SOAPA Chat with Vectra Networks (Video, Part 2)

Old friend Mike Banic recently stopped by ESG to kibitz about ESG’s SOAPA concept. Mike brings a world of experience to this topic. As VP of marketing at Vectra Networks, Mike sees enterprise challenges around security operations, and then works with customers to address their issues. 

In part two of our video series, Mike and I focus our discussion in a few areas including:

  • Machine learning. In a recent ESG research survey, only 30% of cybersecurity professionals claim they are “very knowledgeable” about the role of machine learning and AI for cybersecurity operations. Given this, I asked Mike to act as an industry spokesperson to define machine learning and explain where it fits in cybersecurity operations. Mike says that machine learning is used to find features and patterns in the data so you can train the model to look for malicious behavior like a remote trojan suddenly beaconing out to an external IP address. 
Topics: Cybersecurity SIEM security analytics SOAPA EDR Vectra Networks

Talking SOAPA with Vectra Networks (Video, Part 1)

Old friend and VP of marketing at Vectra Networks, Mike Banic, stopped by to discuss ESG’s security operations and analytics platform architecture (SOAPA) and its impact on cybersecurity. In part 1 of our discussion, Mike and I chat about:

  • Why network telemetry is so important for security analytics. Mike reminds me that ‘the network doesn’t lie.’ In other words, cyber-attack kill chains are synonymous with network communications so threat detection equates with knowing what to look for within network traffic patterns.
Topics: Cybersecurity SIEM network security analytics SOAPA EDR Vectra Networks

An EDR Perspective on Security Ops and Analytics Architecture (Video)

In this first of a two-part video series, Mike Viscuso, Carbon Black’s Chief Technology Officer, and I begin to explore the expansive topic of employing a security operations and analytics platform architecture (SOAPA) to operationalize security analytics. In addition to discussing the need for a reference architecture to address the complexity associated with gaining intelligence from telemetry across an organization’s attack surface area, Mike shares why Carbon Black invested in technical integrations with a variety of complementary cybersecurity technologies and the importance of rich endpoint detection and response (EDR) sensor data to enable essential use cases. We also discuss how the starting point for such integrations has changed and the central role both value-added resellers (VARs) and managed security service providers (MSSPs) serve in providing SOAPA implementations. We wrap things up by noting the purposeful nature of cloud computing as enabling technology for SOAPA solutions. Stay tuned for the second video in which we dig into other aspects of security operations and analytics.

Topics: Cybersecurity SOAPA security operations and analytic platform EDR endpoint detection and response