IBM on Security Analytics and Operations (SOAPA) Part 2

SOAPA Still.jpgLast week, I posted this blog describing my interview with IBM security GM, Marc van Zadelhoff, where we talked about his perspective on the transition from security analytics and operations point tools to an integrated event-based security analytics and operations platform architecture (SOAPA). 

Here’s a link to the initial blog I wrote back in November that describes SOAPA—what it is and why it is becoming so popular with enterprise organizations. 

In the blog I posted last week, I provided a link to part 1 of my video interview with Marc. Here’s a link to part 2 of the video as well. Some of the highlights from the second video include:

  • SOAPA drivers. Why are enterprise organizations moving toward SOAPA? Marc was pretty clear on this point. IBM customers are telling him that they can’t stay ahead of security operations using a collection of point tools when they are facing a dangerous threat landscape AND a shortage of cybersecurity skills on their teams. This last point is worth repeating. According to ESG's recent 2017 IT spending intentions survey, 45% of organizations report a problematic shortage of cybersecurity skills. So CISOs can’t hire their way out of security analytics and operations shortcomings. 
  • SOAPA must supplement people with integration and intelligence. IBM customers don’t need more tools, they need their security technologies to add integration and intelligence so they can improve security efficacy, efficiency, and productivity. From an IBM perspective, this is a primary reason why IBM is pushing Watson for cybersecurity. Security analysts are pursuing numerous new investigations on a daily basis and simply can’t keep up with the volume. Watson for cybersecurity is a cognitive computing alternative to cybersecurity staff augmentation, designed to lighten the load of overwhelmed SOC personnel.
  • What about the need for SOAPA scale? In an early 2017 blog, I declared 2017 as the year of cybersecurity scale as large organizations add cloud-based workloads, digital transformation applications, and IoT devices to their networks. This scale seriously impacts cybersecurity operations with volumes of new security events, software vulnerabilities, threats, and alerts. How will this scale impact SOAPA? Marc took ownership of this issue by declaring, “that’s on us (i.e., SOAPA vendors).” Marc was rather confident about IBM’s ability to deal with cybersecurity scale through a combination of big data technologies, cloud resources, and appropriate architectural design.

Marc concluded our interview by pontificating that SOAPA is a very exciting chapter in a continuing cybersecurity novel. SOAPA has the potential to lead to greater data collection, better data enrichment and context, and improved analytics. I couldn’t have said it better myself!

Stay tuned for more blogs and videos on SOAPA soon. 

Topics: IBM Cybersecurity SIEM SOAPA Marc van Zadelhoff