Table of Contents
- Summary
- Market Categories
- Key Criteria Comparison
- GigaOm Radar
- Vendor Insights
- Analyst’s Take
- Methodology
- About Ron Williams
- About GigaOm
- Copyright
1. Summary
Security incidents can originate from any place in the enterprise. Incident response platforms enable organizations to detect, respond to, and recover from them, centralizing the complex process of notifying the correct resources in a timely manner, ensuring they are where they need to be, and providing those resources with the tools necessary to shorten the time to remediation.
IT service management (ITSM) solutions often contain many of the incidents, but do not handle triage, notifications, and escalations. Incident response solutions provide this added layer of value. Additionally, they handle scheduling, so they are more likely to find a resource more quickly than using phone calls and emails. Collaboration tools such as Slack, Microsoft Teams, and Zoom can be integrated into the incident response solution to facilitate faster and more efficient communication.
Workflows can enhance incident response using runbooks, automation, and orchestration to allow resources to accomplish more in a shorter time span. Incident response platforms can also help post incident reviews, thereby providing feedback to the workflows and improving them for future incidents.
Still, it is the nature of technology environments that incidents happen again and again. The ability to do a proper post-mortem analysis to learn from an incident is key to an effective incident response platform. Before making a selection, decision-makers must ensure that a solution under consideration has all the capabilities necessary to enable such a process.
The incident response process is shown in Figure 1 below. Incidents must be identified and may be reported from any source including observability data, AIOps analysis, the service desk, or network management. Response includes notification, support, and if necessary, escalation to the appropriate resources. The intent of the response, whether human or digital, is to resolve the incident in the shortest amount of time. Resolution of the issue may be handled by an individual or automatically from a defined workflow. Once the incident is resolved and normal operations are restored, the ability to analyze the incident, learn from it, and update workflows or runbooks becomes important to improve responses to future incidents.
Figure 1. Incident Response Process
This is the second year that GigaOm has reported on the incident response space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.
This GigaOm Radar report highlights key incident response platform vendors and equips IT decision-makers with the information needed to select the best fit for their business and use case requirements. In the corresponding GigaOm report “Key Criteria for Evaluating Incident Response Platforms,” we describe in more detail the key features and metrics that are used to evaluate vendors in this market.
All solutions included in this Radar report meet the following table stakes—capabilities widely adopted and well implemented in the sector:
- On-call management and scheduling
- Incident response management
- Alert management
- Workflow management
- Reporting and analytics
- SLA management
- User management
How to Read this Report
This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:
Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.
GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.