SOAPA Video with Siemplify (Part 1)

As part of the ESG SOAPA video series, Amos Stern, CEO of Siemplify, stopped by the ESG studio last week to join the discussion. Not familiar with Siemplify? The company was founded by a team of experienced security operations experts who believe that security operations technology should be easier, provide greater integration, and align better with SOC processes. Based upon these goals, Siemplify offers a product called ThreatNexus, a security operations platform designed to help analysts manage, investigate, and automate, and centralize security operations.

Topics: Cybersecurity SIEM security operations SOAPA security operations center

SOAPA Video with ThetaPoint (Part 2)

PJ Bihuniak, COO of ThetaPoint, has a wealth of experience and knowledge in security operation, going back to his time at ArcSight. PJ is still active in this area, as ThetaPoint specializes in professional and managed services for security operations. It was great having him participate in the ESG SOAPA video series.

In part 2 of our video, PJ and I discussed:

Topics: Cybersecurity SIEM SOAPA

SOAPA Video with ThetaPoint (Part 1)

In the ESG SOAPA video series, we’ve spoken with leading security analytics and operations technology vendors like IBM, ServiceNow, Splunk, and many others. In this video, I wander outside of security operations technology and interview an old colleague of mine, PJ Bihuniak, COO of ThetaPoint.

Never heard of ThetaPoint? The company provides professional and managed security operations services to large global companies so it has a wealth of experience in the SOAPA domain. As for PJ, he spent many years with security operations pioneer ArcSight and knows this space like the back of his hand.

Topics: Cybersecurity SIEM security operations SOAPA

SOAPA Video with ServiceNow (Part 2)

ServiceNow comes at security operations based upon its customers, experience, and products in ITSM. This gives the company a unique opportunity to bring security and IT operations together to improve communications and collaboration. Given this, Sean was a perfect person to talk with about SOAPA since a software architecture built for integration can help facilitate this objective.

Topics: Cybersecurity SIEM ServiceNow security operations SOAPA

Best Practice:  Security Operations Automation before Orchestration

Based upon numerous conversations with CISOs, there is widespread interest in automating and orchestrating security operations. In fact, lots of enterprises are already doing so. According to ESG research, 19% of enterprise organizations have already deployed security operations automation/orchestration technologies "extensively,” while another 39% of enterprises have done so on a limited basis.

Topics: Cybersecurity SIEM security operations automation

How Enterprise Organizations Benefit from SOAPA

I’ve written about SOAPA for almost a year now, here’s a link to the original blog I posted last November. The concept seems to be catching on in the industry. I’ve had lots of industry leaders participate in SOAPA videos with me and there are many more videos in the works. 

Topics: Cybersecurity SIEM SOAPA

What’s Holding Back Enterprise Security Technology Transformation?

Last week, I wrote a blog about the rapid cycle of innovation happening with security technologies today – I’ve never experienced a time when every element of the security stack is transforming.

New security technologies are arriving at an opportune time. According to ESG research, 69% have increased their cybersecurity budgets in 2017 and my guess is that they will continue to increase investment in 2018. And when asked which BUSINESS initiatives will drive the most IT spending, 39% of organizations responded, “increasing cybersecurity protection.” This means that business executives are buying into the need for cybersecurity improvements all around. 

Topics: Network Security Cybersecurity SIEM CISO cloud security ISSA

Cybersecurity Technology: Everything is Transforming and in Play

As Bob Dylan sang, ‘the times they are a changing.’ This is certainly true when it comes to security technologies – just about every security monitoring tool and control is going through a profound transformation. Here are just a few examples:

  • Endpoint security is evolving from signature-based AV to next-generation endpoint security suites. ESG views endpoint security as a continuum with prevention on one side and detection/response on the other. A few years ago, upstarts pushed into endpoint security with aggressive attacks at one of these poles – Cylance jumped into threat prevention with solutions based upon artificial intelligence while Carbon Black, Crowdstrike, Cybereason, and Endgame moved into threat detection/response with EDR tools. The most recent battle is for the whole enchilada – comprehensive endpoint security suites that span across ESG’s endpoint security continuum. While startups continue to act as new shiny objects, old guard players like McAfee, Sophos, Symantec, and Trend Micro have spruced up their offerings with advanced prevention/detection/response features of their own. In the meantime, confused users are getting dozens of phone calls from vendors asking for meetings. 
Topics: Cybersecurity SIEM antivirus SOAPA

Trip Report, Splunk Conference 2017

This week was Splunk’s annual user conference (.conf), which took place in Washington DC this year. Now Splunk.conf is different than lots of other user conferences, although it does remind me of some of the events I attended at the start of my career (dare I say DECWorld?). 

Many Splunk users are absolutely gaga over the product and the company. Splunk customers exchange use cases, give presentations, participate in panel discussions, and talk about the way they use Splunk today and their plans for the future. Heck, they will even open up about what features they’d like to see Splunk adopt in the future.

Topics: Cybersecurity SIEM SOAPA

Time to Embrace a Security Management Plane in the Cloud

There’s an old saying that change is the enemy of security. To avoid disruptive changes, many cybersecurity professionals strive for tight control of their environment and this control extends to the management of security technologies. Experienced cybersecurity professionals often opt to install management servers and software on their networks so that management and staff “owns” their technologies and can control everything they can.

Now this type of control has long been thought of as a security best practice so many CISOs continue to eschew an alternative model: a cloud-based security management control plane. 

Topics: Cybersecurity SaaS SIEM CISO software-as-a-service (SaaS) SOAPA