Security News 2025 SOAR Solution Report Planning Article

Hello, we are SecuLayer, a company specializing in AI-based knowledge content services.

Our 'eyeCloudXOAR' solution has been featured in the [2025 SOAR Solution Report - Special Article] conducted by Security News.

The 'eyeCloudXOAR' solution is the representative K-SOAR solution of South Korea, holding the number one market share in the procurement market for four consecutive years.

- Introduction to the eyeCloudXOAR Solution -

SecuLayer stated, “SOAR combines three core functions: security orchestration and automation, security incident response platform, and threat intelligence,” adding, “This allows for the formalization and standardization of security response processes tailored to different types of security threats, enabling most tasks to be handled automatically and allowing personnel to focus only on areas that require human intervention, thereby maximizing the overall efficiency of security responses.”

To summarize the approximately 21-page 2025 SOAR Solution Market Trends and Outlook, we can outline the following points.

< Summary of 2025 SOAR Solution Market Trends and Outlook >

SOAR (Security Orchestration, Automation, and Response) is a platform that integrates and orchestrates various security solutions, automating security threat response procedures to maximize the efficiency of security operations. Gartner first mentioned the early form of SOAR in its 2015 SIEM (Security Information and Event Management) report, and in 2017, it clearly defined the concept. SOAR was proposed to address the issues faced by enterprise security operations teams, such as alert overload and alert fatigue, as well as the manual tasks and non-standardized response procedures associated with each solution.

1. Core Functions of SOAR
SOAR provides three main functions: Orchestration, Automation, and Response. These three functions are not independent but rather form an organic workflow that constitutes the entire response process.

• Orchestration: This function manages and coordinates various security solutions as if they were a single solution. Security professionals consider 'orchestration' to be the most important core element of SOAR, with 39.3% identifying it as such. SecureSystems and SecuLayer explain that effective response requires collaboration and analysis across multiple devices, making orchestration the most critical aspect.
  

• Automation: This function automates tasks through pre-defined 'playbooks'. For example, when a malicious IP is detected, it sequentially performs tasks such as blocking, checking file hashes, and locking accounts, reducing the workload of security analysts and increasing response speed.

• Response: This function involves responding to threats according to the playbook, managing each attack and response as a 'case', and includes collaboration and reporting features.

2. Market Size and Trends
The domestic and international SOAR markets are showing continuous growth. Global Market Insight forecasts that the global SOAR market will grow from $1.6 billion in 2023 to $5.7 billion by 2032, with an average annual growth rate of 15%. Grand View Research estimates the size of the South Korean SOAR market to be $38.6 million (approximately 53.6 billion won) in 2024, expecting it to grow to $99.1 million (approximately 137.7 billion won) by 2030. SecureSystems also identified the South Korean market size to be around 50 billion won, supporting this research.

3. Characteristics of SOAR Solutions Several companies, including SecuLayer, AhnLab, SecureSystems, Logpresso, and QuerySystems, are competing in the domestic SOAR market.

• SecuLayer 'eyeCloudXOAR': An AI-based solution that integrates SIEM, SOAR, and UEBA into a single platform. It has maintained the number one market share in the procurement market for four consecutive years and supports intuitive GUI playbook design based on no-code. In a case study with a K public institution, it achieved a reduction in threat response time from 30 minutes to under 1 minute.
  
  

• SecureSystems 'Secure Orchestra': An AI-based integrated security management platform that incorporates an AI engine named 'Richard' to accurately distinguish between true and false positives. It offers over 6,800 predefined playbooks and allows for easy playbook setup through a drag-and-drop interface.
  
  

• AhnLab 'AhnLab SOAR': A solution that consolidates AhnLab's security monitoring expertise, providing standardized 'built-in playbooks' for various types of threats. It integrates with AhnLab XDR to offer 'recommended response' options upon threat detection, enabling playbook execution with a single click.
  
  

• Logpresso 'Logpresso Sonar 4.0 Maestro': A solution that perfectly integrates SIEM and SOAR under the same query framework. It enables integrated management from on-premises to cloud and SaaS environments and supports integration with various solutions by providing over 170 apps through the Logpresso store.
  
  

• QuerySystems 'QTIE': The only integrated XDR solution in South Korea that combines SIEM, SOAR, and NDR, featuring an AI Assistant service that incorporates generative AI technology to maximize the convenience of threat detection and analysis. It utilizes a deep learning-based detection engine to identify abnormal communication patterns in real-time and offers over 500 playbooks.

4. Barriers to SOAR Adoption
Survey results from security professionals revealed several challenges in adopting and operating SOAR.

• Most Difficult Aspects of Security Monitoring: 'Too many security solutions and operational difficulties' (23.4%), 'budget constraints' (22.1%), and 'lack of personnel' (19.3%) were cited as major reasons.

• Reasons for Dissatisfaction with SOAR: 'Lower than expected security automation' (19.3%), 'costs of solution implementation and maintenance' (17.9%), and 'low compatibility with existing solutions' (16.6%) accounted for significant proportions.

• Lack of Understanding of SOAR: Users expect that the mere adoption of SOAR will automate all tasks, but in reality, there is often a lack of specialized personnel needed for playbook customization and external integration, preventing them from fully realizing its potential. AhnLab pointed out that one of the reasons for the difficulties in adopting and spreading SOAR is the lack of understanding of SOAR.

  Despite these issues, SOAR is expected to become an essential solution to address the ever-increasing security threats and the complexities of the security environment. As the boundaries between solutions like SOAR, SIEM, and XDR become increasingly blurred, it is becoming more important to understand the clear objectives of each solution and implement them in line with the organization's security goals.

Additionally, recent trends related to SOAR, characteristics of leading companies, and security professionals' perceptions and survey results regarding SOAR can be explored in depth.

For more detailed information, please refer to the published special article.