ESG's Jon Oltsik talks with with Amos Stern of Siemplify about SOAPA and Cybersecurity. This is part 1 of a 2-part series.
Read the related ESG Blog: SOAPA Video with Siemplify (Part 1)
Jon: Welcome to the ongoing SOAPA video series. I'm here with Amos Stern, CEO of Siemplify. Welcome.
Amos: Thank you. Thanks for having me.
Jon: My pleasure. So, my first question, SOAPA is all about integration of security operations products, what are you seeing in the market? And this is something that you're seeing customers ask for and how are you addressing them?
Amos: Yes, definitely, this is something we see customers ask. And I think the reason for that is that they've invested a lot in the last years for implementing different detection tools. And these tools are looking at different aspect of the organization, you know, from endpoint, network, access control of the IOT, mobile, cloud, and this will just, you know, grow more and more. Doing that, created many different separate silos of security data, and you need each of them to work together in order to see the bigger picture, because each show can see just only one small piece of the puzzle, but only by putting together all these different detections can you actually see the full picture. So these, you know, drove the need for integrating these different detection tools into one cohesive structure.
Jon: That's a good point because we see companies collecting more and more security data telemetry: threat intelligence, log data, endpoint behavior data. What's the data that you focus on and why?
Amos: We focus on what happens after some sort of tool detected something that needs to be done with. So for example, you have your endpoint tool is creating alerts about what happens in the endpoint. You have network forensic tools or IPSs telling you if something is happening here. You know, proxy administration, firewalls, you've got threat intel like you mentioned, vulnerability scanners that tells you this is something happening here. These are all very isolated. So what we see is all these different types of data that is needed in order to say, "This is an alert, it needs to be prioritized, because it shares characteristics and was identified not by one tool, but by more of these tools together." So all these info there is a much higher priority threat that needs to be dealt with.
Jon: And so one of the things we're hearing from companies is, "I'm just overwhelmed. I have all of these different tools. I don't want another tool. I wanna make my tools more efficient." So is that really what you're focused on? And are there things I can eliminate if I use Siemplify.
Amos: Yeah. So that's actually a very good point because I think that implementing all these detection tools, you know, each of these tools really have a lot of capabilities and very, very deep technical capabilities that they can provide. But it's very hard for customers to actually leverage all these technologies to the fullest, when it's, you know, security analyst is sitting in the sock and they need to be handling 20 or 50 or more than even tools to the full extend in order to take out of it the information that they need for an efficient triage, an investigation, and response. So by integrating these tools together into an orchestration or a SOAPA architecture, then basically, they can help use this system to bring this data from the different tools in order to provide a better triage and investigation, and then they can go into the tools when they need to do a further deep-down investigation.
Jon: Okay. Now, I looked at your website and one of the things that you market as is a single pane of glass for security operations. You just explained that people are looking in all these tools, so how do you pull that off? How do you become a single pane of glass for security operations and what's the value of that?
Amos: So I think the question starts with what is right now the single pane of glass for security operations?
Jon: Nothing. I know the answer to that.
Amos: So that's what we're trying to provide. Essentially, if you look at any other operation in the organization, right, in the enterprise, you have some sort of platform that helps you drive this operation, something that helps you put a consistent process into the response, something that helps you manage the process, something that helps you measure and improve, you know, and measure KPIs and so on. And while sales might have Salesforce, marketing might have HubSpot or Marketo, and HR can have Workday, what does security operation have?
And so we wanna become…and we think that's something that's very needed and we see that a lot with our customers is that they need to have an operations platform. So that single pane of glass is providing them the workbench for the analyst to be able to understand, "Okay, these are the alerts that I need to deal with. This is the prioritization. This is the process that I need to take in order to respond." We, obviously, weave automation into that to help enrich and provide more context and then measure and improve the operation.
Jon: Okay. Well, this is great stuff, Amos. Can you stick around for part two of the video?
Amos: Happy to do so.
Jon: Okay, great. Well, look at our website, our SOAPA landing page for more details.