Star Rating
Languages Supported
Pricing Options

Security Orchestration, Automation, and Response (SOAR) reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

Best Security Orchestration, Automation, and Response (SOAR) Software

    Security orchestration, automation, and response (SOAR) software products are tools used to help integrate security technologies and automate incident-related tasks. These tools integrate with a company’s existing security solutions to help users build and automate workflows, simplifying the incident response process and reducing the amount of human intervention necessary to handle security incidents. Companies use these tools to create a centralized system complete with visibility into a company’s security software and operational processes. These tools also reduce the time it takes to respond to incidents, as well as the potential for human error in remediating security threats and vulnerabilities.

    SOAR tools combine aspects of vulnerability management, incident response, and security information and event management (SIEM) solutions. SOAR products are designed to provide some of each tool’s respective functionality or integrate with third-party tools. Once integrated, processes can be designed to identify incidents and automate remediation tasks.

    To qualify for inclusion in the Security Orchestration, Automation, and Response (SOAR) category, a product must:

    Integrate security information and incident response tools
    Allow security professionals to build response workflows
    Automate incident management and response tasks within workflows
    Provide formalized incident, workflow, and performance reports

    Top 9 Security Orchestration, Automation, and Response (SOAR) Software

    • CloudGuard IaaS
    • Demisto
    • D3 Security
    • Swimlane
    • SIRP
    • Intezer Protect
    • Blumira Automated Detection & Response
    • Siemplify
    • IBM Resilient Security Orchestration, Automation and Response (SOAR) Platform

    Compare Security Orchestration, Automation, and Response (SOAR) Software

    G2 takes pride in showing unbiased reviews on user satisfaction in our ratings and reports. We do not allow paid placements in any of our ratings, rankings, or reports. Learn about our scoring methodologies.
    Sort By:
    Results: 43
    View Grid®
    Adv. Filters
    (56)4.3 out of 5

    CloudGuard IaaS Cloud Network Security (vSEC) for private and public cloud platforms is designed to protect assets in the cloud against the most sophisticated threats.

    (14)4.5 out of 5

    Demisto is a platform that provides automated and collaborative security solutions.

    (68)4.2 out of 5

    D3 Security provides a proven incident management platform that empowers security operations with a full-lifecycle remediation solution and a single tool to determine the root cause of and corrective action for any threat- be it cyber, physical, financial, IP or reputational.

    (23)4.4 out of 5

    Swimlane is a leader in security orchestration, automation and response (SOAR). By automating time-intensive, manual processes and operational workflows and delivering powerful, consolidated analytics, real-time dashboards and reporting from across your security infrastructure, Swimlane maximizes the incident response capabilities of over-burdened and understaffed security operations. Swimlane was founded to deliver scalable, innovative and flexible security solutions to organizations strugglin

    (26)4.7 out of 5

    SIRP is a Risk-based Security Orchestration, Automation and Response (SOAR) platform that fuses essential cybersecurity information to enable a unified cyber response. Through a single integrated platform, it drives security visibility, so decisions can be better prioritised and response time is dramatically reduced. With SIRP, the entire cybersecurity function works as a single, cohesive unit. SIRP combines security orchestration, playbook automation and case management capabilities to integra

    (19)4.5 out of 5


    (18)4.8 out of 5
    Optimized for quick response
    Entry Level Price:$144 User/Year

    Blumira’s cloud SIEM platform offers both automated threat detection and response, enabling organizations of any size to more efficiently defend against cybersecurity threats in near real-time. It eases the burden of alert fatigue, complexity of log management and lack of IT visibility. Blumira's cloud SIEM can be deployed in hours with broad integration coverage across cloud, endpoint protection, firewall and identity providers including Office 365, G Suite, Crowdstrike, Okta, Palo Alto, Cisc

    (31)4.4 out of 5

    The Siemplify Security Operations Platform is an intuitive, holistic workbench that makes security operations smarter, more efficient and more effective. Siemplify combines security orchestration, automation and response (SOAR) with context-driven case management, investigation and machine learning to make analysts more productive, security engineers more effective, and managers more informed about SOC performance.

    The IBM Resilient Security Orchestration, Automation and Response (SOAR) Platform is the leading platform for orchestrating and automating incident response processes. IBM Resilient SOAR Platform quickly and easily integrates with your organization’s existing security and IT investments. It makes security alerts instantly actionable, provides valuable intelligence and incident context, and enables adaptive response to complex cyber threats.

    (21)4.7 out of 5

    ServiceNow Security Operations is an Enterprise Security Response engine offering security incident response, vulnerability response, configuration compliance, and threat intelligence. It’s built on the intelligent workflows, automation, orchestration, and deep connection with IT of the ServiceNow platform.

    (20)3.6 out of 5

    Tripwire is a provider of advanced threat, security and compliance solutions to confidently detect, prevent and respond to cybersecurity threats

    (3)4.5 out of 5

    ThreatConnect is a in-platform analytics and automation solution.

    (5)3.5 out of 5

    RSA NetWitness Logs & Packets is a security solution that identifies every threat and offers different solutions.

    (1)5.0 out of 5

    DFLabs' Security Orchestration, Automation and Response (SOAR) platform, IncMan SOAR, is designed for SOCs, CSIRTs and MSSPs to automate, orchestrate and measure security operations and incident response processes and tasks, all from within one single, intuitive platform. By integrating security tools, fusing intelligence, sharing knowledge and implementing seamless workflows, IncMan SOAR enables every security incident to be detected, responded to, and remediated in the fastest possible time fr

    (1)5.0 out of 5

    DTonomy is hyper-focused on security orchestration, automation and response (SOAR). DTonomy solves a critical problem facing Security teams today: too many alerts that exceed the capacity of skilled professionals to investigate and resolve them. Organizations today have hundreds to thousands of daily alerts from hundreds of sources and these numbers will only continue to grow. Most organizations are short staffed which results in inconsistent investigation processes, high mean time to response,

    (1)5.0 out of 5

    Automatically learns from human analysts and automates detection and response, never having analysts repeat the same investigations ever again.

    Harness the full power of your existing security investments with security orchestration, automation and response. With Splunk Phantom, execute actions in seconds not hours.

    0 ratings

    ATAR Labs builds next generation Security Orchestration, Automation and Response (SOAR) platforms

    0 ratings

    Ayehu’ NG is a codeless Intelligent Automation and Orchestration platform. It uses a drag-and-drop visual workflow designer to automate IT tasks in minutes. This saves 95% of the time spent remediating incidents, delivers a 35% cost reduction on repetitive manual tasks and cuts MTTR incidents by more than 50%.

    0 ratings

    Single pane of glass for detection, orchestration, automation and simulation across IT OT and IoT.

    0 ratings

    CyberSponse is a enterprise automation and orchestration platform that combines both cyber security solutions with human intuition.

    DNIF offers a comprehensive solution based on a Big Data platform that offers an end-to-end capability of processing unstructured log data, identify patterns using high speed analytics and detect complex threats.

    (3)4.8 out of 5
    Optimized for quick response

    Exabeam is SIEM that helps security operations and insider threat teams work smarter, allowing them to detect, investigate and respond to cyberattacks in 51 percent less time. Security organizations no longer have to live with missed distributed attacks, unknown threats, and manual investigations and remediation. With the modular Exabeam Security Management Platform, analysts can use behavioral analytics to detect attacks, automate investigation and incident response, and reduce storage costs.

    (1)4.0 out of 5

    FireEye Helix is a intelligence-led platform designed to simplify, integrate and automate security operations.

    0 ratings

    Security orchestration and automation helps you improve response times, reduce risk exposure and maintain process consistency across your security program. Being able to simplify your security operations means being able to prioritize alerts, improve staff efficiencies and decrease response times.

    0 ratings

    0 ratings

    IBM Cloud Pak for Security is a platform that helps you uncover hidden threats, make more informed risk-based decisions and prioritize your team’s time

    0 ratings

    Orchestration and automation to accelerate your teams and tools

    0 ratings

    JASK has re-imagined the SOC for the next decade. Today’s security teams are under constant pressure from overwhelming alert volume, so JASK is automating the manual work for the security analyst—enabling them to be more effective by focusing on higher value security functions. Understanding what makes JASK the modern SIEM for your SOC really boils down to our 3 key differentiators: - Better Visibility: The JASK ASOC platform simultaneously monitors your on-premises and heterogeneous multi-cl

    Select Grid® View
    Select Company Size
    G2 Grid® for Security Orchestration, Automation, and Response (SOAR)
    Filter Grid®
    Filter Grid®
    Select Grid® View
    Select Company Size
    Check out the G2 Grid® for the top Security Orchestration, Automation, and Response (SOAR) Software products. G2 scores products and sellers based on reviews gathered from our user community, as well as data aggregated from online sources and social networks. Together, these scores are mapped on our proprietary G2 Grid®, which you can use to compare products, streamline the buying process, and quickly identify the best products based on the experiences of your peers.
    High Performers
    D3 Security
    IBM Resilient Security Orchestration, Automation and Response (SOAR) Platform
    CloudGuard IaaS
    Intezer Protect
    Blumira Automated Detection & Response
    Market Presence