Whether you stall or soar is up to you. Read our full Predictions 2025: The Future Of Work report to get more detail about each of these predictions and read additional predictions. Set up a Forrester guidance session to discuss these predictions or plan out your 2025 future of work strategy.

Respond to alerts generated by detection rules based on the investigation, leveraging security orchestration, automation, and response (SOAR) capabilities and other means to stop and roll back attacker activity. Build SOAR playbooks to automate and orchestrate existing incident response processes. Collaborate with cross-functional teams, including incident responders, threat hunters, and security engineering, to develop and implement new detection capabilities and strategies.

Orchestrate AI agents with SOAR. Security orchestration, automation, and response (SOAR) platforms like D3 Security, Palo Alto Networks’ AgentiX, Swimlane, and Tines have prebuilt AI agents and also allow custom agent development within SOAR playbooks. This is a good middle ground where your team can customize prebuilt AI agents to be more specific to our environment. However, in both these scenarios, testing is the responsibility of the user, which can lead to inaccuracies.

Its investigation capability doesn’t provide enough context to the analyst, and case management is provided as part of its SOAR add-on. It offers a SOAR-lite capability for free — with a limited number of playbooks and actions out of the box — and the option to upgrade to the more feature-complete SOAR. Its analyst experience is cumbersome and provides less context than others in this evaluation. However, its ability to deploy to Snowflake or AWS gives users more flexibility. Customer feedback.

When integrated with security orchestration, automation, and response (SOAR), threat intelligence accelerates triage and reduces false positives, enabling security teams to focus on high-priority threats. By embedding threat intelligence into operational workflows, firms can boost the speed and quality of security outcomes.

Forrester’s Overview Of 31 SOAR Providers

They standardize core technologies, such as security information and event management (SIEM) and security orchestration, automation, and response (SOAR), avoiding duplicate investments and lowering operating costs through scale. However, central teams can struggle to tailor security controls to faraway business units, regulatory regimes, geographies, or product lines.

Interlocks Zero Trust program manager or Zero Trust lead Security architect IAM teams Cloud architect Security engineering teams Security operations center IT research, application development, and operations teams IT architect Enterprise architect Solution architect Network architect Chief information security officer (CISO) CIO Risk management team Technologies Supporting The Role Automation and orchestration tools (e.g., security analytics and security orchestration, automation, and response [SOAR

Take Action To Turn Around A Struggling Team And Help It Soar Just as certain characteristics correlate to over- or under-performance, product leaders can take action to enhance what’s working and reverse what is not. Consider the following actions (see Figure 3): Bifurcate product management and portfolio marketing leadership. Many organizations are tempted to equate and therefore combine portfolio marketing and product management functions — don’t fall into this trap.

Security analytics platforms consolidate technologies like security information and event management (SIEM), security orchestration, automation, and response (SOAR), user behavior analytics (UBA), threat intelligence platform (TIP), and data pipeline management capabilities into a single solution. Security operations teams use security analytics platforms to centralize and manage security data, alerts, investigations, and response actions.