Table of Contents
1. Summary
Security incidents can originate from any place in the enterprise. Incident response platforms enable organizations to detect, respond to, and recover from them, centralizing the complex process of notifying the correct resources in a timely manner, ensuring they are where they need to be, and providing those resources with the tools necessary to shorten the time to remediation.
IT service management (ITSM) solutions often contain many of the incidents, but do not handle triage, notifications, and escalations. Incident response solutions provide this added layer of value. Additionally, they handle scheduling, so they are more likely to find a resource more quickly than using phone calls and emails. Collaboration tools such as Slack, Microsoft Teams, and Zoom can be integrated into the incident response solution to facilitate faster and more efficient communication.
Workflows can enhance incident response using runbooks, automation, and orchestration to allow resources to accomplish more in a shorter time span. Incident response platforms can also help post incident reviews, thereby providing feedback to the workflows and improving them for future incidents.
Still, it is the nature of technology environments that incidents happen again and again. The ability to do a proper post-mortem analysis to learn from an incident is key to an effective incident response platform. Before making a selection, decision-makers must ensure that a solution under consideration has all the capabilities necessary to enable such a process.
The incident response process is shown in Figure 1 below. Incidents must be identified and may be reported from any source including observability data, AIOps analysis, the service desk, or network management. Response includes notification, support, and if necessary, escalation to the appropriate resources. The intent of the response, whether human or digital, is to resolve the incident in the shortest amount of time. Resolution of the issue may be handled by an individual or automatically from a defined workflow. Once the incident is resolved and normal operations are restored, the ability to analyze the incident, learn from it, and update workflows or runbooks becomes important to improve responses to future incidents.
Figure 1. Incident Response Process
This is the second year that GigaOm has reported on the incident response space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.
This GigaOm Radar report highlights key incident response platform vendors and equips IT decision-makers with the information needed to select the best fit for their business and use case requirements. In the corresponding GigaOm report “Key Criteria for Evaluating Incident Response Platforms,” we describe in more detail the key features and metrics that are used to evaluate vendors in this market.
All solutions included in this Radar report meet the following table stakes—capabilities widely adopted and well implemented in the sector:
- On-call management and scheduling
- Incident response management
- Alert management
- Workflow management
- Reporting and analytics
- SLA management
- User management
How to Read this Report
This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:
Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.
GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.
2. Market Categories
To better understand the market and vendor positioning (Table 1), we assess how well incident response solutions are positioned to serve specific market segments.
For this report, we recognize the following targeted market segments:
- Small-to-medium business (SMB): In this category, we assess solutions on their ability to meet the needs of organizations ranging from small businesses to medium-sized companies. Also assessed are departmental use cases in large enterprises, where ease of use and deployment are more important than extensive management functionality, data mobility, and feature set.
- Large enterprise: Here, offerings are assessed on their ability to support large and business-critical projects. Optimal solutions in this category have a strong focus on flexibility, performance, data services, and features that improve security and data protection. Scalability is another big differentiator, as is the ability to deploy the same service in different environments.
- Managed service provider (MSP): MSPs remotely manage a customer’s network operations and deal with maintenance, upgrades, and other day-to-day activities, including incident management. Their needs may align with those in the above categories, and solutions are assessed on their ability to meet those needs.
Table 1. Vendor Positioning: Market Segment
Market Segment |
|||
---|---|---|---|
SMB | Large Enterprise | MSP | |
Atlassian | |||
Everbridge | |||
FireHydrant | |||
OnPage | |||
PagerDuty | |||
ServiceNow | |||
Splunk | |||
Squadcast |
Exceptional: Outstanding focus and execution | |
Capable: Good but with room for improvement | |
Limited: Lacking in execution and use cases | |
Not applicable or absent |
For this evaluation, we looked at offerings in a binary way, rating vendors (++) if they support that market segment and deployment model and (-) if they do not.
The solutions evaluated in this Radar are available only via software as a service (SaaS) deployment (no on-premises or hybrid offerings); therefore, we are not comparing deployment models for this report.
SaaS solutions are available only in the cloud. Often designed, deployed, and managed by the service provider, they are available only from that specific provider. The big advantage of this type of solution is the integration with other services offered by the cloud service provider (functions, for example) and its resulting simplicity.
3. Key Criteria Comparison
Building on the findings from the GigaOm report, “Key Criteria for Evaluating Incident Response Platforms,” Tables 2, 3 and 4 summarize how each vendor included in this research performs in the areas we consider differentiating and critical in this sector.
- Key criteria differentiate solutions based on features and capabilities, outlining the primary criteria to be considered when evaluating an incident response solution.
- Evaluation metrics provide insight into the non-functional requirements that factor into a purchase decision and determine a solution’s impact on an organization.
- Emerging technologies show how well each vendor takes advantage of technologies that are not yet mainstream but are expected to become more widespread and compelling within the next 12 to 18 months.
The objective is to give the reader a snapshot of the technical capabilities of available solutions, define the perimeter of the market landscape, and gauge the potential impact on the business.
Table 2. Key Criteria Comparison
Key Criteria |
|||||
---|---|---|---|---|---|
Runbooks | Collaboration Integrations | Escalation Policies | Audio & Video Conference Support | Mobile Capabilities | |
Atlassian | |||||
Everbridge | |||||
FireHydrant | |||||
OnPage | |||||
PagerDuty | |||||
ServiceNow | |||||
Splunk | |||||
Squadcast |
Exceptional: Outstanding focus and execution | |
Capable: Good but with room for improvement | |
Limited: Lacking in execution and use cases | |
Not applicable or absent |
Table 3. Evaluation Metrics Comparison
Evaluation Metrics |
|||||
---|---|---|---|---|---|
Flexibility | Cost | Scalability | Security | Ease of Use | |
Atlassian | |||||
Everbridge | |||||
FireHydrant | |||||
OnPage | |||||
PagerDuty | |||||
ServiceNow | |||||
Splunk | |||||
Squadcast |
Exceptional: Outstanding focus and execution | |
Capable: Good but with room for improvement | |
Limited: Lacking in execution and use cases | |
Not applicable or absent |
Table 4. Emerging Technologies Comparison
Emerging Technologies |
||
---|---|---|
Event-Driven Automation & Orchestration | SOAR Integration | |
Atlassian | ||
Everbridge | ||
FireHydrant | ||
OnPage | ||
PagerDuty | ||
ServiceNow | ||
Splunk | ||
Squadcast |
Exceptional: Outstanding focus and execution | |
Capable: Good but with room for improvement | |
Limited: Lacking in execution and use cases | |
Not applicable or absent |
By combining the information provided in the tables above, the reader can develop a clear understanding of the technical solutions available in the market.
4. GigaOm Radar
This report synthesizes the analysis of key criteria and their impact on evaluation metrics to inform the GigaOm Radar graphic in Figure 2. The resulting chart is a forward-looking perspective on all the vendors in this report based on their products’ technical capabilities and feature sets.
The GigaOm Radar plots vendor solutions across a series of concentric rings, with those set closer to the center judged to be of higher overall value. The chart characterizes each vendor on two axes—balancing Maturity versus Innovation and Feature Play versus Platform Play—while providing an arrow that projects each solution’s evolution over the coming 12 to 18 months.
Figure 2. GigaOm Radar for Incident Response Platforms
As you can see in the Radar chart in Figure 2, there are two clusters of vendors in this space:
- In the upper right quadrant are more mature vendors with established products that are part of larger portfolios. Tooling within those platforms may enhance the effectiveness of an incident response by providing additional analytics and insights from other platform tools.
- In the lower left quadrant are Feature Play vendors new to this space who often bring better integration with modern collaboration tools as well as lower cost and faster time to value.
The newer tools may not have the same level of maturity in on-call management, scheduling, workflow management, or other key criteria; however, they show promise for future development and may be a good fit for organizations that want a vendor that often releases new features and/or updates.
Note that all of the established vendors are Leaders, while the new vendors are Challengers. However, the Challengers are all Outperformers because they are moving at a faster pace (releasing new features, bug fixes, and so on) to catch up with the more established vendors. Some of the established vendors, such as PagerDuty and ServiceNow, have slowed their pace of development due to their already extensive feature sets or market leadership.
In reviewing solutions, it’s important to keep in mind that there are no universal “best” or “worst” offerings; there are aspects of every solution that might make it a better or worse fit for specific customer requirements. How a solution aligns with customer needs and context is an important purchase consideration. Prospective customers should consider their current and future needs when comparing solutions and vendor roadmaps.
Inside the GigaOm Radar
The GigaOm Radar weighs each vendor’s execution, roadmap, and ability to innovate to plot solutions along two axes, each set as opposing pairs. On the Y axis, Maturity recognizes solution stability, strength of ecosystem, and a conservative stance, while Innovation highlights technical innovation and a more aggressive approach. On the X axis, Feature Play connotes a narrow focus on niche or cutting-edge functionality, while Platform Play displays a broader platform focus and commitment to a comprehensive feature set.
The closer to center a solution sits, the better its execution and value, with top performers occupying the inner Leaders circle. The centermost circle is almost always empty, reserved for highly mature and consolidated markets that lack space for further innovation.
The GigaOm Radar offers a forward-looking assessment, plotting the current and projected position of each solution over a 12- to 18-month window. Arrows indicate travel based on strategy and pace of innovation, with vendors designated as Forward Movers, Fast Movers, or Outperformers based on their rate of progression.
Note that the Radar excludes vendor market share as a metric. The focus is on forward-looking analysis that emphasizes the value of innovation and differentiation over incumbent market position.
5. Vendor Insights
Atlassian Opsgenie
Atlassian was founded in 2002 to assist software teams in working better together. In 2018, it acquired Opsgenie, a SaaS-based incident response platform targeted at MSPs and organizations of any size and maturity. Opsgenie works well with other Atlassian products, including Jira Software and Compass. Opsgenie is available through Jira Service Management, Atlassian’s ITSM platform, or as a standalone solution. As a result, the cost and value equation may be high for smaller businesses.
Opsgenie provides good runbook support for documentation and automation. It offers over 200 out-of-the-box integrations with Slack, Microsoft Teams, and others, along with extensive customization options. Zoom integration is possible using webhooks.
There is a strong focus on security, with role-based access control (RBAC) for users and encryption for all integrations. The user interface (UI) is friendly with consistency throughout.
Opsgenie’s extensive API allows users to extend its capabilities, offering a high degree of flexibility in terms of alerting rules, automation, and custom integrations. However, this flexibility may indicate a steep learning curve, which is most likely to impact new users and can be an issue for scaling. Though the extensive API adds to the flexibility of the solution, it may not be worth it for smaller organizations. However, larger enterprises can take advantage of the greater flexibility and scaling capabilities of Opsgenie.
The mobile app is not always easy to use and would benefit from improvements to its UI, which needs to be more consistent with the main application. However, it does offer support for the Apple Watch, which is a differentiator in this space.
Atlassian is ahead of the curve in the implementation of event-driven automation and orchestration because it supports an observability tool within the incident management offering. Though incidents can be accommodated from a security orchestration, automation, and response (SOAR) system, there is no direct integration.
Strengths: Opsgenie’s customization options provide good flexibility. Collaboration integrations for real-time communication are either prebuilt or available through the integration API. Strong areas include flexibility, runbooks, integrations, escalations, audio/video and mobile capabilities, and integration with other Atlassian products, such as Jira Software, Jira Service Management, and Compass.
Challenges: The flexibility of the solution means that the Atlassian ecosystem can be difficult to learn. The useability of the mobile app could be better. Scaling can be an issue because of the flexibility of the solution via its extensive API, which can create complexity during implementation.
Everbridge xMatters
Everbridge was founded in 2002 and acquired xMatters in 2017. Everbridge xMatters is a SaaS incident management platform designed for any size enterprise, though the target market is larger enterprises. xMatters offers good security features, including RBAC, encryption, and compliance certifications.
xMatters automates flexible and customizable workflows for incident management using runbooks. The UI is friendly. xMatters provides integrations with collaboration tools such as Slack, Microsoft Teams, Cisco Webex Teams, Zoom, and GoogleChat, and with DevOps tools such as Jenkins, Prometheus, and Jira. A flexible API lets customers build custom connections to other needed systems. There is support for integrating video conferencing into incident response workflows: conference bridges can be created within the incident workflow and spun up automatically for major incidents. Everbridge offers additional crisis management solutions for critical events in the physical world.
RBAC authentication and authorization, along with security compliance features, are built in to secure API integrations. User, stakeholder, and incident management are good. User and stakeholder notifications can be integrated into runbooks, and consolidation of incidents provides a better view of the enterprise landscape.
xMatters can manage an environment of almost any scale due to the ability to customize the solution to fit methods and processes that exist or need to be defined. As with any highly customizable solution, xMatters can have a longer learning curve, but it is a strong solution for enterprises that can take advantage of its flexibility. Its mobile capabilities are adequate, but the mobile UI is not the same, and not as friendly, as the main UI.
xMatters has basic capabilities to support SOAR via integration with other tools using its APIs and webhooks, but it does not have the extensive prebuilt SOAR actions, runbooks, and workflows that dedicated SOAR platforms provide. While xMatters has some event-driven automation capabilities, these features are not as extensive as in standalone solutions or AIOps platforms. xMatters is best suited for simple, real-time workflow automations for incident response.
Strengths: xMatters’ value is in its comprehensive incident management capabilities including runbooks, escalations, integrations, conferencing, and flexibility. xMatters offers extensive customization capabilities to support complex enterprise requirements.
Challenges: The extensive customization options may require added training to receive the full benefits of the platform. xMatters is sometimes considered a premium offering and may not be as cost effective as other offerings, but it has a free tier and three paid tiers to help customers identify an appropriate solution.
FireHydrant
Founded in 2018, FireHydrant is a SaaS incident management solution that provides a balance between simplicity and functionality. It offers automated incident response workflows, collaboration tools, and real-time service health monitoring. The solution is targeted at SMBs, but can also serve larger organizations. Its primary focus is on incident management and response orchestration, emphasizing collaboration, and providing alerting and documentation capabilities.
FireHydrant allows teams to create and manage runbooks, and as part of a runbook, FireHydrant can spin up a Zoom meeting. The solution provides integration with collaboration solutions such as Slack, and Slack can then be used to manage incidents, including assignments. Workflow definitions can be accomplished in a low-code environment.
Schedules are not kept in FireHydrant, but individual user schedules can be pulled from PagerDuty, Atlassian Opsgenie, or Splunk On-Call. FireHydrant offers capabilities for incident management from mobile devices.
A free licensing tier with limited functionality is available, as is a pro level for 20 users, with more features and a fixed annual fee. The enterprise tier provides the most flexibility, including SLA management and greater data retention. Stakeholders (viewers in FireHydrant) do not incur additional costs.
FireHydrant has minimal support for event-driven automation and orchestration, with SOAR capabilities limited to ingestion of incidents from a security system.
Strengths: With its emphasis on simplicity and usability, FireHydrant is very suitable for SMBs. It does well in defining teams and in its integration with Slack and Zoom. Runbook documentation and automation is good.
Challenges: The need to pull schedules for individual users from another resource—PagerDuty, Atlassian Opsgenie, or Splunk On-Call—increases complexity and cost. The feature set for licenses lower than the enterprise version is more limited than the competition at similar licensing levels.
OnPage
Founded in 1996, OnPage is a provider of secure messaging and critical alerting solutions. Over the years, OnPage has evolved into a platform for secure, HIPAA-compliant, highly reliable communication, particularly for healthcare and other industries requiring rigorous data security and incident response capabilities.
OnPage is a SaaS-based solution that is well suited for smaller teams, though it can scale to meet the needs of larger organizations. However, larger enterprises may find the simplicity of the runbooks and workflow management limiting when complex sequences are required.
OnPage delivers basic runbook functionality but focuses on alerting and secure messaging for incident communication. Integration with Slack allows teams to collaborate about incidents, and Slack provides the solution’s only support for audio and video conferencing as there are no native capabilities for that.
OnPage does not have as extensive collaboration integrations or escalation policies as other platforms. Integrations are being added, but the number and variety are less than the competition. This contributed to a low score for flexibility as the solution offers fewer customization capabilities.
OnPage provides mobile apps for secure alerting and messaging on iOS and Android devices. Though it’s marketed mainly for healthcare applications, OnPage is a strong solution for IT organizations. The solution is presented with simplicity and is user friendly.
The vendor’s history and experience in healthcare leads to its focus on secure communications through encryption and secure delivery of messages. Enterprises that require secure communications may find OnPage a good solution.
There is minimal support for event-driven automation and orchestration or SOAR integration; however, incidents can be consumed from a security solution and workflows can be created for known events, which allows some event-driven automation.
Strengths: OnPage is known for reliable alerting capabilities, which is important in critical situations. The company emphasizes secure, encrypted messaging.
Challenges: OnPage’s approach, which provides a streamlined solution, limits its flexibility, which might limit the complex customizations larger organizations often need. Moreover, there are fewer integrations compared to other platforms.
PagerDuty
Founded in 2009, PagerDuty is an enterprise-grade platform for handling urgent, critical operations work in real-time. PagerDuty offers an end-to-end incident management platform with built-in AI and automation capabilities designed specifically to help IT operations, site reliability engineering (SRE), and developer teams operate more efficiently at scale. It is provided as a SaaS-only solution that can suit organizations of any size.
Runbook support in PagerDuty allows users to access and follow predefined response procedures and incident responders can also call automations via PagerDuty’s Process Automation offering in place of following manual runbooks. Compared with other providers, PagerDuty supports human-in-the-middle use cases through its incident workflows feature instead of making this available in the runbooks themselves.
The integration of audio and video is provided from the PagerDuty incident interface. Out-of-the-box integrations with Zoom, Cisco WebEx, and GoToMeeting allow automatically created conference bridges.
Mobile support is very good: PagerDuty supports Apple Watch integration—a key differentiator in this space.
While PagerDuty may not have the full capabilities of a dedicated SOAR platform, its integrations, APIs, and automation features allow customers to leverage SOAR capabilities for incident response workflows within the solution.
PagerDuty is designed from the ground up to support complex event-driven automation and orchestration scenarios for incident response, going beyond basic workflow automation across the entire incident lifecycle. It supports a full event-driven automation and orchestration environment that moves into the AIOps space depending on needs and implementation. Customers have the option to augment and extend the platform, at a cost, with native integrations with other parts of PagerDuty’s portfolio, including AIOps, Process Automation, and Customer Service Operations.
Strengths: PagerDuty has good flexibility in incident response workflows and integrations. It is highly scalable and suitable for large enterprises with very good mobile device support, which includes Apple Watch.
Challenges: Runbook functionality is not as extensive as with some competitors because human-in-the-middle runbook workflows are limited.
ServiceNow
ServiceNow was founded in 2004 to provide ITSM solutions as an alternative to legacy help desk software. It has since expanded beyond IT into areas like customer service, HR service delivery, and security operations by leveraging its core workflow automation platform.
The solution has a SaaS-only deployment model. It can serve enterprises of any size, though smaller companies may not need the flexibility (and complexity) ServiceNow provides. ServiceNow supports OpenTelemetry for ingestion of metrics, events, logs, and telemetry.
ServiceNow has robust automation and orchestration capabilities, enabling organizations to develop detailed runbooks that can automate responses to events or incidents. The platform integrates with a wide range of collaboration tools. While ServiceNow does not have native audio or video capabilities, these are available via out-of-the-box integrations with third-party conferencing solutions like Zoom, Slack, and Microsoft Teams. The core incident response functionality in ServiceNow focuses more on ticketing, workflow automation, and integrations rather than native communication features.
ServiceNow is known for its high level of customizability and extensibility, which serve as both a benefit and a challenge—it can do almost anything, but this comes with an increase in cost and complexity. With this, ServiceNow’s comprehensive feature set and capabilities tend to place it on the pricier side of incident response platforms, making it more suitable for mid-sized-to-large enterprises that can maximize its value.
Scaling and security are strong points for ServiceNow. The rich platform allows the inclusion of emerging technologies such as event-driven automation and orchestration and SOAR capabilities with additional modules at a cost.
ServiceNow is complex due to its broad range of capabilities. These impact ease of use and training, however, especially for new or casual users. The vendor has an extensive partner network that supplies many options for deployment, customization, and training. Depending on the organization, direct support from ServiceNow may not be the best solution.
Strengths: Beyond incident management, ServiceNow offers a full-fledged IT operations management (ITOM) suite. Scalability, security, and flexibility features are very good. Support for open standards, such as OpenTelemetry, helps bring in telemetry data from observability platforms directly into ServiceNow.
Challenges: Pricing, especially for customization, can become expensive. The learning curve can be steep due to the complexity and flexibility of ServiceNow, which affects the product’s ease of use.
Splunk On-Call
Splunk was founded in 2003 as a log management and analytics software provider. Splunk On-Call, acquired from VictorOps in 2018, is Splunk’s incident management platform. The full integration of VictorOps is complete, though there are a few web pages that still reference VictorOps. On-Call provides a robust incident response solution, emphasizing collaboration, real-time response, and integration with the broader Splunk ecosystem. It offers a balance among feature set, cost, and scalability.
Splunk On-Call is a SaaS application suitable for any size organization. On-Call is often considered a mid-tier solution as it offers fewer runbooks and mobile features; however, when used with Splunk Enterprise and other ecosystem tooling, it is an enterprise-ready solution for incident management.
Runbook automation includes pre- and post-incident methods, but the product is not as rich in automation features as other solutions. Splunk integrates with Slack, Microsoft Teams, and call bridges using webhooks. It also provides bidirectional integration with Jira, ServiceNow and Slack. Audio integration is good, and Splunk offers customers a way to automatically include bridge details in the incident using alert rules and annotations that are driven by priority and severity of the incident.
Mobile capabilities include incident and alert management, collaboration using built-in and external tools (Slack, Teams), and basic runbook functionality.
The solution has flexible escalation policies, allowing both time and priority to impact the workflow. It also offers customizable scheduling of resources that allows escalations to find a resource as needed. Customization of workflows is good but could enable better integration with runbooks. Functions such as a consolidated timeline view of incidents and the modification of incidents using alert rules are positives for Splunk.
Licensing includes a free offering and is based on users, not stakeholders. On-Call provides good cost and value as a standalone solution, but organizations will gain the most benefit from using it alongside and integrated with Splunk Enterprise and other Splunk tools.
With the use of Splunk’s enterprise tools (observability and AIOps), event-driven automation and orchestration become available, though at an additional cost. Also, as Splunk provides security tooling, SOAR integration is possible, also at an additional cost.
Strengths: Integrations with Splunk enterprise tools is especially useful for organizations already using Splunk.
Challenges: On-Call lacks some advanced features like rich runbooks. Native conferencing is not provided; however, integration via its API and webhooks reduces the need for native support.
Squadcast
Squadcast was founded in 2017 as an incident management platform designed to help SRE and DevOps teams adopt SRE best practices. The vendor emphasizes simplicity, efficient alerting, and balanced cost and value.
Squadcast is a SaaS-only platform that started off with capturing SMBs, but over the last few years, its target market has extended to include large enterprises. The current go-to-market strategy is focused on enterprise customers.
Squadcast emphasizes the user experience, efficient alerting, and seamless collaboration. It includes runbook attachments for incident context and integrates with popular communication tools such as Slack and Microsoft Teams. Squadcast allows third-party integrations using webhooks, which are not automatic. The lack of native support contributes to a low score for the audio/video conference support criterion. Squadcast has improvements in this area scheduled for early 2024.
The solution has multitier escalation policies and allows tailoring to specific alerting workflows; however, integration with runbooks is not as flexible as other solutions in allowing human-in-the-middle and connections with collaboration tools within the runbook. Workflow options are not as plentiful, but support may be adequate for those not requiring strong runbook integration. There is a mobile application for on-the-go incident management.
Squadcast handles a wide range of alert volumes and ensures data security with encryption and two-factor authentication. It offers competitive pricing, including a free version with limited functions.
It is a relatively newer market player when compared to more established vendors and, therefore, has less recognition. Squadcast’s functionality is improving as it enhances its automation capabilities, expands its data center presence for global coverage, and adds more customization capabilities.
There is minimal support for event-driven automation and orchestration or SOAR integration; however, incidents can be consumed from a security solution and workflows can be created for known events, which allows some event-driven automation.
Strengths: Squadcast has a good cost/value equation, adequate runbooks, and security. There is a dedicated mobile application.
Challenges: Runbooks should be improved to add more workflow options. Also, audio/video conferencing lacks automatic capabilities. As a new voice, Squadcast is easily drowned out by more established vendors.
6. Analyst’s Take
The proliferation of entities capable of producing incidents continues to increase, and alerts resulting from these incidents can come from a wide array of products and services, including traditional ITSM systems, infrastructure monitoring, observability, the service desk (IT or business), application performance monitoring, and AIOps analytics. Modern IT organizations have to deal with a greater number of incidents than ever.
Management of incidents remains a mainstay of IT operations, and as this Radar shows, there are two types of vendors that focus on management—traditional platforms and innovative solutions. Traditional vendors are Leaders that continue to dominate, while the Challengers are innovative suppliers looking to take advantage of the latest collaboration tools, including Slack, Teams, and Zoom.
The backbone of any incident response system is the ability to notify the right resources and ensure they are where they are needed. Thus, the ability to understand who or what team is available becomes central to the solution, as does the ability to schedule, which includes making provisions for escalations. Escalation may be needed when a response to an incident is inadequate or when resources are unavailable.
The ability to define workflows for escalation depending on the severity of the situation is essential. The flexibility of these solutions varies widely. Typically, they use runbooks (playbooks) to improve workflows or to auto-remediate known incidents. The best solutions allow workflows that include both a human-in-the-middle and the ability to auto-execute workflows.
Incident response platforms can set time limits for a response based on any number of factors, including the number of related incidents, the priority of the incident, and the services impacted. The leading vendors—Atlassian, Everbridge, PagerDuty, ServiceNow, and Splunk—all accommodate sophisticated escalation workflows with differences defined as much by marketing pitches as by actual functionality.
Decision-makers looking for an effective incident response solution should first review their solution requirements, current tools, and staff resources and skill sets, and then compare solutions against the key criteria, emerging technologies, and evaluation metrics outlined here.
The established vendors may have an edge in maturity; however, the newcomers bring fresh thoughts and better connections with collaboration tools, which makes them more relevant as they mature.
7. Methodology
*Vendors marked with an asterisk did not participate in our research process for the Radar report, and their capsules and scoring were compiled via desk research.
For more information about our research process for Key Criteria and Radar reports, please visit our Methodology.
8. About Ron Williams
Ron Williams is an astute technology leader with more than 30 years’ experience providing innovative solutions for high-growth organizations. He is a highly analytical and accomplished professional who has directed the design and implementation of solutions across diverse sectors. Ron has a proven history of excellence propelling organizational success by establishing and executing strategic initiatives that optimize performance. He has demonstrated expertise in planning and implementing solutions for enterprises and business applications, developing key architectural components, performing risk analysis, and leading all phases of projects from initialization to completion. He has been recognized for promoting effective governance and positive change that improved operational efficiency, revenues, and cost savings. As an elite communicator and design architect, Ron has transformed strategic ideas into reality through close coordination with engineering teams, stakeholders, and C-level executives.
Ron has worked for the US Department of Defense (Star Wars initiative), NASA, Mary Kay Cosmetics, Texas Instruments, Sprint, TopGolf, and American Airlines, and participated in international consulting in Qatar, Brazil, and the U.K. He has led remote software and infrastructure teams in India, China, and Ghana.
Ron is a pioneer in enterprise architecture who improved response and resolution of enterprise-wide problems by deploying “smart” tools and platforms. In his current role as an analyst, Ron provides innovative technology and strategy solutions in both enterprise and SMB settings. He is currently using his expertise to analyze the IT processes of the future with particular interest in how machine learning and artificial intelligence can improve IT operations.
9. About GigaOm
GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. Enterprise business leaders, CIOs, and technology organizations partner with GigaOm for practical, actionable, strategic, and visionary advice for modernizing and transforming their business. GigaOm’s advice empowers enterprises to successfully compete in an increasingly complicated business atmosphere that requires a solid understanding of constantly changing customer demands.
GigaOm works directly with enterprises both inside and outside of the IT organization to apply proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation. Research methodologies include but are not limited to adoption and benchmarking surveys, use cases, interviews, ROI/TCO, market landscapes, strategic trends, and technical benchmarks. Our analysts possess 20+ years of experience advising a spectrum of clients from early adopters to mainstream enterprises.
GigaOm’s perspective is that of the unbiased enterprise practitioner. Through this perspective, GigaOm connects with engaged and loyal subscribers on a deep and meaningful level.
10. Copyright
© Knowingly, Inc. 2023 "GigaOm Radar for Incident Response Platforms" is a trademark of Knowingly, Inc. For permission to reproduce this report, please contact sales@gigaom.com.