skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view

Summary

Palo Alto Networks has acquired security operations, analytics, and response (SOAR) vendor Demisto for $560m, a deal which enhances its play in the evolving security management market. Ovum sees this as the latest development in the industry's attempts to go beyond security incident and event management (SIEM) technology.

Demisto dovetails into PAN's security platform play

With some 150 enterprise customers on its books, Demisto was a leading player in the SOAR market, a segment that has emerged over the last few years to address the growing need for security management to extend into incident response. In the first instance, this involves playbooks to streamline human responders' activities, with integration to ticketing and IT service management systems and, beyond that, automated response. Indeed, another translation of the SOAR acronym has it standing for security orchestration, automation, and response.

Meanwhile, Palo Alto is among a handful of major cyber vendors proposing "platforms," meaning technology to span silos of security tools from multiple vendors and enable a centralized, enterprise-wide view of threats, as well as the concomitant response actions. Others include Symantec, McAfee, Cisco, and RSA. Some of them are SIEM vendors, while others identify the need to supersede SIEMs, whose shortcomings Ovum has chronicled in other reports.

SOAR and user and entity behavior analysis (UEBA) are two areas of technology that have arisen to address shortcomings in SIEM platforms, and it is no coincidence that some SIEM vendors have made acquisitions in these areas to supplement their technologies: IBM bought SOAR vendor Resilient in 2016, Splunk acquired Phantom in 2018, and RSA snapped up Fortscale in April 2018.

Palo Alto has no SIEM, but its Security Operating Platform can, in many ways, be considered as a complement or an alternative to SIEMs, and the addition of SOAR capabilities makes its security management offering a compelling one.

Appendix

Further reading

On the Radar: Seceon moves into SIEM with AI-based protection, INT003-000309 (January 2019)

"Defining a platform for managing threat intelligence," INT003-000264 (November 2018)

"Jask offers a platform for enterprises to go beyond SIEM," INT003-000162 (May 2018)

"Is SIEM dead or just on life support?" INT003-000135 (April 2018)

Author

Rik Turner, Principal Analyst, Infrastructure Solutions

rik.turner@ovum.com

Recommended Articles

;

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team: +44 7771 980316


Asia-Pacific team: +61 (0)3 960 16700

US team: +1 212-652-5335

Email us at ClientServices@ovum.com

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Email us at pr@ovum.com

Contact marketing - 
marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now