Santa Clara, Calif. July 4, 2023 – We are thrilled to announce that NSFOCUS has been included as a Representative Vendor in Gartner Market Guide for Security Orchestration, Automation and Response Solutions again. It is the 2nd consecutive year for NSFOCUS to be listed in this report.
This report provides a detailed analysis of the SOAR market and provides recommendations to help people responsible for the network security of their organizations to assess how SOAR can support and improve their internal security operations.
Gartner defines SOAR as a Security Orchestration, Automation, and Response (SOAR) solution that combines incident response, orchestration, and automation, and threat intelligence (TI) management capabilities in a single platform. The SOAR tool is also used to document and implement processes (also named playbook, workflows, and processes), support security incident management, and apply machine-based assistance to human security analysts and operators. Meanwhile, according to Gartner’s market guide, the SOAR solution will be used to: improve operational efficiency in security, create consistency in security processes, improve threat prevention, detection and response, and improve priority.
We believe that The following recommendations need to be considered when choosing the SOAR solution:
Support a wide range of security products across multiple existing point solution markets (such as endpoint protection platforms, firewalls, Intrusion detection and Prevention Systems [IDPS], security information and event management (SIEM), secure email gateways, SSE, and vulnerability assessment technologies);
Supports the ability to correlate and aggregate events to better flesh out events to improve security operations processes and alerts. A keyway to achieving this is by implementing a low code “playbook,” which allows processes to be coded and automation can be applied to improve consistency and save time;
Supports the ingestion of TI from a wide variety of sources and formats from third-party sources, including open sources, information sharing and analysis from industries and governments, Computer Emergency Response Teams (CERTs) and commercial providers;
Support two-way integration with IT operational solutions, such as ticketing systems for case management and collaboration tools and messaging applications for better real-time communication.
NSFOCUS Intelligent Security Operation Platform (ISOP)
The key capabilities that distinguish NSFOCUS ISOP‘s SOAR capability from other products are open system architecture and flexible deployment, ecological security capability orchestration, highly customized security process, intelligent security analysis and response, and practical case knowledge. Most importantly, AISecOps’ innovative technology capabilities have been put into deep practice with customers in multiple industries. The AI-assisted intelligent research and judgment coverage rate is as high as 96.7%, which greatly improves operational efficiency. Through the application of AI technology, noise reduction and automatic research and analysis of massive alarms are realized. With intelligent triage capabilities, scenarios and models can be upgraded to provide customers with more intelligent methods of interactive operations by combining them with SOAR. Taking incident response as a necessary application scenario, XDR technology and NSFOCUS’s rich threat intelligence data are used to help operation personnel efficiently carry out various security operations and improve the actual combat level of security operations.
Additionally, we also note that with the development of automation and smart technology, cybersecurity defenders will face more severe challenges in the future. Therefore, we are also constantly exploring more automated, intelligent, and practical security application scenarios. At present, ISOP support nearly 100 mainstream security products and hundreds of playbooks, covering closed-loop security incident response, security investigation and forensics, and security assessment and inspection. Tested by thousands of customer production or test environments, it is flexible and compatible with various cloud deployment environments and standalone application environments.
Large language model technology will also facilitate SOAR’s automation and tool opening in the future. NSFOCUS ISOP conducts research on the technological innovation of large language models and practical scenarios in application scenarios such as data processing, risk analysis, operational efficiency, and knowledge provision. Automatic feature recognition, definition and classification in data access and processing will be more convenient through the use of large language model technology. At the same time, it can also complete the aggregation analysis application of multi-source data (vulnerabilities, assets, threats, applications, systems, etc.), and identify unknown risks that cannot be identified by traditional detection rules. Large language models can also provide operations personnel with heuristic analysis, event handling recommendations, and generate analysis reports. It can also provide continuous security knowledge and suggestions for customers through large language models to improve their security operation skills. The continuous deepening of the application of large language model technology effectively reduces the uncertainty in the closed-loop process of threat analysis and operation.
NSFOCUS is committed to being your trusted network and application security provider and continues to provide enterprise-level network security products, security solutions, and security operation services based on our core competitiveness globally with the spirit of innovation, superb technologies, quality products and professional services. With the help of innovative technologies including large language models and AISecOps, NSFOCUS is playing an important role in supporting security operators and managers to respond to the continuously changing technologies and security threats.
Reference:
[1] Gartner, Market Guide for Security Orchestration, Automation and Response Solutions, Graig Lawson et al., 23 June 2023
Declaration: Note: Gartner does not endorse any vendor, product or service in its report and does not recommend that technology customers only select the highest rated or other specified vendor. Gartner reports contain the opinion of its research organization, but the opinion should not be construed as a statement of fact. In terms of this report, Gartner disclaims all warranties, express or implied, including any warranties of merchantability or fitness for a particular purpose. Gartner is a registered trademark and service mark of Gartner Inc. and/or its affiliates in the United States and worldwide and is used herein with permission, all rights reserved.