization Size
• Large Enterprises
• Small & Medium Enterprises

By End User
• Retail and Consumer Goods
• Government
• Energy & Utilities
• Healthcare
• Telecom & IT
• Others

By Geography
• North America
•·Rest of North America
• Europe
•·Rest of Europe
• Asia Pacific
•·South Korea
•·Rest of Asia Pacific
•·Saudi Arabia
•·South Africa
•·Rest of LAMEA

Companies Profiled
• IBM Corporation
• FireEye, Inc.
• Cisco Systems, Inc.
• Palo Alto Networks, Inc. (Demisto, Inc.)
• Rapid7, Inc.
• Splunk, Inc.
• Swimlane LLC
• ThreatConnect, Inc.
• LogRhythm, Inc.
• Tufin, Inc.

Unique Offerings from KBV Research
• Exhaustive coverage
• Highest number of market tables and figures
• Subscription based model available
• Guaranteed best price
• Assured post sales research support with 10% customization free