I’ve written a lot about ESG’s security operations and analytics platform architecture (SOAPA). SOAPA is happening because enterprise organizations are surrounding SIEM with lots of other security analytics and operations tools to accelerate incident detection and response. As this occurs, many organizations are actively integrating these technologies together with the goal of building an end-to-end, event-driven, security technology architecture.
SOAPA is impacting security strategies of large organizations, leading to reactions and changes on the supply side. What type of changes? I recently sat down with Haiyan Song, EVP at Splunk, to discuss Splunk’s views on SOAPA. Here are a few highlights of our discussion:
- SIEM’s role within SOAPA. Splunk sees SIEM as the “nerve center” for SOAPA for other types of security analytics and operations technologies. In other words, SIEM serves as the centerpiece in a hub-and-spoke security technology architecture.
- Splunk as an ecosystem. Anyone that follows Splunk knows that it works with lots of other security technology partners. Haiyan believes this is a living example of SOAPA and Splunk’s nerve center concept. Customers benefits from tight technology integration while Splunk partners can pivot off Splunk to help their clients gain addition value from their products.
- Customers want help with incident response. Where are Splunk customers pushing on SOAPA? Incident response. Haiyan indicated that customers want to make analytics-driven decisions for incident response. Splunk is addressing this with “adaptive response.” This initiative looks a lot like SOAPA with an architectural framework, integrated components, partner participation, etc. The goal? Acceleration and automation of threat detection, investigations, and incident remediation.
- SOAPA benefits. Splunk likes to think in terms of customer outcomes and benefits rather than bits and bytes. For Haiyan, SOAPA represents an opportunity to increase industry innovation and ultimately deliver a security architecture that allows customers to increase productivity and accelerate actions while streamlining day-to-day security operations.
For more detail, check out the first part of my interview with Haiyan here. More later this week.