Enterprise Plans for Security Automation and Orchestration

With the global cybersecurity skills shortage hanging over them, CISOs are turning toward security automation and orchestration technologies to improve staff productivity. This is happening faster and wider than most people realize. According to ESG research, 19% of enterprise organizations have already deployed technologies for security automation and orchestration extensively, 39% have done so on a limited basis, and 26% are engaged in a project to automate/orchestrate security operations. 

Topics: Cybersecurity SIEM security operations and analytics security automation security orchestration

Artificial Intelligence and Cybersecurity: The Real Deal

If you want to understand what’s happening with AI and cybersecurity, look no further than this week’s news. On Monday, Palo Alto Networks introduced Magnifier, a behavioral analytics solution that uses structured and unstructured machine learning to model network behavior and improve threat detection. Additionally, Google’s parent company Alphabet announced Chronicle, a cybersecurity intelligence platform that throws massive amounts of storage, processing power, and advanced analytics at cybersecurity data to accelerate the search and discovery of needles in a rapidly growing haystack. 

Topics: Cybersecurity SIEM machine learning artificial intelligence SOAPA

CISOs Should Examine Commercial SOAPA Offerings in 2018

For over a year now, I’ve written about a burgeoning security technology initiative that ESG calls a security operations and analytics platform architecture (SOAPA).  Here’s a link to original blog I posted about SOAPA back in November 2016. 

Topics: Cybersecurity SIEM security operations SOAPA

A Few Cybersecurity Predictions for 2018

Over the past few weeks, dozens of people have reached out to me with their cybersecurity predictions for 2018. Some prophecies are fairly obvious (ransomware will continue in 2018) while at the other extreme, some people are pushing doomsday forecasts aimed at garnering press hits (i.e., the US will suffer a cyber-attack in 2018 that knocks out the power grid for a substantial amount of time).

Topics: Cybersecurity SIEM cloud security machine learning SOAPA GDPR

SOAPA Video with Arbor Networks (Part 1)

Next up on the SOAPA video series is Arabella Hallawell, Sr. Director of Product Marketing at Arbor Networks. I first met Arbor Networks back in 2003 when it was a leading provider of network behavior anomaly detection (NBAD) tools and the company has been a steady player in network security ever since. Today, Arbor Networks is a leading provider of products and services for DDoS protection, network security analytics, threat intelligence, etc. 

Topics: Cybersecurity SIEM network security analytics network security operations SOAPA SOC Arbor Networks

SOAPA Video with Siemplify (Part 2)

Siemplify, like other companies I’ve interviewed, is a security operations technology company. What sets Siemplify apart, however, is the background of its founders. This team isn’t composed of serial startup technologists from Silicon Valley, but rather cybersecurity experts from Israel. In fact, Amos Stern spent a good portion of his career as a security analyst, building SOCs, and training security personnel.

Topics: Cybersecurity SIEM security operations SOAPA Siemplify security operations automation and orchestration

The Cybersecurity Skills Shortage Impacts Security Operations

According to ESG research, 45% of organizations report having a problematic shortage of cybersecurity skills in 2017. Of course, this applies to all areas of cybersecurity but recent ESG research shows that the skills shortage has a direct impact on security analytics and operations. The research reveals that:

  • 54% of organizations say they don’t have the appropriate security operations skills for an organization of their size.
  • 57% of organizations say they don’t have appropriate security operations staffing for an organization of their size.
Topics: Cybersecurity SIEM incident response security operations threat hunting computer forensics

SOAPA Video with Siemplify (Part 1)

As part of the ESG SOAPA video series, Amos Stern, CEO of Siemplify, stopped by the ESG studio last week to join the discussion. Not familiar with Siemplify? The company was founded by a team of experienced security operations experts who believe that security operations technology should be easier, provide greater integration, and align better with SOC processes. Based upon these goals, Siemplify offers a product called ThreatNexus, a security operations platform designed to help analysts manage, investigate, and automate, and centralize security operations.

Topics: Cybersecurity SIEM security operations incident response automation and orchestration SOAPA SOC Siemplify security operations center

SOAPA Video with ThetaPoint (Part 2)

PJ Bihuniak, COO of ThetaPoint, has a wealth of experience and knowledge in security operation, going back to his time at ArcSight. PJ is still active in this area, as ThetaPoint specializes in professional and managed services for security operations. It was great having him participate in the ESG SOAPA video series.

In part 2 of our video, PJ and I discussed:

Topics: Cybersecurity SIEM SOAPA ThetaPoint

SOAPA Video with ThetaPoint (Part 1)

In the ESG SOAPA video series, we’ve spoken with leading security analytics and operations technology vendors like IBM, ServiceNow, Splunk, and many others. In this video, I wander outside of security operations technology and interview an old colleague of mine, PJ Bihuniak, COO of ThetaPoint.

Never heard of ThetaPoint? The company provides professional and managed security operations services to large global companies so it has a wealth of experience in the SOAPA domain. As for PJ, he spent many years with security operations pioneer ArcSight and knows this space like the back of his hand.

Topics: Cybersecurity SIEM security operations SOAPA ThetaPoint