In continuing my chat with Marc Solomon, CMO of ThreatQuotient, Marc and I discuss:
- SOC integration. At its heart, SOAPA is an integrated heterogenous technology architecture for security operations, so I ask Marc how integration plays into ThreatQ’s strategy. Marc mentions that the platform includes bi-directional integration where ThreatQ consumes and provides data. What type of data? External threat data, enriched data, event data, etc. ThreatQuotient can be used as a SOAPA data broker, acting as the single source of truth for security operations.
- ThreatQuotient has some SOAR functionality so I ask Marc about process automation. Marc says that while SOAR has been out for a while, he still sees most companies automating basic tasks, so there’s a general state of immaturity. Marc is bullish about more process automation in the future however and everything starts with the data.
- Are we moving toward SOC visualization consolidation? One of the biggest SOC bugaboos is the need to view security through multiple UIs. Personally, I believe that SOC visualization is the next frontier with new tools acting as a standard workbench for multiple activities. Marc agrees but reminds us not to forget about specialization. Yes, there will be more UI consolidation but there will always be specialized tools and SOC analysts using these tools will want to work with within their UIs. Once again, Marc points to the data. If the data is normalized, consistent, and available, it will be useful regardless of how you view it.
- My colleague Dave Gruber and I have done a lot of research in this area while Marc has looked at XDR through the lens of ThreatQ. In Marc’s view, XDR is long overdue to combine the threat detection power of multiple different technologies into a single system. Marc still believes that these analytics will need tools like ThreatQuotient to act as a SOAPA data hub and broker, while XDR takes more control of the analytics layer.
- The future of SOAPA. Marc believes SOAPA is the future of security operations as tools like ThreatQ bring in more data sources, opening the SOC to new use cases.
Thanks again to Marc Solomon and ThreatQuotient for participating in the SOAPA video series. Look for more videos in 2021.