SOAR Tools - The Case Against Bundled Case Management
Start for free with this workflow
“It would be bad if you all tried to add case management; no one does case management well. I love that Tines is laser-focused. One of the joys of Tines for me is that my team can do case management in Jira. We’re a super Jira heavy shop. We’re starting to figure out ServiceNow because there will come a day where we want to task other teams in there, so I like that we can make Tines do that with the ServiceNow API.” - Will Hedglon, Associate Director, Information Security, Broad Institute of MIT & Harvard
When looking for a Security Orchestration, Automation, and Response (SOAR) tool, case management isn’t typically the first thing that springs to mind.
Although it didn’t make the cut for the acronym, many SOAR vendors opt to include case management in their solutions. We shared some ideas on what to consider before investing in infosec case management in a previous post. Now, we will delve deeper into why we don’t offer case management within our platform and how customers can benefit from our laser-focused approach.
It’s never been more apparent that security teams need software that’s flexible, interoperable, and agile. By combining industry-leading case management with Tines’ powerful automation, security teams can reduce the time, complexity, and cost of remediating incidents.
Why bundled solutions fall short
In some situations, case management that is bundled in with a multiproduct SOAR platform can sound appealing. Perceived advantages include one invoice and licensing fee from one vendor, the claimed ‘integration’ in the bundle, or perhaps an offer to “throw in” the feature.
But security teams have typically already invested in a leading case management tool (e.g., Jira, TheHive, ServiceNow, GitHub Issues, etc.) to solve issues like processing tickets, bug tracking, etc. Bundled suites simply don’t compete, forcing security teams to compromise on functionality and agility, thus potentially increasing their organizations’ risk.
It’s also increasingly evident:
- Bundled SOAR solutions are less platform agnostic, meaning critical data and tools outside the cloud ecosystem can’t easily share data with the suite.
- These tools often lack a single user interface from which analysts can operate.
- Lengthy implementation periods make it difficult to replace poor-performing technology within the bundle with more effective tools, limiting its value and return on investment.
Effective case management
Effective case management allows security teams to escalate investigations and collaborate with detailed information and logs gathered on a single dashboard. As with all security tools, your case management system needs to be highly capable, customizable, and fully integrable to handle complex, challenging, and increasingly high volumes of incidents.
A best-of-breed approach offers several distinct advantages:
Tines is laser-focused on delivering powerful automation that is trusted by the world’s leading security teams. This focus allows us to drive innovation, listen to customers, incorporate feedback faster, and provide a better, more feature-rich product. Our customer support team are product experts who can communicate more effectively because they are focused on one product, no-code automation.
Tines is 100% vendor agnostic and can connect to any other custom and off-the-shelf tools in minutes. Our unique architecture means you will never have to contend with disjointed or mismanaged integrations and are free to use the tools of your choice as you continue to adapt and scale.
Return On Investment
Tines supercharges your case management system of choice, allowing security analysts to streamline their incident response processes, enrich each case with more context, investigate all of the information dynamically, and then take the appropriate action automatically.
By embracing a best-of-breed approach, security teams get more utility from a stack that’s specifically designed for their needs and can take action faster based on a consolidated source of data.