Arguably, SOAR is a product too, and automations are synonyms for products. If it has persistence, reliability, and availability requirements it is a product, and it is exactly what customers shouldn’t own unless they run internal software houses. In fact, I see startup pitches that exactly focus on different types of glue problems. It maybe less compelling because the moat is low and customer ingestion is not trivial but there is an R&D organization willing to take it on.
I also think that it's not just engineering talent it’s also the maintenance debt. Even teams that prototype AI-powered tools quickly inherit long-term costs like updating models, patching integrations, and revalidating logic as environments shift. Vendors absorb this across customers while internal teams bear it alone.
For most organizations, the real bottleneck isn’t building a tool once but sustaining it reliably amid constant change.
A follow up question would be, how should security leaders quantify the total cost of ownership when evaluating build versus buy in an AI era?
Arguably, SOAR is a product too, and automations are synonyms for products. If it has persistence, reliability, and availability requirements it is a product, and it is exactly what customers shouldn’t own unless they run internal software houses. In fact, I see startup pitches that exactly focus on different types of glue problems. It maybe less compelling because the moat is low and customer ingestion is not trivial but there is an R&D organization willing to take it on.
Great thoughts Ross! There's a cost to DIY security...and some costs I hadn't thought of until reading this. Thanks!!
I also think that it's not just engineering talent it’s also the maintenance debt. Even teams that prototype AI-powered tools quickly inherit long-term costs like updating models, patching integrations, and revalidating logic as environments shift. Vendors absorb this across customers while internal teams bear it alone.
For most organizations, the real bottleneck isn’t building a tool once but sustaining it reliably amid constant change.
A follow up question would be, how should security leaders quantify the total cost of ownership when evaluating build versus buy in an AI era?