SOAPA Video with Arbor Networks (Part 2)

In the second part of my SOAPA video with Arabella Hallawell from Arbor Networks, we discuss:

  1. SOAPA technology integration. Arbor Networks partners with lots of network service providers, giving the company a bird’s eye view of Internet traffic. The company uses this position to monitor, collect, and curate threat intelligence through its ASERT team. As part of its network security analytics products and services, it adds CTI to give customers an understanding of malicious activities happening inside and outside of their networks. Of course, integrating internal network telemetry and CTI is one of the principles of SOAPA. 
Topics: Cybersecurity security operations cyber threat intelligence network security analytics SOAPA Arbor Networks Arabella Hallawell

Acute Cybersecurity Skills Shortage Areas

In my last blog, I reviewed some new research from ESG and the Information Systems Security Association (ISSA), revealing that 70% of cybersecurity pros say that the global cybersecurity skills shortage has impacted their organizations. Based upon this and other similar research, I’m convinced that the cybersecurity skills shortage represents an existential risk to our data, businesses, and national security.

Topics: Cybersecurity security analytics security operations cloud security application security ISSA security investigations

SOAPA Video with Siemplify (Part 2)

Siemplify, like other companies I’ve interviewed, is a security operations technology company. What sets Siemplify apart, however, is the background of its founders. This team isn’t composed of serial startup technologists from Silicon Valley, but rather cybersecurity experts from Israel. In fact, Amos Stern spent a good portion of his career as a security analyst, building SOCs, and training security personnel.

Topics: Cybersecurity SIEM security operations SOAPA Siemplify security operations automation and orchestration

The Cybersecurity Skills Shortage Impacts Security Operations

According to ESG research, 45% of organizations report having a problematic shortage of cybersecurity skills in 2017. Of course, this applies to all areas of cybersecurity but recent ESG research shows that the skills shortage has a direct impact on security analytics and operations. The research reveals that:

  • 54% of organizations say they don’t have the appropriate security operations skills for an organization of their size.
  • 57% of organizations say they don’t have appropriate security operations staffing for an organization of their size.
Topics: Cybersecurity SIEM incident response security operations threat hunting computer forensics

SOAPA Video with Siemplify (Part 1)

As part of the ESG SOAPA video series, Amos Stern, CEO of Siemplify, stopped by the ESG studio last week to join the discussion. Not familiar with Siemplify? The company was founded by a team of experienced security operations experts who believe that security operations technology should be easier, provide greater integration, and align better with SOC processes. Based upon these goals, Siemplify offers a product called ThreatNexus, a security operations platform designed to help analysts manage, investigate, and automate, and centralize security operations.

Topics: Cybersecurity SIEM security operations incident response automation and orchestration SOAPA SOC Siemplify security operations center

SOAPA Video with ThetaPoint (Part 1)

In the ESG SOAPA video series, we’ve spoken with leading security analytics and operations technology vendors like IBM, ServiceNow, Splunk, and many others. In this video, I wander outside of security operations technology and interview an old colleague of mine, PJ Bihuniak, COO of ThetaPoint.

Never heard of ThetaPoint? The company provides professional and managed security operations services to large global companies so it has a wealth of experience in the SOAPA domain. As for PJ, he spent many years with security operations pioneer ArcSight and knows this space like the back of his hand.

Topics: Cybersecurity SIEM security operations SOAPA ThetaPoint

SOAPA Video with ServiceNow (Part 2)

ServiceNow comes at security operations based upon its customers, experience, and products in ITSM. This gives the company a unique opportunity to bring security and IT operations together to improve communications and collaboration. Given this, Sean was a perfect person to talk with about SOAPA since a software architecture built for integration can help facilitate this objective.

Topics: Cybersecurity SIEM ServiceNow security operations SOAPA

Best Practice:  Security Operations Automation before Orchestration

Based upon numerous conversations with CISOs, there is widespread interest in automating and orchestrating security operations. In fact, lots of enterprises are already doing so. According to ESG research, 19% of enterprise organizations have already deployed security operations automation/orchestration technologies "extensively,” while another 39% of enterprises have done so on a limited basis.

Topics: Cybersecurity SIEM security operations automation incident response automation and orchestration

Security Operations Spending and ROI

ESG recently surveyed 412 cybersecurity and IT professionals asking a number of questions about their organization’s security analytics and operations. Overall, security operations are quite difficult, many organizations complain about too many manual processes, too many disconnected point tools, and a real shortage of the right skills. These issues can lead to lengthy incident detection and response cycles or worse yet, damaging data breaches. Just ask Equifax.

Topics: Cybersecurity SIEM security analytics security operations SOAPA

Cybersecurity Pros' Opinions on Their Organization’s Security Operations

ESG recently published a new research report titled, Cybersecurity Analytics and Operations in TransitionThe report is based upon a survey of 412 cybersecurity and IT professionals directly involved in their organization’s security operations processes.

As part of the survey, respondents were presented with several statements and asked whether they agreed or disagreed with each. Here are a few of those statements with my analysis.

  • 73% of survey respondents strongly agreed or agreed with the statement: Business management is pressuring the cybersecurity team to improve security analytics and operations. If you want proof that cybersecurity is a boardroom-level issue today, here it is. The good news is that the survey also indicates 81% of organizations plan to increase their security operations budget so business executives are willing to throw money at the problem. The bad news is that the cybersecurity team is now on the hook to deliver measurable improvements and ROI. 
Topics: Cybersecurity security analytics security operations SOAPA SOC