Old friend and Cybereason CSO Sam Curry and I got together (virtually) to chat about all things SOAPA. In part 2 of our video, we focus on:
- This newish thing called XDR. My colleague Dave Gruber and I are all over XDR as analysts, so I asked Sam for his thoughts. Sam thinks of XDR as taking EDR to the next level. He even broke down the acronym stating that the X signified telemetry independence. The “D” in XDR is somewhat overstated, Sam is really focused on the importance of the R, response, as security is about blocking (not finding) the bad guys. In the end, XDR should be a force multiplier for the cybersecurity staff.
- What about analytics? In my eyes, vendors with the best security analytics win. Sam agrees but mentions that analytics must be complemented with what he calls, “judicious automation” that is continuously monitored and improved.
- The Cybereason ASOC concept. Cybereason has a vision of what it calls the autonomous SOC, so I asked Sam to provide some detail. Sam describes a “task focused” architecture that widens the security analytics lens, simplifies SOC analyst duties, and automates actions. Sam reinforces the fact that it’s all about the tasks, not the tools.
- The future of SOAPA. I ask all my guests their view on where SOAPA is going. Sam sees SOAPA as a technology platform that facilitates cybersecurity goals and mission. Since cyber-adversaries are always innovating, SOAPA will never commodify and continue to evolve moving forward.
Many thanks to Sam and Cybereason for participating in the SOAPA video series, I always feel like I learned something when the two of us get together. More SOAPA videos soon.