# Best Security Orchestration, Automation, and Response (SOAR) Software

  *By [Brandon Summers-Miller](https://research.g2.com/insights/author/brandon-summers-miller)*

   Security orchestration, automation, and response (SOAR) software products are tools used to help integrate security technologies and automate incident-related tasks. These tools integrate with a company’s existing security solutions to help users build and automate workflows, simplifying the incident response process and reducing the amount of human intervention necessary to handle security incidents. Companies use these tools to create a centralized system complete with visibility into a company’s security software and operational processes. These tools also reduce the time it takes to respond to incidents, as well as the potential for human error in remediating security threats and vulnerabilities.

SOAR platforms combine aspects of [vulnerability management](https://www.g2.com/categories/vulnerability-management), [incident response](https://www.g2.com/categories/incident-response), and [security information and event management (SIEM)](https://www.g2.com/categories/security-information-and-event-management-siem) solutions. SOAR products are designed to provide some of each tool’s respective functionality or integrate with third-party tools. Once integrated, processes can be designed to identify incidents and automate remediation tasks.

To qualify for inclusion in the Security Orchestration, Automation, and Response (SOAR) category, a product must:

- Integrate security information and incident response tools
- Allow security professionals to build response workflows
- Automate incident management and response tasks within workflows
- Provide formalized incident, workflow, and performance reports


## Category Overview

**Total Products under this Category:** 79


## Trust & Credibility Stats

**Why You Can Trust G2's Software Rankings:**

- 30 Analysts and Data Experts
- 3,200+ Authentic Reviews
- 79+ Products
- Unbiased Rankings

G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category.


## Best Security Orchestration, Automation, and Response (SOAR) Software At A Glance

- **Leader:** [Tines](https://www.g2.com/products/tines/reviews)
- **Highest Performer:** [Barracuda Incident Response](https://www.g2.com/products/barracuda-incident-response/reviews)
- **Easiest to Use:** [Torq AI SOC Platform](https://www.g2.com/products/torq-ai-soc-platform/reviews)
- **Top Trending:** [n8n](https://www.g2.com/products/n8n/reviews)
- **Best Free Software:** [Tines](https://www.g2.com/products/tines/reviews)


---

**Sponsored**

### EventSentry

EventSentry is a hybrid Security Information and Event Management (SIEM) solution designed to assist users in monitoring and managing their IT infrastructure effectively. By combining real-time event log monitoring with comprehensive system health and network monitoring, EventSentry provides a holistic view of servers and endpoints, enabling organizations to maintain robust security and operational efficiency. This SIEM solution is particularly beneficial for IT security teams, system administrators, and compliance officers who require a centralized platform to oversee their network&#39;s security posture. It caters to various industries, including finance, healthcare, and technology, where data integrity and security are paramount. The product is designed for organizations of all sizes, from small businesses to large enterprises, looking to enhance their security monitoring capabilities while ensuring system health. One of the standout features of EventSentry is its security event log normalization and correlation engine. This functionality transforms cryptic Windows security events into easily understandable reports, providing users with valuable insights that go beyond raw event data. The descriptive email alerts generated by the system offer additional context, allowing users to respond swiftly to potential security incidents. This capability is crucial for organizations that need to comply with regulatory requirements and maintain a proactive security stance. Moreover, EventSentry includes 200 compliance and security checks that strengthen security settings and reduce the attack surface - proactively identifying issues before they become liabilities. Malware &amp; Ransomware attacks can be mitigated and detected in real time with innovative process activity monitoring and a flexible anomaly detection engine that can reveal suspicious patterns across any log source. EventSentry supports various integrations, making it adaptable to existing IT environments. This flexibility allows organizations to incorporate the SIEM solution seamlessly into their current systems, enhancing their overall security framework without significant disruption. The multi-tenancy feature further enables organizations to manage multiple clients or departments from a single platform, making it an ideal choice for managed service providers or organizations with diverse operational needs. In summary, EventSentry stands out in the SIEM category by providing a comprehensive approach to security and system monitoring. Its combination of real-time log analysis, health monitoring, and user-friendly reporting equips organizations with the tools necessary to safeguard their digital assets effectively. By leveraging this hybrid SIEM solution, users can achieve a clearer understanding of their security landscape, facilitating informed decision-making and enhancing overall cybersecurity resilience.


[Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&amp;secure%5Bad_slot%5D=category_product_list&amp;secure%5Bcategory_id%5D=2178&amp;secure%5Bdisplayable_resource_id%5D=1081&amp;secure%5Bdisplayable_resource_type%5D=Category&amp;secure%5Bmedium%5D=sponsored&amp;secure%5Bplacement_reason%5D=neighbor_category&amp;secure%5Bplacement_resource_ids%5D%5B%5D=1081&amp;secure%5Bprioritized%5D=false&amp;secure%5Bproduct_id%5D=23676&amp;secure%5Bresource_id%5D=2178&amp;secure%5Bresource_type%5D=Category&amp;secure%5Bsource_type%5D=category_page&amp;secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fsecurity-orchestration-automation-and-response-soar&amp;secure%5Btoken%5D=d5e21a5a69be865c21074d60532414226c56c10975a3260e99e94ecffc184186&amp;secure%5Burl%5D=https%3A%2F%2Fwww.eventsentry.com%2Fdownloads%2Ftrial&amp;secure%5Burl_type%5D=free_trial)

---

## Top-Rated Products (Ranked by G2 Score)
### 1. [Tines](https://www.g2.com/products/tines/reviews)
  Tines is the intelligent workflow platform trusted by the world&#39;s most advanced organizations. Companies like Coinbase, Databricks, Mars, Reddit, and SAP use Tines to power their most important workflows. With Tines, they’ve built a secure, flexible foundation to operationalize AI agents and intelligent workflows, unlocking productivity, moving faster, and future-proofing how work gets done. You can start building right away, by signing up for our always-free Community Edition and importing one of our pre-built workflows from the library.


  **Average Rating:** 4.7/5.0
  **Total Reviews:** 390

**User Satisfaction Scores:**

- **Automated Remediation:** 9.3/10 (Category avg: 8.6/10)
- **Quality of Support:** 9.6/10 (Category avg: 9.0/10)
- **Ease of Admin:** 9.2/10 (Category avg: 8.5/10)
- **Workflow Automation:** 9.6/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [Tines](https://www.g2.com/sellers/tines)
- **Company Website:** https://www.tines.com/
- **Year Founded:** 2018
- **HQ Location:** Dublin, IE
- **LinkedIn® Page:** https://www.linkedin.com/company/tines-io/ (538 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Who Uses This:** Security Engineer, Software Engineer
  - **Top Industries:** Computer &amp; Network Security, Information Technology and Services
  - **Company Size:** 39% Mid-Market, 36% Enterprise


#### Pros & Cons

**Pros:**

- Ease of Use (73 reviews)
- Automation (57 reviews)
- Customer Support (39 reviews)
- Features (31 reviews)
- Time-saving (26 reviews)

**Cons:**

- Learning Curve (15 reviews)
- Missing Features (15 reviews)
- Lack of Features (12 reviews)
- Complexity (9 reviews)
- Difficult Learning (9 reviews)

### 2. [n8n](https://www.g2.com/products/n8n/reviews)
  n8n is a workflow automation platform built for technical teams operationalizing AI. Built for technical teams, it offers 500+ integrations, custom code flexibility, and self-hosting options. With 180k+ Github Stars and a thriving community, n8n enables teams to build production-ready automation workflows that bridge AI with real business processes.


  **Average Rating:** 4.7/5.0
  **Total Reviews:** 266

**User Satisfaction Scores:**

- **Automated Remediation:** 8.1/10 (Category avg: 8.6/10)
- **Quality of Support:** 8.1/10 (Category avg: 9.0/10)
- **Ease of Admin:** 8.4/10 (Category avg: 8.5/10)
- **Workflow Automation:** 9.4/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [n8n GmbH](https://www.g2.com/sellers/n8n-gmbh)
- **Company Website:** https://n8n.io
- **Year Founded:** 2019
- **HQ Location:** Berlin, Berlin
- **Twitter:** @n8n_io (80,041 Twitter followers)
- **LinkedIn® Page:** https://linkedin.com/company/n8n (785 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Who Uses This:** CEO, Founder
  - **Top Industries:** Computer Software, Information Technology and Services
  - **Company Size:** 77% Small-Business, 18% Mid-Market


#### Pros & Cons

**Pros:**

- Ease of Use (77 reviews)
- Automation (72 reviews)
- Integrations (42 reviews)
- Workflow Management (36 reviews)
- Features (35 reviews)

**Cons:**

- Learning Curve (39 reviews)
- Difficult Learning (23 reviews)
- Missing Features (17 reviews)
- Limitations (14 reviews)
- Poor Interface Design (14 reviews)

### 3. [KnowBe4 PhishER/PhishER Plus](https://www.g2.com/products/knowbe4-phisher-phisher-plus/reviews)
  PhishER Plus is a FedRAMP Moderate certified, lightweight Security Orchestration, Automation, and Response (SOAR) and full Incident Response product designed to help organizations manage email threats that bypass existing security measures. Offering enterprise-grade security automation while maintaining full transparency and control, PhishER Plus is ideal for organizations seeking enhanced email security without the traditional complexity that comes with other platforms. PhishER Plus addresses phishing attacks and malicious email activities through community-sourced intelligence from over 13 million global users, combined with precision AI analysis. This collaborative approach delivers actionable insights and rapid threat detection capabilities, suitable for IT security teams across organizations of all sizes looking to streamline their threat response processes. Organizations achieve significant financial returns, with users experiencing 362% to 650% ROI in the first year. PhishER Plus dramatically reduces investigation and remediation, with organizations reporting: - 85% faster investigation times - 99% reduction in manual email reviews - 90% auto-tagging of reported emails PhishER Plus seamlessly complements your existing security ecosystem, making it a valuable addition to any organization&#39;s cybersecurity strategy while delivering immediate operational and financial benefits.


  **Average Rating:** 4.5/5.0
  **Total Reviews:** 548

**User Satisfaction Scores:**

- **Automated Remediation:** 8.7/10 (Category avg: 8.6/10)
- **Quality of Support:** 9.2/10 (Category avg: 9.0/10)
- **Ease of Admin:** 8.9/10 (Category avg: 8.5/10)
- **Workflow Automation:** 8.6/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [KnowBe4, Inc.](https://www.g2.com/sellers/knowbe4-inc)
- **Company Website:** https://www.knowbe4.com
- **Year Founded:** 2010
- **HQ Location:** Clearwater, FL
- **Twitter:** @KnowBe4 (16,184 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2225282/ (2,479 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Who Uses This:** IT Manager, Director of IT
  - **Top Industries:** Financial Services, Primary/Secondary Education
  - **Company Size:** 75% Mid-Market, 13% Enterprise


#### Pros & Cons

**Pros:**

- Phishing Prevention (50 reviews)
- Email Security (29 reviews)
- Automation (24 reviews)
- Security (22 reviews)
- Ease of Use (20 reviews)

**Cons:**

- False Positives (9 reviews)
- Ineffective Email Security (8 reviews)
- Email Management (7 reviews)
- Learning Curve (7 reviews)
- Setup Difficulty (7 reviews)

### 4. [Torq AI SOC Platform](https://www.g2.com/products/torq-ai-soc-platform/reviews)
  Torq is transforming cybersecurity with the Torq AI SOC Platform. Torq empowers enterprises to instantly and precisely detect and respond to security events at scale. Torq’s customer base includes major multinational enterprise customers, including Abnormal Security, Armis, Check Point Security, Chipotle Mexican Grill, Inditex (Zara, Bershka, and Pull &amp; Bear), Informatica, Kyocera, PepsiCo, Procter &amp; Gamble, Siemens, Telefónica, Valvoline, Virgin Atlantic, and Wiz.


  **Average Rating:** 4.8/5.0
  **Total Reviews:** 149

**User Satisfaction Scores:**

- **Automated Remediation:** 9.2/10 (Category avg: 8.6/10)
- **Quality of Support:** 9.6/10 (Category avg: 9.0/10)
- **Ease of Admin:** 9.5/10 (Category avg: 8.5/10)
- **Workflow Automation:** 9.3/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [torq](https://www.g2.com/sellers/torq)
- **Company Website:** https://torq.io/
- **Year Founded:** 2020
- **HQ Location:** New York, US
- **Twitter:** @torq_io (1,930 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/torqio/mycompany (393 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Information Technology and Services, Computer &amp; Network Security
  - **Company Size:** 50% Mid-Market, 29% Small-Business


#### Pros & Cons

**Pros:**

- Ease of Use (67 reviews)
- Security (61 reviews)
- Automation (59 reviews)
- Features (55 reviews)
- Threat Detection (41 reviews)

**Cons:**

- Difficult Learning (18 reviews)
- Learning Curve (17 reviews)
- Missing Features (10 reviews)
- Improvement Needed (8 reviews)
- Poor Interface Design (8 reviews)

### 5. [Microsoft Sentinel](https://www.g2.com/products/microsoft-sentinel/reviews)
  Microsoft Sentinel lets you see and stop threats before they cause harm, with SIEM reinvented for a modern world. Microsoft Sentinel is your birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make your threat detection and response smarter and faster with artificial intelligence (AI). Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can: - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft -Respond to incidents rapidly with built-in orchestration and automation of common tasks


  **Average Rating:** 4.4/5.0
  **Total Reviews:** 270

**User Satisfaction Scores:**

- **Automated Remediation:** 8.7/10 (Category avg: 8.6/10)
- **Quality of Support:** 8.5/10 (Category avg: 9.0/10)
- **Ease of Admin:** 8.3/10 (Category avg: 8.5/10)
- **Workflow Automation:** 8.4/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [Microsoft](https://www.g2.com/sellers/microsoft)
- **Year Founded:** 1975
- **HQ Location:** Redmond, Washington
- **Twitter:** @microsoft (13,114,353 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/microsoft/ (227,697 employees on LinkedIn®)
- **Ownership:** MSFT

**Reviewer Demographics:**
  - **Who Uses This:** Senior Software Engineer, Cyber Security Analyst
  - **Top Industries:** Information Technology and Services, Computer &amp; Network Security
  - **Company Size:** 42% Enterprise, 31% Mid-Market


#### Pros & Cons

**Pros:**

- Cloud Services (4 reviews)
- Easy Integrations (4 reviews)
- Features (4 reviews)
- Integrations (4 reviews)
- Integration Support (4 reviews)

**Cons:**

- Expensive (3 reviews)
- Complex Implementation (2 reviews)
- Complex Setup (2 reviews)
- Inefficient Alerts (2 reviews)
- Integration Issues (2 reviews)

### 6. [Google Security Operations](https://www.g2.com/products/google-security-operations/reviews)
  Chronicle’s cloud-native security, orchestration, automation and response (SOAR) product empowers security teams to respond to cyber threats in minutes - not hours or days. Chronicle SOAR fuses a unique threat-centric approach, powerful yet simple playbook automation, and context-rich investigation to free up valuable time and ensure every security team member is informed, productive and effective.


  **Average Rating:** 4.4/5.0
  **Total Reviews:** 41

**User Satisfaction Scores:**

- **Automated Remediation:** 9.7/10 (Category avg: 8.6/10)
- **Quality of Support:** 8.2/10 (Category avg: 9.0/10)
- **Ease of Admin:** 7.8/10 (Category avg: 8.5/10)
- **Workflow Automation:** 9.7/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [Google](https://www.g2.com/sellers/google)
- **Year Founded:** 1998
- **HQ Location:** Mountain View, CA
- **Twitter:** @google (31,910,461 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/1441/ (336,169 employees on LinkedIn®)
- **Ownership:** NASDAQ:GOOG

**Reviewer Demographics:**
  - **Top Industries:** Information Technology and Services, Computer &amp; Network Security
  - **Company Size:** 41% Mid-Market, 39% Enterprise


#### Pros & Cons

**Pros:**

- Security (8 reviews)
- Threat Detection (5 reviews)
- Ease of Use (4 reviews)
- Comprehensive Security (3 reviews)
- Integrations (3 reviews)

**Cons:**

- Expensive (5 reviews)
- Learning Curve (4 reviews)
- Complexity (3 reviews)
- Learning Difficulty (2 reviews)
- Limited Customization (2 reviews)

### 7. [ServiceNow Security Operations](https://www.g2.com/products/servicenow-security-operations/reviews)
  ServiceNow Security Operations is a sophisticated software solution designed to enhance threat and vulnerability management as well as incident response for organizations. By leveraging artificial intelligence, this platform empowers security teams to operate more efficiently and effectively, allowing for streamlined collaboration across IT, security, and risk management departments. The primary goal of ServiceNow Security Operations is to simplify complex security processes while minimizing risks associated with cybersecurity threats. Targeted at security teams within organizations of various sizes, ServiceNow Security Operations addresses the need for a cohesive approach to managing security incidents and vulnerabilities. It is particularly beneficial for organizations that utilize multiple security tools, as it integrates security and vulnerability data from these existing systems. This integration enables teams to respond to threats more rapidly by automating critical workflows and processes, thus reducing the manual effort traditionally required in incident response. Key features of ServiceNow Security Operations include intelligent workflows that automate routine tasks, allowing security professionals to focus on more strategic initiatives. The platform’s AI-driven capabilities facilitate the automatic correlation of threat intelligence from diverse sources, such as the MITRE ATT&amp;CK framework. This feature enhances situational awareness and enables teams to prioritize threats effectively based on real-time data. Additionally, the ability to take action within other security or IT management tools from a centralized console streamlines operations, ensuring that teams can respond to incidents without unnecessary delays. Moreover, the use of digital security workflows and orchestration significantly accelerates tasks such as analysis, prioritization, and remediation. By automating these processes, organizations can not only improve their response times but also enhance their overall cybersecurity posture. The integration of AI-driven automation within the ServiceNow AI Platform® further strengthens the platform&#39;s capabilities, enabling organizations to drive cyber resilience and reduce their exposure to potential threats. In summary, ServiceNow Security Operations is a comprehensive solution that addresses the complexities of modern cybersecurity challenges. By automating and simplifying threat and vulnerability management, it empowers security teams to respond more effectively, thereby enhancing the overall security framework of an organization.


  **Average Rating:** 4.4/5.0
  **Total Reviews:** 37

**User Satisfaction Scores:**

- **Automated Remediation:** 9.4/10 (Category avg: 8.6/10)
- **Quality of Support:** 8.6/10 (Category avg: 9.0/10)
- **Ease of Admin:** 8.3/10 (Category avg: 8.5/10)
- **Workflow Automation:** 9.7/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [ServiceNow](https://www.g2.com/sellers/servicenow)
- **Company Website:** https://www.servicenow.com/
- **Year Founded:** 2004
- **HQ Location:** Santa Clara, CA
- **Twitter:** @servicenow (54,215 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/29352/ (32,701 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Computer &amp; Network Security, Information Technology and Services
  - **Company Size:** 57% Enterprise, 18% Small-Business


#### Pros & Cons

**Pros:**

- Integration Capabilities (11 reviews)
- Integration Support (10 reviews)
- Ease of Use (9 reviews)
- Integrations (8 reviews)
- Incident Management (7 reviews)

**Cons:**

- Difficult Setup (4 reviews)
- Integration Issues (4 reviews)
- Licensing Issues (3 reviews)
- Complexity (2 reviews)
- Difficult Customization (2 reviews)

### 8. [Barracuda Incident Response](https://www.g2.com/products/barracuda-incident-response/reviews)
  No email defense technology can protect against increasingly advanced email threats 100 percent of the time. Some advanced social engineering attacks like business email compromise will reach users’ mailboxes. And when they do, you need to respond quickly and accurately to minimize the scope and severity of damage. Barracuda Incident Response lets you respond to threats quickly and effectively, by automating investigative workflows and enabling direct removal of malicious emails


  **Average Rating:** 4.5/5.0
  **Total Reviews:** 16

**User Satisfaction Scores:**

- **Automated Remediation:** 9.2/10 (Category avg: 8.6/10)
- **Quality of Support:** 9.4/10 (Category avg: 9.0/10)
- **Ease of Admin:** 9.6/10 (Category avg: 8.5/10)
- **Workflow Automation:** 9.6/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [Barracuda](https://www.g2.com/sellers/barracuda)
- **Year Founded:** 2002
- **HQ Location:** Campbell, CA
- **Twitter:** @Barracuda (15,238 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/barracuda-networks/ (2,229 employees on LinkedIn®)
- **Ownership:** Private

**Reviewer Demographics:**
  - **Company Size:** 50% Mid-Market, 25% Enterprise


#### Pros & Cons

**Pros:**

- Email Security (3 reviews)
- Features (2 reviews)
- Security (2 reviews)
- Cybersecurity (1 reviews)
- Incident Management (1 reviews)

**Cons:**

- Email Management (1 reviews)

### 9. [Palo Alto Networks Cortex XSOAR](https://www.g2.com/products/palo-alto-networks-cortex-xsoar/reviews)
  Palo Alto Networks&#39; Cortex XSOAR is a comprehensive Security Orchestration, Automation, and Response (SOAR) platform designed to streamline and enhance security operations. By integrating automation, case management, real-time collaboration, and threat intelligence management, Cortex XSOAR empowers security teams to respond to incidents more efficiently and effectively. Key Features and Functionality: - Process Standardization and Automation: Cortex XSOAR offers over 270 out-of-the-box playbooks, enabling the automation of numerous security use cases. These playbooks orchestrate response actions across more than 350 third-party products, facilitating seamless integration and operational consistency. - Security-Focused Case Management: The platform unifies alerts, incidents, and indicators from various sources into a single case management framework. This consolidation accelerates incident response by providing a comprehensive view of security events. - Real-Time Collaboration: Cortex XSOAR includes a Virtual War Room equipped with built-in ChatOps and a command-line interface. This feature allows security teams to collaborate in real time, execute commands across the entire product stack, and manage incidents more effectively. - Threat Intelligence Management: The platform aggregates disparate threat intelligence sources, customizes and scores feeds, and matches indicators against the organization&#39;s specific environment. This capability enables security teams to take informed actions swiftly. Primary Value and Problem Solving: Cortex XSOAR addresses the challenges faced by security teams, such as the overwhelming volume of alerts and the need for rapid incident response. By automating repetitive tasks and standardizing processes, the platform reduces the time spent on incidents by up to 90%, allowing analysts to focus on critical threats. The integration of threat intelligence management with SOAR capabilities ensures that organizations can operationalize threat feeds effectively, enhancing their overall security posture. Additionally, the platform&#39;s extensive integration ecosystem, with over 360 third-party integrations, enables organizations to orchestrate complex workflows across their existing security infrastructure without extensive custom development.


  **Average Rating:** 4.6/5.0
  **Total Reviews:** 27

**User Satisfaction Scores:**

- **Automated Remediation:** 9.0/10 (Category avg: 8.6/10)
- **Quality of Support:** 8.4/10 (Category avg: 9.0/10)
- **Ease of Admin:** 8.8/10 (Category avg: 8.5/10)
- **Workflow Automation:** 8.9/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [Palo Alto Networks](https://www.g2.com/sellers/palo-alto-networks)
- **Year Founded:** 2005
- **HQ Location:** Santa Clara, CA
- **Twitter:** @PaloAltoNtwks (128,788 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/30086/ (21,355 employees on LinkedIn®)
- **Ownership:** NYSE: PANW

**Reviewer Demographics:**
  - **Top Industries:** Computer &amp; Network Security
  - **Company Size:** 52% Enterprise, 30% Mid-Market


#### Pros & Cons

**Pros:**

- Incident Management (3 reviews)
- User Interface (2 reviews)
- Accuracy of Information (1 reviews)
- Automation (1 reviews)
- Customer Support (1 reviews)

**Cons:**

- Learning Curve (2 reviews)
- Limited Customization (1 reviews)
- Logging Issues (1 reviews)
- Log Management Issues (1 reviews)
- Poor Reporting (1 reviews)

### 10. [Palo Alto Cortex XSIAM](https://www.g2.com/products/palo-alto-cortex-xsiam/reviews)
  Product Description: Palo Alto Networks&#39; Cortex XSIAM is an AI-driven security operations platform designed to transform traditional Security Operations Centers by integrating and automating key functions such as data centralization, threat detection, and incident response. By leveraging machine learning and automation, it enables organizations to detect and respond to threats more efficiently, reducing manual workloads and improving overall security posture. Key Features and Functionality: - Data Centralization: Aggregates data from various sources into a unified platform, providing comprehensive visibility across the enterprise. - AI-Powered Threat Detection: Utilizes machine learning algorithms to identify anomalies and potential threats in real-time. - Automated Incident Response: Streamlines response processes through automation, enabling rapid mitigation of security incidents. - Integrated SOC Capabilities: Combines functions such as Extended Detection and Response , Security Orchestration, Automation, and Response , Attack Surface Management , and Security Information and Event Management into a cohesive platform, eliminating the need for multiple disparate tools. - Scalability: Designed to handle large volumes of data and adapt to the evolving needs of modern enterprises. Primary Value and Problem Solved: Cortex XSIAM addresses the challenges of disjointed data, weak threat defense, and heavy reliance on manual work in traditional SOCs. By centralizing data and automating security operations, it simplifies processes, enhances threat detection accuracy, and accelerates incident response times. This transformation enables organizations to proactively outpace threats, reduce operational costs, and achieve a more robust security posture.


  **Average Rating:** 4.4/5.0
  **Total Reviews:** 61

**User Satisfaction Scores:**

- **Automated Remediation:** 7.3/10 (Category avg: 8.6/10)
- **Quality of Support:** 8.2/10 (Category avg: 9.0/10)
- **Ease of Admin:** 8.1/10 (Category avg: 8.5/10)
- **Workflow Automation:** 7.5/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [Palo Alto Networks](https://www.g2.com/sellers/palo-alto-networks)
- **Year Founded:** 2005
- **HQ Location:** Santa Clara, CA
- **Twitter:** @PaloAltoNtwks (128,788 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/30086/ (21,355 employees on LinkedIn®)
- **Ownership:** NYSE: PANW

**Reviewer Demographics:**
  - **Who Uses This:** Information Security Engineer
  - **Top Industries:** Computer &amp; Network Security, Information Technology and Services
  - **Company Size:** 48% Enterprise, 29% Mid-Market


#### Pros & Cons

**Pros:**

- Ease of Use (50 reviews)
- Threat Detection (37 reviews)
- Integrations (28 reviews)
- Cybersecurity (27 reviews)
- Features (27 reviews)

**Cons:**

- Expensive (28 reviews)
- Difficult Learning (17 reviews)
- Complexity (14 reviews)
- Integration Issues (14 reviews)
- UX Improvement (12 reviews)

### 11. [Check Point Infinity Platform](https://www.g2.com/products/check-point-infinity-platform/reviews)
  Check Point Infinity is the only fully consolidated cyber security architecture that provides unprecedented protection against Gen V mega-cyber attacks as well as future cyber threats across all networks, endpoint, cloud and mobile. The architecture is designed to resolve the complexities of growing connectivity and inefficient security.


  **Average Rating:** 4.5/5.0
  **Total Reviews:** 47

**User Satisfaction Scores:**

- **Quality of Support:** 8.9/10 (Category avg: 9.0/10)
- **Ease of Admin:** 8.3/10 (Category avg: 8.5/10)


**Seller Details:**

- **Seller:** [Check Point Software Technologies](https://www.g2.com/sellers/check-point-software-technologies)
- **Year Founded:** 1993
- **HQ Location:** Redwood City, CA
- **Twitter:** @CheckPointSW (70,998 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/check-point-software-technologies/ (8,356 employees on LinkedIn®)
- **Ownership:** NASDAQ:CHKP

**Reviewer Demographics:**
  - **Top Industries:** Computer &amp; Network Security, Information Technology and Services
  - **Company Size:** 42% Mid-Market, 32% Small-Business


#### Pros & Cons

**Pros:**

- Centralized Management (12 reviews)
- Security (11 reviews)
- Easy Management (10 reviews)
- Features (9 reviews)
- Ease of Use (8 reviews)

**Cons:**

- Learning Curve (10 reviews)
- Complexity (6 reviews)
- Delays (4 reviews)
- Difficult Configuration (4 reviews)
- Expensive (4 reviews)

### 12. [Proofpoint Threat Response](https://www.g2.com/products/proofpoint-threat-response/reviews)
  Proofpoint Threat Response takes the manual labor and guesswork out of incident response to help you resolve threats faster and more efficiently.


  **Average Rating:** 4.6/5.0
  **Total Reviews:** 17

**User Satisfaction Scores:**

- **Automated Remediation:** 9.0/10 (Category avg: 8.6/10)
- **Quality of Support:** 8.8/10 (Category avg: 9.0/10)
- **Ease of Admin:** 9.3/10 (Category avg: 8.5/10)
- **Workflow Automation:** 9.0/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [Proofpoint](https://www.g2.com/sellers/proofpoint)
- **Year Founded:** 2002
- **HQ Location:** Sunnyvale, CA
- **Twitter:** @proofpoint (31,155 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/proofpoint (5,020 employees on LinkedIn®)
- **Ownership:** NASDAQ: PFPT

**Reviewer Demographics:**
  - **Company Size:** 56% Mid-Market, 22% Small-Business


#### Pros & Cons

**Pros:**

- Email Security (2 reviews)
- Automated Response (1 reviews)
- Phishing Prevention (1 reviews)
- Security (1 reviews)
- Threat Detection (1 reviews)

**Cons:**

- Email Management (1 reviews)
- False Positives (1 reviews)
- Learning Curve (1 reviews)

### 13. [Splunk SOAR (Security Orchestration, Automation and Response)](https://www.g2.com/products/splunk-soar-security-orchestration-automation-and-response/reviews)
  Splunk SOAR provides security orchestration, automation and response capabilities that allow security analysts to work smarter by automating repetitive tasks; respond to security incidents faster with automated detection, investigation, and response; increase productivity, efficiency and accuracy; and strengthen defenses by connecting and coordinating complex workflows across their team and tools. Splunk SOAR also supports a broad range of security operations center (SOC) functions including event and case management, integrated threat intelligence, collaboration tools and reporting.


  **Average Rating:** 4.4/5.0
  **Total Reviews:** 39

**User Satisfaction Scores:**

- **Automated Remediation:** 8.6/10 (Category avg: 8.6/10)
- **Quality of Support:** 8.8/10 (Category avg: 9.0/10)
- **Ease of Admin:** 8.1/10 (Category avg: 8.5/10)
- **Workflow Automation:** 8.7/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [Cisco](https://www.g2.com/sellers/cisco)
- **Year Founded:** 1984
- **HQ Location:** San Jose, CA
- **Twitter:** @Cisco (721,495 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/cisco/ (95,742 employees on LinkedIn®)
- **Ownership:** NASDAQ:CSCO

**Reviewer Demographics:**
  - **Top Industries:** Information Technology and Services, Consulting
  - **Company Size:** 40% Mid-Market, 35% Enterprise


#### Pros & Cons

**Pros:**

- Automation (1 reviews)
- Automation Ease (1 reviews)
- Customer Support (1 reviews)
- Deployment Ease (1 reviews)
- Detection Accuracy (1 reviews)

**Cons:**

- Difficult Learning (1 reviews)
- Learning Curve (1 reviews)
- Not Intuitive (1 reviews)
- Poor Interface Design (1 reviews)

### 14. [IBM QRadar SOAR](https://www.g2.com/products/ibm-qradar-soar/reviews)
  IBM QRadar® SOAR is designed to help your security team respond to cyberthreats with confidence, automate with intelligence and collaborate with consistency. It guides your team in resolving incidents by codifying established incident response processes into dynamic playbooks. The open and agnostic platform helps accelerate and orchestrate their response by automating actions with intelligence and integrating with other security tools. IBM QRadar SOAR is available on AWS Marketplace.


  **Average Rating:** 4.0/5.0
  **Total Reviews:** 25

**User Satisfaction Scores:**

- **Automated Remediation:** 7.5/10 (Category avg: 8.6/10)
- **Quality of Support:** 7.9/10 (Category avg: 9.0/10)
- **Ease of Admin:** 6.7/10 (Category avg: 8.5/10)
- **Workflow Automation:** 7.4/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [IBM](https://www.g2.com/sellers/ibm)
- **Year Founded:** 1911
- **HQ Location:** Armonk, NY
- **Twitter:** @IBM (709,390 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/1009/ (324,553 employees on LinkedIn®)
- **Ownership:** SWX:IBM

**Reviewer Demographics:**
  - **Top Industries:** Information Technology and Services
  - **Company Size:** 72% Enterprise, 21% Mid-Market


### 15. [Sumo Logic](https://www.g2.com/products/sumo-logic/reviews)
  Sumo Logic, Inc. unifies and analyzes enterprise data, translating it into actionable insights through one AI-powered cloud-native log analytics platform. This single source of truth enables Dev, Sec and Ops teams to simplify complexity, collaborate efficiently and accelerate data-driven decisions that drive business value. Customers around the world rely on the Sumo Logic SaaS Log Analytics Platform for trusted insights to ensure application reliability, secure and protect against modern security threats, and gain insights into their cloud infrastructures. For more information, visit: SUMOLOGIC.COM


  **Average Rating:** 4.3/5.0
  **Total Reviews:** 381

**User Satisfaction Scores:**

- **Automated Remediation:** 8.8/10 (Category avg: 8.6/10)
- **Quality of Support:** 8.5/10 (Category avg: 9.0/10)
- **Ease of Admin:** 8.4/10 (Category avg: 8.5/10)
- **Workflow Automation:** 8.3/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [Sumo Logic](https://www.g2.com/sellers/sumo-logic)
- **Company Website:** https://www.sumologic.com
- **Year Founded:** 2010
- **HQ Location:** Redwood City, CA
- **Twitter:** @SumoLogic (6,525 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/1037816/ (808 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Who Uses This:** Software Engineer, Senior Software Engineer
  - **Top Industries:** Information Technology and Services, Computer Software
  - **Company Size:** 49% Mid-Market, 37% Enterprise


#### Pros & Cons

**Pros:**

- Ease of Use (63 reviews)
- Log Management (46 reviews)
- Features (37 reviews)
- Real-time Monitoring (37 reviews)
- Insights (35 reviews)

**Cons:**

- Difficult Learning (21 reviews)
- Learning Curve (21 reviews)
- Learning Difficulty (21 reviews)
- Expensive (19 reviews)
- Slow Performance (18 reviews)

### 16. [Blink](https://www.g2.com/products/blink-ops-blink/reviews)
  Automate Everything Security in the Blink of AI Blink is a security workflow automation platform designed to make building, collaborating, and scaling all things security &amp; beyond effortless using generative AI. Whether you prefer code, low-code, or no-code, Blink has got you covered. Easily drag and drop the actions you want into a workflow, leveraging the over 30,000 integrations available in the automation library, or use Blink Copilot to generate a workflow with a natural language prompt. Use Blink as an automation hub, where security teams go to quickly develop, collaborate, and automate their security ideas. Leverage the platform’s 10,000+ workflows that come out of the box to quickly build workflows for real-time remediation. Generate automation workflows for standalone use cases or build an end-to-end proactive automation strategy, streamlining security responses across your entire organization.


  **Average Rating:** 4.7/5.0
  **Total Reviews:** 19

**User Satisfaction Scores:**

- **Automated Remediation:** 9.0/10 (Category avg: 8.6/10)
- **Quality of Support:** 9.8/10 (Category avg: 9.0/10)
- **Ease of Admin:** 9.5/10 (Category avg: 8.5/10)
- **Workflow Automation:** 9.6/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [Blink Ops](https://www.g2.com/sellers/blink-ops)
- **Company Website:** https://www.blinkops.com
- **Year Founded:** 2021
- **HQ Location:** Austin, US
- **Twitter:** @getBlinkOps (697 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/blink-ops/ (118 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Computer Software
  - **Company Size:** 63% Mid-Market, 21% Enterprise


#### Pros & Cons

**Pros:**

- Ease of Use (2 reviews)
- Automation (1 reviews)
- Customer Support (1 reviews)
- Easy Setup (1 reviews)
- Features (1 reviews)

**Cons:**

- Limitations (2 reviews)
- Limited Features (1 reviews)

### 17. [Demisto](https://www.g2.com/products/demisto/reviews)
  Demisto is a platform that provides automated and collaborative security solutions.


  **Average Rating:** 4.5/5.0
  **Total Reviews:** 15

**User Satisfaction Scores:**

- **Automated Remediation:** 10.0/10 (Category avg: 8.6/10)
- **Quality of Support:** 8.8/10 (Category avg: 9.0/10)
- **Ease of Admin:** 8.7/10 (Category avg: 8.5/10)
- **Workflow Automation:** 10.0/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [Palo Alto Networks](https://www.g2.com/sellers/palo-alto-networks)
- **Year Founded:** 2005
- **HQ Location:** Santa Clara, CA
- **Twitter:** @PaloAltoNtwks (128,788 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/30086/ (21,355 employees on LinkedIn®)
- **Ownership:** NYSE: PANW

**Reviewer Demographics:**
  - **Top Industries:** Information Technology and Services
  - **Company Size:** 53% Mid-Market, 40% Small-Business


### 18. [Exabeam New-Scale Platform](https://www.g2.com/products/exabeam-exabeam-new-scale-platform/reviews)
  The New-Scale Security Operations Platform protects against insider threats across all identities, delivers unrivaled detection capabilities, and optimizes security operations by automating TDIR workflows with AI.


  **Average Rating:** 4.6/5.0
  **Total Reviews:** 14

**User Satisfaction Scores:**

- **Automated Remediation:** 10.0/10 (Category avg: 8.6/10)
- **Quality of Support:** 8.1/10 (Category avg: 9.0/10)
- **Ease of Admin:** 8.8/10 (Category avg: 8.5/10)
- **Workflow Automation:** 10.0/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [Exabeam](https://www.g2.com/sellers/exabeam)
- **Company Website:** https://www.exabeam.com
- **Year Founded:** 2013
- **HQ Location:** Broomfield, CO
- **Twitter:** @exabeam (5,374 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/exabeam (819 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Company Size:** 57% Enterprise, 29% Mid-Market


### 19. [SIRP](https://www.g2.com/products/sirp/reviews)
  SIRP is an AI-native Autonomous SOC platform designed to evolve traditional Security Orchestration, Automation, and Response (SOAR) into governed, decision-driven security operations. Unlike legacy SOAR tools that rely on static playbooks and workflow automation, SIRP enables intelligent AI agents to analyze alerts, compute risk, execute response actions, and continuously learn from outcomes within defined policy boundaries. The platform combines contextual reasoning, real-time intelligence, and adaptive learning to reduce manual triage, minimize alert fatigue, and accelerate incident response while maintaining governance, auditability, and control. SIRP supports enterprise SOC teams and MSSPs seeking to operate at machine speed without sacrificing human oversight for high-impact decisions.


  **Average Rating:** 4.7/5.0
  **Total Reviews:** 22

**User Satisfaction Scores:**

- **Automated Remediation:** 9.2/10 (Category avg: 8.6/10)
- **Quality of Support:** 9.8/10 (Category avg: 9.0/10)
- **Ease of Admin:** 10.0/10 (Category avg: 8.5/10)
- **Workflow Automation:** 8.3/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [SIRP](https://www.g2.com/sellers/sirp)
- **Year Founded:** 2017
- **HQ Location:** Bethesda, Maryland
- **Twitter:** @sirp_io (72 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/13684515/ (58 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Information Technology and Services
  - **Company Size:** 41% Small-Business, 37% Mid-Market


#### Pros & Cons

**Pros:**

- Automation (1 reviews)
- Customer Support (1 reviews)
- Ease of Use (1 reviews)
- Easy Integrations (1 reviews)
- Features (1 reviews)


### 20. [Swimlane](https://www.g2.com/products/swimlane/reviews)
  At Swimlane, we believe the convergence of agentic AI and automation can solve the most challenging security, compliance and IT/OT operations problems. With Swimlane, enterprises and MSSPs benefit from the world’s first and only hyperautomation platform for every security function. Only Swimlane gives you the scale and flexibility to build your own hyperautomation applications to unify security teams, tools and telemetry ensuring today’s SecOps are always a step ahead of tomorrow’s threats.


  **Average Rating:** 4.5/5.0
  **Total Reviews:** 45

**User Satisfaction Scores:**

- **Automated Remediation:** 9.2/10 (Category avg: 8.6/10)
- **Quality of Support:** 9.1/10 (Category avg: 9.0/10)
- **Ease of Admin:** 8.5/10 (Category avg: 8.5/10)
- **Workflow Automation:** 9.3/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [Swimlane](https://www.g2.com/sellers/swimlane)
- **Year Founded:** 2014
- **HQ Location:** Boulder, US
- **Twitter:** @swimlane (1,626 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/4807837/ (251 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Information Technology and Services, Computer Software
  - **Company Size:** 60% Mid-Market, 31% Small-Business


#### Pros & Cons

**Pros:**

- Ease of Use (6 reviews)
- Easy Integrations (6 reviews)
- Features (6 reviews)
- Integrations (6 reviews)
- Automation (5 reviews)

**Cons:**

- Complexity (2 reviews)
- Learning Curve (2 reviews)
- Limited Resources (2 reviews)
- Poor Customer Support (2 reviews)
- Poor Interface Design (2 reviews)

### 21. [Shuffle](https://www.g2.com/products/shuffle/reviews)
  Shuffle is an open source automation platform for security professionals (SOAR). Run it locally: https://github.com/frikky/shuffle Try it out here: https://shuffler.io/register Join the community: https://discord.gg/B2CBzUm


  **Average Rating:** 4.8/5.0
  **Total Reviews:** 15

**User Satisfaction Scores:**

- **Automated Remediation:** 9.5/10 (Category avg: 8.6/10)
- **Quality of Support:** 9.4/10 (Category avg: 9.0/10)
- **Ease of Admin:** 9.4/10 (Category avg: 8.5/10)
- **Workflow Automation:** 9.8/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [Shuffle AS](https://www.g2.com/sellers/shuffle-as)
- **HQ Location:** San Francisco, US
- **LinkedIn® Page:** https://www.linkedin.com/company/getshuffleapp/ (6 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Computer &amp; Network Security
  - **Company Size:** 67% Mid-Market, 33% Small-Business


### 22. [CrowdSec](https://www.g2.com/products/crowdsec/reviews)
  CrowdSec is an open-source security stack that detects aggressive behaviors and prevents them from accessing your systems. Its user-friendly design and ease of integration into your current security infrastructure offer a low technical entry barrier and a high-security gain. Once an unwanted behavior is detected, it is automatically blocked. The aggressive IP, scenario triggered and the timestamp is sent for curation, to avoid poisoning &amp; false positives. If verified, this IP is then redistributed to all CrowdSec users running the same scenario. By sharing the threat they faced, all users are protecting each other.


  **Average Rating:** 4.7/5.0
  **Total Reviews:** 84

**User Satisfaction Scores:**

- **Automated Remediation:** 9.1/10 (Category avg: 8.6/10)
- **Quality of Support:** 8.8/10 (Category avg: 9.0/10)
- **Ease of Admin:** 8.8/10 (Category avg: 8.5/10)
- **Workflow Automation:** 7.8/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [CrowdSec](https://www.g2.com/sellers/crowdsec)
- **Year Founded:** 2020
- **HQ Location:** Paris, FR
- **Twitter:** @Crowd_Security (19,513 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/crowdsec/?originalSubdomain=fr (37 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Computer &amp; Network Security, Information Technology and Services
  - **Company Size:** 69% Small-Business, 21% Mid-Market


### 23. [Blumira Automated Detection &amp; Response](https://www.g2.com/products/blumira-automated-detection-response/reviews)
  Blumira is the security operations platform built for growing teams and partners supporting them, integrating comprehensive visibility, tools, and expert guidance to give you peace of mind knowing you&#39;ll never have to go it alone. The platform includes: - Managed detections for automated threat hunting to identify attacks early - SOC Auto-Focus, using AI to accelerate security investigations &amp; analysis - Automated response to contain and block threats immediately - One year of data retention and option to extend to satisfy compliance - Advanced reporting and dashboards for forensics and easy investigation - Lightweight agent for endpoint visibility and response - 24/7 Security Operations (SecOps) for incident support


  **Average Rating:** 4.6/5.0
  **Total Reviews:** 122

**User Satisfaction Scores:**

- **Automated Remediation:** 7.5/10 (Category avg: 8.6/10)
- **Quality of Support:** 9.5/10 (Category avg: 9.0/10)
- **Ease of Admin:** 9.0/10 (Category avg: 8.5/10)
- **Workflow Automation:** 9.7/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [Blumira](https://www.g2.com/sellers/blumira)
- **Company Website:** https://www.blumira.com
- **Year Founded:** 2018
- **HQ Location:** Ann Arbor, Michigan
- **Twitter:** @blumira (1 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/blumira/ (67 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Who Uses This:** IT Manager
  - **Top Industries:** Information Technology and Services, Computer &amp; Network Security
  - **Company Size:** 51% Mid-Market, 36% Small-Business


#### Pros & Cons

**Pros:**

- Ease of Use (33 reviews)
- Customer Support (20 reviews)
- Setup Ease (20 reviews)
- Alerting (16 reviews)
- Alert Management (16 reviews)

**Cons:**

- Limited Customization (11 reviews)
- Alert System (7 reviews)
- Expensive (6 reviews)
- Faulty Detection (6 reviews)
- Inefficient Alert System (6 reviews)

### 24. [Intezer](https://www.g2.com/products/intezer-intezer/reviews)
  Intezer automates the entire alert triage process, like an extension of your team handling Tier 1 SOC tasks for every alert at machine-speed. Intezer monitors incoming incidents from endpoint, reported phishing pipelines, or SIEM tools, then autonomously collects evidence, investigates, makes triage decisions, and escalates only the serious threats to your team for human intervention. Power your SOC with artificial intelligence that makes sure every alert is deeply analyzed (including every single artifact like files, URLs, endpoint memory, etc.), detecting malicious code in memory and other evasive threats. Fast set up and integrations with your SOC team&#39;s workflows (EDR, SOAR, SIEM, etc.) means Intezer&#39;s AI can immediately start filtering out false positives, giving you detailed analysis about every threat, and speeding up your incident response time. With Intezer: • Reduce Tier 1 escalation, sending only 4% of alerts on average to your team for immediate action. • Identify up to 97% of false positive alerts without taking any time from your analysts. • Reduce average triage time to 5 minutes or less, while giving your analysts deep context about every alert to prioritize critical treats and respond faster.


  **Average Rating:** 4.5/5.0
  **Total Reviews:** 187

**User Satisfaction Scores:**

- **Automated Remediation:** 9.2/10 (Category avg: 8.6/10)
- **Quality of Support:** 8.6/10 (Category avg: 9.0/10)
- **Ease of Admin:** 8.8/10 (Category avg: 8.5/10)
- **Workflow Automation:** 10.0/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [Intezer](https://www.g2.com/sellers/intezer)
- **Year Founded:** 2015
- **HQ Location:** New York
- **Twitter:** @IntezerLabs (10,223 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/10656303/ (89 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Who Uses This:** Software Engineer, Student
  - **Top Industries:** Computer &amp; Network Security, Information Technology and Services
  - **Company Size:** 54% Small-Business, 23% Mid-Market


#### Pros & Cons

**Pros:**

- Detection Accuracy (3 reviews)
- Ease of Use (3 reviews)
- Malware Protection (3 reviews)
- Security (3 reviews)
- Security Protection (3 reviews)

**Cons:**

- Complex Interface (2 reviews)
- Poor Interface Design (2 reviews)
- UX Improvement (2 reviews)
- Access Control (1 reviews)
- Data Privacy (1 reviews)

### 25. [guardsix](https://www.g2.com/products/guardsix/reviews)
  guardsix is a comprehensive cybersecurity solution designed specifically for Managed Security Service Providers (MSSPs) and Critical National Infrastructure Providers (CNI). guardsix command center, a unified SecOps platform, enables organizations to effectively detect cyberattacks while ensuring compliance with various data regulations. By offering a robust framework for monitoring and managing security events, guardsix addresses the increasing need for advanced threat detection and regulatory adherence in today’s complex digital landscape. guardsix command center stands out by providing complete visibility across IT environments through the integration of multiple security technologies, including Security Information and Event Management (SIEM), Network Detection and Response (NDR), and Security Orchestration, Automation, and Response (SOAR). This integration allows organizations to monitor their systems holistically, ensuring that potential threats are identified and addressed promptly. Additionally, guardsix employs hypergraph technology, which connects detections from diverse sources, enabling users to determine whether an incident is part of a more extensive attack. This capability enhances situational awareness and improves incident response times. One of the key advantages of guardsix is its open, vendor- and platform-agnostic nature, allowing users to choose how and from where to ingest data. This flexibility is crucial for organizations that operate in heterogeneous environments, as it enables them to tailor their security solutions to fit their specific needs. Furthermore, guardsix automatically normalizes data into a common taxonomy, simplifying the analysis and utilization of ingested information. This feature ensures that users can easily derive insights from their data, regardless of its original format or source. guardsix also prioritizes compliance with major regulatory frameworks, including NIS2, Schrems II, HIPAA, GDPR, PCI-DSS, and SOX. By providing centralized logging and reporting capabilities, the platform facilitates adherence to security guidelines such as CERT-In, SOC 2 Type II, and ISO27001. This focus on compliance not only helps organizations avoid potential legal pitfalls but also enhances their overall security posture by ensuring that they meet industry standards and best practices. In summary, guardsix is a versatile cybersecurity solution that empowers MSSPs and CNI providers to detect threats effectively while maintaining compliance with regulatory requirements. Its integration of essential security technologies, flexible data ingestion options, and emphasis on compliance make it a valuable asset for organizations looking to strengthen their cybersecurity defenses.


  **Average Rating:** 4.3/5.0
  **Total Reviews:** 105

**User Satisfaction Scores:**

- **Automated Remediation:** 8.5/10 (Category avg: 8.6/10)
- **Quality of Support:** 9.0/10 (Category avg: 9.0/10)
- **Ease of Admin:** 8.0/10 (Category avg: 8.5/10)
- **Workflow Automation:** 8.9/10 (Category avg: 8.8/10)


**Seller Details:**

- **Seller:** [guardsix](https://www.g2.com/sellers/guardsix)
- **Company Website:** https://guardsix.com/
- **Year Founded:** 2001
- **HQ Location:** Copenhagen, Capital Region
- **LinkedIn® Page:** https://linkedin.com/company/guardsix (117 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Computer &amp; Network Security, Information Technology and Services
  - **Company Size:** 44% Mid-Market, 31% Small-Business


#### Pros & Cons

**Pros:**

- Ease of Use (8 reviews)
- Log Management (5 reviews)
- Customer Support (4 reviews)
- Easy Integrations (4 reviews)
- Efficiency (4 reviews)

**Cons:**

- Poor Interface Design (3 reviews)
- UX Improvement (3 reviews)
- Complexity (2 reviews)
- Confusing Interface (2 reviews)
- Information Deficiency (2 reviews)


## Parent Category

[System Security Software](https://www.g2.com/categories/system-security)


## Related Categories

- [Threat Intelligence Software](https://www.g2.com/categories/threat-intelligence)
- [Security Information and Event Management (SIEM) Software](https://www.g2.com/categories/security-information-and-event-management-siem)
- [Incident Response Software](https://www.g2.com/categories/incident-response)


---

## Buyer Guide

### What You Should Know About Security, Orchestration, Automation, and Response (SOAR) Software

### What is Security, Orchestration, Automation, and Response (SOAR) Software?

Security orchestration, automation, and response (SOAR) software helps coordinate, execute, and automate tasks between various IT workers and tools. SOAR tools allow organizations to respond quickly to cybersecurity attacks and observe, understand, and prevent future incidents.

SOAR software gives organizations a comprehensive view of their existing security systems while centralizing the security data. By automating security responses and reducing manual tasks, SOAR helps to generate a faster and more accurate response to security attacks. It also helps better coordinate and route incident response to the most appropriate IT worker in real time.

**What Does SOAR Stand For?**

SOAR stands for security orchestration, automation, and response. SOAR software significantly contributes to identifying potential future security threats.

### What are the Common Features of Security, Orchestration, Automation, and Response (SOAR) Software?

Usually, a SOAR software offering operates under three primary software capabilities:

**Threat and vulnerability management:** Threat and vulnerability management examines key assets and prioritizes efforts to reduce risk. Working with other security teams, threat and vulnerability management helps prevent attacks by threat actors.

**Security incident response:** Security incident response addresses and manages the aftermath of a security breach, cyberattack, computer incident, or security incident. Security incident response is to handle the aftermath of a security breach in a way that limits damage, reduces recovery time, and reduces cost.

**Security operations automation:** Security operations automation is the technology that enables the automation and orchestration of security tasks. This can include both administrative duties and incident detection and response.

### What are the Benefits of Security, Orchestration, Automation, and Response (SOAR) Software?

The benefits of using a SOAR tool are that it lessens the impact of security incidents and reduces the risk of legal liability. SOAR software helps companies’ security teams by enabling them to:

**Maintain a central view:** One of the benefits of SOAR software is that it gives security staff a central view and enables control of existing security systems while centralizing data collection to improve a company&#39;s security posture, operational efficiency, and productivity.&amp;nbsp;

**Automate manual tasks:** As with most software today, users are looking for help in terms of automation. SOAR software helps to manage and automate all aspects of a security incident lifecycle. This removes manual tasks, gives security staff more time to be productive, and allows them to focus on more mission-critical security tasks that do not require manual tasks.

**Define incident and response procedures:** SOAR software helps security systems define incident and response procedures. This helps to route security incidents to the correct security staff. SOAR can also prioritize and standardize the security response processes in a consistent, transparent, and documented way.&amp;nbsp;

**Optimize incident response** : Because SOAR software helps security staff define incident and response procedures, incident response is more accurate. This accuracy enables security systems and staff to have improved responses where they may have to contain, eradicate, or recover crucial data.&amp;nbsp;

**Identify and assign incident severity levels:** SOAR software helps to identify and assign incident severity levels. Severity levels in cybersecurity measure how severely a security incident impacts various parts of the organization. SOAR software automatically identifies and assigns severity levels, enabling the right security system and staff to respond appropriately. This means both can respond immediately to security incidents that may negatively affect an organization, such as networks, software, employee or customer data, etc.

**Support collaboration and unstructured investigations:** SOAR software supports collaboration and unstructured investigations in real time, helping route each security incident to the security system and security staff best suited to respond. Collaboration with other IT teams for tasks such as remediation or other departments such as legal is possible.&amp;nbsp;

**Streamline operations:** By using SOAR software, organizations can streamline security operations for threat and vulnerability management, security incident response, and security operations automation. SOAR software connects these security elements while integrating disparate security systems. SOAR software’s playbooks allow users to orchestrate, streamline and automate tasks. Playbooks also codify the process workflows that streamline the SOAR software functions.

### Who Uses Security, Orchestration, Automation, and Response (SOAR) Software?

**IT and cybersecurity staff:** They use SOAR software to handle security alerts such as phishing, which includes looking for threat feed data from endpoints, failed user logins, logins from unusual locations, malicious VPN access attempts, and so on. It&#39;s also used to hunt for threats and respond to incidents from attached files for malware analysis, cloud-aware incident response, and automate data enrichment. Cybersecurity staff who assign incident severity and check other products for vulnerability scores also use SOAR platforms.

### Challenges with Security, Orchestration, Automation, and Response (SOAR) software

There are a number of challenges with SOAR software that IT teams can encounter.

**Skill gaps:** While there is the misconception that SOAR software could replace security staff, the tool is meant to augment security teams, allowing them to work efficiently and effectively but not replacing them. However, there still may be a skills gap as the security team must be able to create detailed workflows of their processes.

**Effective deployment:** Another challenge of SOAR software is that it must be deployed to the enterprise but also connected to the other applications and technologies, which can be very complicated. An organization must also have staff with enough skills to deploy and maintain the platform. The applications and technologies used by the enterprise must also be able to support or be integrated into the SOAR software. One of SOAR software’s greatest strengths is to connect and orchestrate other technologies; however, if each technology is unable to be integrated, it hampers the benefits of deploying SOAR software.

### How to Buy Security, Orchestration, Automation, and Response Software

#### Requirements Gathering (RFI/RFP) for Security, Orchestration, Automation, and Response (SOAR) Software

If an organization is just starting out and looking to purchase SOAR software, g2.com can help select the best one.

Most business pain points might be related to all of the manual work that must be completed. If the company is large and has a lot of networks, data, or devices in its organization, they may need to shop for a SOAR software that can grow with its organization. Users should think about the pain points in security to help create a checklist of criteria. Additionally, the buyer must determine the number of employees who will need to use the SOAR software and if they currently have the skills to administer it.&amp;nbsp;

Taking a holistic overview of the business and identifying pain points can help the team springboard into creating a checklist of criteria. The checklist serves as a detailed guide that includes both necessary and nice-to-have features, including budget, features, number of users, integrations, security staff skills, cloud or on-premises solutions, and more.

Depending on the scope of the deployment, it might be helpful to produce an RFI, a one-page list with a few bullet points describing what is needed from SOAR software.

#### Compare Security, Orchestration, Automation, and Response (SOAR) Software

**Create a long list**

Vendor evaluations are an essential part of the software buying process from meeting the business functionality needs to implementation. For ease of comparison, after all demos are complete, it helps to prepare a consistent list of questions regarding specific needs and concerns to ask each vendor.

**Create a short list**

From the long list of vendors, it is helpful to narrow down the list of vendors and come up with a shorter list of contenders, preferably no more than three to five. With this list in hand, businesses can produce a matrix to compare the features and pricing of the various solutions.

**Conduct demos**

To ensure the comparison is comprehensive, the user should demo each solution on the shortlist with the same use cases. This will allow the business to evaluate like for like and see how each vendor stacks up against the competition.&amp;nbsp;

#### Selection of Security, Orchestration, Automation, and Response (SOAR) Software

**Choose a selection team**

Before getting started, creating a winning team that will work together throughout the entire process, from identifying pain points to implementation, is crucial. The software selection team should consist of organization members with the right interest, skills, and time to participate in this process. A good starting point is to aim for three to five people who fill roles such as the main decision maker, project manager, process owner, system owner, or staffing subject matter expert, as well as a technical lead, head administrator, or security administrator. In smaller companies, the vendor selection team may be smaller, with fewer participants multitasking and taking on more responsibilities.

**Compare notes**

The selection team should compare notes and facts and figures which they noted during the process, such as costs, security capabilities, and alert and incident response times.

**Negotiation**

Just because something is written on a company’s pricing page does not mean it&#39;s final. It is crucial to open up a conversation regarding pricing and licensing. For example, the vendor may be willing to give a discount for multi-year contracts or for recommending the product to others.

**Final decision**

After this stage, and before going all in, it is recommended to roll out a test run or pilot program to test adoption with a small sample size of users. If the tool is well used and well received, the buyer can be confident that the selection was correct. If not, it might be time to go back to the drawing board.

### What does Security, Orchestration, Automation, and Response (SOAR) Software cost?

SOAR is considered a long-term investment. This means there must be a careful evaluation of vendors, and the software should be tailored to each organization&#39;s specific requirements. Once a SOAR solution is purchased, deployed, and integrated into an organization’s security system, the cost could be high, which is why the evaluation stage of selecting SOAR software is so crucial. The notion of rip-and-replace cost can be high. The SOAR vendor chosen should continue to provide support for the SOAR solution with flexibility and open integration.

#### Return on Investment (ROI)

Organizations decide to purchase SOAR software with some type of return on investment (ROI). As they want to recoup the money spent on the software, it is critical to understand the costs that will be saved in terms of efficiency.

SOAR software saves security staff costs by eliminating manual tasks. For example, SOAR software automatically investigates the scenario of email phishing attacks which is very common, so this task can be very repetitive and consumes security staff time if it is done manually. A large enterprise used actual data from its SOAR software deployment and compared it to the cost of handling email phishing investigations automatically using SOAR software versus handling them manually. The enterprise found that the reduction in staff time required to handle phishing emails equated to savings of over $680,000 per year.

### Security, Orchestration, Automation, and Response (SOAR) Software Trends

**Enterprises:** Due to the requirements to maintain such large-scale IT and network infrastructure, organizations such as large enterprises tend to be more interested in purchasing SOAR software. Having such large networks and more complex IT makes such organizations more vulnerable to security threats which is another drive to purchase SOAR software. Also, larger organizations have more employees with more devices, which increases threats if they are accessing workplace applications on these devices.

**Retail and e-commerce:** These industries have increased interest in SOAR software due to the vulnerabilities in PoS)transactions and online purchases. It is the processing of these monetary transactions which creates a security risk, especially there personal and financial information of customers. Adopting technologies such as location-based marketing for these types of purchases also makes the retail industry more vulnerable to security threats.