Google acquired Siemplify in 2022, rebranded it twice, and three years later the SIEM and SOAR still feel like two different products. Feature requests disappear into a void. Integrations are limited. And the SOAR part? It's more case management than actual orchestration.
"I did not fond of the customization options in Google Chronicle Security Operations as it hampers adaptability for organizations with security requirements. The user interface needs to be more user friendly and intuitive to facilitate navigation."
"Since the acquisition from its former owner, the service is non-existent, platform is instable and not performance, and the service is not delivered in line with the contract."
"I dont like the fact that Google purchased a once great company and is now turning it into trash. Since the Google takeover support for the product does not exist, prices are going up and changing, and the close partnership with Siemplify that we once had has totally eroded away."
"New runbook need to be configured manually when there are new rules being forwarded to siemplify. Process takes times and testing before it can be transited into operational use."
"Siemplify will still need programming skill to configure the playbook. The support hours does not align to my region and thus the hours for interaction are restricted and might not be able to provide prompt support."
"The ease of use of the product plus support creates the most powerful security orchestration and automation platform. The team built a product with support to make sure the product is not stagnant but actually providing outcomes which we did not get with Splunk, Palo Alto (Demisto) or Tines which we have owned or tried. Already paying for itself within a couple of months."
G2 Verified Review
/01
"The platform is straightforward to use. It was quite intuitive for my team to get started. The skill level required is much lower than we needed with our SOAR."
G2 Verified Review
/02
"What truly sets Blink Ops apart is their unparalleled speed with the fastest TTA (Time to Automation) in the market, surpassing competitors by as much as a hundred fold."
Tal Morgenstern, Partner at Lightspeed Venture Partners
/03
"Perfect 5-star rating in GigaOm's 2024 SOAR Radar Report for implementation of AI Security Automation. 400% year-over-year revenue growth."
GigaOm Radar Report 2024
/04
The Real Problems with Google SecOps SOAR
From community forums, Gartner reviews, and actual users who've lived with it.
Feature Requests Go to Die
Got a feature request? Good luck. Users report basic capabilities ending up as "feature requests" that take forever to get prioritized. Even audit logging, something that should exist from day one, is still a request. Google's SOAR roadmap clearly isn't the priority.
"3 issues I had ended in Feature Requests. 2 are related to audit logging, which should already exist. It will probably take a while to be implemented." — Google Community
~300 Integrations. That's It.
For a company the size of Google, 300 SOAR integrations is embarrassing. Your average enterprise has 40+ security tools. Good luck connecting them all. And the custom connector experience? Python scripting, remote agents, and a lot of patience.
"Orchestrate over 300 tools" — Google's own marketing. Compare that to platforms with 10x more.
Still Two Separate Products
SIEM and SOAR admin interfaces are completely different. SOAR logging isn't integrated with GCP. You can tell these were separate acquisitions stitched together. The "unified SecOps platform" promise hasn't landed yet.
"SIEM and SOAR give the sensation that are two different products. Even the admin GUI is different from each other." — Google Community
Siemplify's Ghost Is Everywhere
Three years post-acquisition and references to "Siemplify" are still scattered across the product, documentation, and API endpoints. It doesn't inspire confidence when the vendor can't even finish renaming the product they bought.
"There are still a lot of references to Siemplify. The training usually is not updated." — Google Community
Case Management, Not Real SOAR
The SOAR component is solid for case management and basic playbook automation. But that's about it. No AI agents. No dynamic workflow creation. No self-service portal. If you need real orchestration beyond drag-and-drop playbooks, you'll hit walls fast.
Locked into Google's Ecosystem
Works best when your SIEM is also Google SecOps. If you're running Splunk, Elastic, or anything else as your SIEM, the SOAR experience degrades. Google wants you all-in on their stack. Sound familiar?
Google SecOps SOAR vs. BlinkOps
Case management is one thing. Real security automation is another.
Capability
BlinkOps
Google SecOps SOAR
AI Agent Builder
No-code agent builder. Define role, responsibilities, abilities, constraints. Deploy custom AI agents for triage, enrichment, response.
No agent builder. Gemini assists with playbook generation but no autonomous AI agents.
AI Workflow Builder
Builder Copilot. Describe what you want in plain English. AI generates full multi-step workflows in seconds.
Gemini can help create playbooks via chat, but capabilities are limited and tightly coupled to Google's ecosystem.
AI Workflow Modifier
Modify existing workflows with natural language prompts. AI transforms step outputs, generates JQ commands from plain English.
Manual edits only. Drag-and-drop editor for changes. No natural language modification.
Analyst Copilot
AI copilot inside case management. Understands full incident context. Runs enrichment, suggests actions via chat.
Gemini in SecOps provides natural language search and some investigation assistance. Tied to Google's data only.
Agentic Workflows
Hybrid approach. Mix deterministic steps with micro-agent reasoning steps in the same workflow. Agent handles ambiguity, automation handles speed.
Playbooks only. No reasoning capabilities. Every path must be pre-defined.
Dynamic Workflow Creation
Agents select and execute workflows based on real-time context. No pre-mapped decision trees needed.
Static playbook assignment. Alerts route to pre-configured playbooks. No dynamic selection.
Integrations
30,000+ built-in integrations. Connect to anything. Custom integrations in minutes.
No native structured storage in SOAR. Data lives in Chronicle SIEM or external BigQuery.
Self-Service Portal
Expose any workflow as a self-service app. Web Forms for interactive data collection. Works via portal, Slack, Teams, Zoom.
No self-service portal. SOAR is SOC-facing only. No way to expose workflows to end users.
Time to Production
Minutes. AI generates workflow from prompt. Connect integrations, publish, done.
Days to weeks. Requires configuring connectors, remote agents, Python environments. Deployment complexity varies.
Your Migration Path
You don't have to settle for a case manager dressed up as a SOAR. Moving to BlinkOps is faster than waiting for Google to ship your feature request.
Audit & Map
We map your existing Google SecOps SOAR playbooks, connectors, and case workflows. Blink's tooling can import existing playbook logic automatically.
Week 1
Build & Connect
Recreate your workflows in Blink using Builder Copilot. With 30,000+ integrations, your existing stack connects in minutes, not days. No Python required.
Week 2-3
Deploy & Expand
Go live with your migrated workflows. Then add what Google SecOps SOAR never had: AI agents for triage, analyst copilot, self-service portal, and stateful tables.
Week 4
Try BlinkOps Today!
Your feature requests won't get prioritized. Your integrations won't grow. And Gemini won't replace the need for real AI agents. See what actual security automation looks like.
