ESG's Jon Oltsik talks with Arabella Hallawell Of Arbor Networks about SOAPA and Cybersecurity. This is part 1 of a 2-part series.
Read the related ESG Blog: SOAPA Video with Arbor Networks (Part 1)
Jon: Welcome back to our continuing SOAPA video series. I'm here today with Arabella Hallawell, Senior Director of Product Marketing for Arbor Networks. Welcome.
Arabella: Thanks, Jon, for having me.
Jon: Great to have you here. So we tend to think of SOAPA in relation to advanced persistent threats, targeted threats, cybercrime, that kind of stuff. But I'd be remiss if I didn't ask you, as one of the leading DDoS providers, to give us an update on what's going on in the world of DDoS these days.
Arabella: Yeah, sure, Jon. Thanks for asking. So we've really seen the DDoS has changed. We call it the stakes have changed. And many organizations, unfortunately, haven't been updated with the changing risk profile of DDoS attacks. But basically, DDoS attacks are becoming much bigger. We've seen huge attacks. Many of you are probably familiar with attacks like Dyn which took down, basically, the internet on the East Coast in the U.S. for several hours.
But basically, we've seen much larger attacks, much more frequent attacks, and as we'll probably talk about during this conversation, many more complex types of DDoS attacks, not just these big volume, tsunami waves, but also more stealth-like application-like attacks which many organizations just aren't prepared to defend against.
Jon: Yeah, and one thing with SOAPA is, as I said, it's security operations, it's looking at anomalies on the network. Are companies starting to merge those two areas so I've got my security operations that are looking at day-to-day activity, but I've also got my DDoS prevention people?
Arabella: Yeah, that's a really great question. If we were having this conversation about five years ago, for many large enterprises, DDoS mitigation prevention was often the domain of the network operations group or those running key online applications or services. As organizations have actually started to look at risk much more closely, they are moving DDoS prevention and strategy over into the security operations group, although still, it can be a little bit of a nexus where the network team may have some responsibility and the security team for others. And that's where really good risk management, as well as planning, is absolutely key to make sure the, you know, there's no finger-pointing and one person thinking they were responsible when, you know, the other person was.
Jon: Yeah, so there's a strategy overlap. There's some process overlap. I mean, if your systems are down, they're down, whether it's a targeted attack or a DDoS attack. So it makes sense that there would be overlap there.
Jon: Now, I remember when I started working with Arbor years ago, people would get confused with what you guys do with network security analytics and SIEM. Are you still seeing that kind of confusion or do people really understand that there's SIEM for log management and for correlation of events, and then there is network security analytics which is a different purpose?
Arabella: Yeah, I mean, just overall, in terms of the Arbor Solution Portfolio, we have a set of solutions that really sort of focus, I would say, looking external, so helping organizations protect against external types of attacks including DDoS. And then we have a newer set of solutions, including Spectrum, that really help organizations look inward, that their internal network traffic from a threat analytics perspective.
And so to your point, network threat analytics is very different from SIEM. Although some security operations teams use their SIEMs for investigations, for threat analytics, when it actually comes to looking at your internal network traffic for anomalies, very, very quickly, trying to understand "what's happened, what's wrong" investigation, we see network threat analytics being, in many ways, complementary, built for a very different set of purpose as well as having both different visibility, but also a different set of data.
Our solutions are built on what we would call wire data, which is, you know, metadata, and you know, down to the packet which is different from most SIEM solutions, which are built upon log data. And it's really the wire data that helps you not just see what happened now, but go back into the past and put together the whole puzzle of "Is this some type of anomaly that I need to be worried about? What happened? Who did it? Why? And do I now need to call my legal counsel or a forensics team to come in and see what they can recover and do?"
Jon: So it's really for that threat detection, forensics, retrospective analysis.
Arabella: And investigation, absolutely.
Jon: It's sort of like an Swiss Army knife. You can do all of those things. And I talked to one of your customers who was doing all of those things and got some acceleration in those activities. Is that accurate?
Arabella: Yeah, and I think as we get into the SOAPA discussion, you know, for most organizations, even if they're a well-resourced team, they simply don't have enough staff, enough expertise, to deal with the number of investigations they have to basically have to deal with. And so we see Spectrum really being a force multiplier, helping organizations automate some of the work of particularly the tier 2 analyst or even the incident responder so they can be much more effective at what they need to do.
Jon: Well, you're hitting the nail on the head with SOAPA in terms of integration and automation and orchestration. Can you stick around for part 2 of our video?
Arabella: Yeah, absolutely.
Jon: Okay. Well, look on our website for more under our SOAPA landing page.