ESG Blogs

In part 2 of our SOAPA video, Jason Rolleston, Vice President of product marketing for security operations products at McAfee, and I chatted about:

1. Security analytics and operations. Analytics and operations are foundational elements of SOAPA, so I asked Jason to tell me about McAfee’s strategy in each area. Rolleston points out that there is more security data than ever, so finding the signals within the noise is more difficult than ever. McAfee is moving beyond event correlation for security analytics, putting a lot of resources into machine learning for anomaly detection. McAfee believes it has an advantage by applying machine learning across technologies. On the operations side, McAfee wants to help analysts take more effective and efficient actions, so it is investing in automation capabilities with Investigator, Active Response, Sandboxing, etc.

Let’s face it, cybersecurity is a geeky domain. While much of IT has shifted its focus to things like business processes enablement and digital transformation, infosec pros still spend much of their waking hours in the weeds, looking at things like protocol anomalies, SQL statements, command shells, etc.

Jason Rolleston, Vice President of product marketing for security operations products at McAfee, stopped by ESG recently to participate in our SOAPA video series. I must say that this was especially good timing as Jason and I had a similar chat at the RSA Security Conference just over a month ago.

In part 1 of our video, Jason and I chew the fat about:

Paul Nguyen, VP of product strategy at FireEye, stopped by the ESG studio recently to talk about how the company is moving forward with SOAPA. In part 2 of our video, Paul and I chewed the fat on topics like:

1. Security operations best practices. FireEye has vast institutional security operations experience, built on the back of managed services, professional services, threat intelligence expertise, etc. Given this, I asked how FireEye can build upon this knowledge in its product set. Paul mentioned that Helix has its roots in FireEye’s SOCs and managed defense offerings and is designed to provide a similar unified experience for the security analysts of its customers.

When Symantec and Veritas joined forces, Symantec Vision (its customer and analyst event) was a regular spring ritual. Like the swallows coming back to Capistrano, I made an annual pilgrimage to Las Vegas, parked myself at the MGM or Venetian, and spent a few days catching up on the latest Symantec buzz.

Paul Nguyen, VP of product strategy at FireEye, stopped by the ESG studio recently to talk about how the company is moving forward with SOAPA. Paul and I discussed things like:

1. Technology integration. Through its history, FireEye has grown through acquisition, purchasing companies like iSight Partners, Mandiant, and nPulse. Heck, Paul joined FireEye because of its acquisition of Invotas in 2016. While each of these products can stand on its own, FireEye realized that it could deliver a lot more by stitching all these products together in a common platform. Paul spends a lot of his time figuring out how to combine the elements of each product into a FireEye security operations cocktail to maximize customer value. 

The market for security operations automation and orchestration products is rapidly maturing. The most recent proof point of this maturation was Splunk’s acquisition of Phantom in February, but other vendors like FireEye (acquired Invotas), IBM (acquired Resilient), Microsoft (acquired Hexadite), and Rapid7 (acquired Komand) saw the light and bought into this market over the past few years.

I’ve spent a good amount of time talking to CISOs over the last few months to learn about their current priorities and how their jobs are changing. Of course, many of these security executives will be attending the RSA Security Conference in a few weeks. Based upon my meetings, here’s a sample of what CISOs will be looking for in San Francisco:

Early this morning, I received news that Splunk had announced its intention to acquire Phantom for $350m. Just as IBM purchased Resilient Systems a few years ago, Splunk decided to add a dedicated security operations automation and orchestration tool set to its SIEM platform.