Old friend Mike Banic recently stopped by ESG to kibitz about ESG’s SOAPA concept. Mike brings a world of experience to this topic. As VP of marketing at Vectra Networks, Mike sees enterprise challenges around security operations, and then works with customers to address their issues.
In part two of our video series, Mike and I focus our discussion in a few areas including:
- Machine learning. In a recent ESG research survey, only 30% of cybersecurity professionals claim they are “very knowledgeable” about the role of machine learning and AI for cybersecurity operations. Given this, I asked Mike to act as an industry spokesperson to define machine learning and explain where it fits in cybersecurity operations. Mike says that machine learning is used to find features and patterns in the data so you can train the model to look for malicious behavior like a remote trojan suddenly beaconing out to an external IP address.
With all the hype around artificial intelligence for cybersecurity, Mike suggests that CISOs push their vendors to define the breadth and depth of their technology and make sure it truly addresses their needs. He also proposes that the best time to test these new intelligent analytics tools is when an organization is engaged in red teaming or penetration testing, as these exercises should expose the technology’s capabilities.
- Integration with cyber threat intelligence (CTI). This has become increasingly important as a means for comparing anomalous internal network behavior with malicious tactics, techniques, and procedures (TTPs) in the wild. In fact, one of the principal capabilities of SOAPA is providing an architectural foundation for collecting, correlating, enriching, and contextualizing different types of security telemetry. Mike agrees that this is important which is why Vectra imports indicators of compromise (IoCs) via the structured threat information expression (STIX) standard, scores IoCs, and correlates them with internal network traffic.
- Other technology integration. SOAPA is all about integrating multiple security analytics tools, operations tools, and controls to accelerate threat detection and response. Mike says that the most common points of integration for Vectra are SIEM and EDR. Vectra and SIEM integration is intended to help supplement the security operations processes and investment already dedicated to SIEM. EDR integration helps customers see attacker behavior on the network and then pivot to hosts to pinpoint the processes involved in generating malicious traffic.
Finally, I asked Mike about the future of SOAPA. Mike focused on the $55 billion spent today on security services. He believes that SOAPA’s artificial intelligence, automation/orchestration, and integration capabilities can help organizations improve security efficacy, operational efficiency, and employee productivity, decreasing their dependence on service providers. I agree.
Many thanks to Mike Banic and Vectra Networks for participating in ESG’s SOAPA video series. More soon!