Recently, I had the pleasure of interviewing Haiyan Song, EVP of security at Splunk, about all things SOAPA. In part 2 of our video series, Haiyan aptly summarizes the current state of cybersecurity by declaring that “security is a team sport.” In other words, it takes cooperation amongst vendors, products, and infosec analysts to succeed.
To that end, this video discussion highlights things like:
- Splunk’s Adaptive Response. This is a Splunk customer-driven initiative which Haiyan describes as embodying the spirit of SOAPA. In essence, Adaptive Response unifies security analytics and controls and lets customers make and change enforcement decisions based upon security analytics insights rather than gut feelings or traditional security methodologies.
- Splunk’s SOAPA ecosystem. Haiyan tells ESG that when Adaptive Response was first announced, Splunk had 8 founding partners in its ecosystem. This has increased to 25 partners today across all areas of security analytics. Splunk’s goal? Create a SOAPA framework that eases partner integration and offers lots of choices for customers.
- Splunk on the industry activity around incident response. Splunk’s goal here is to extend its SIEM to help facilitate security investigations and remediation. In other words, align analytics with actions.
Finally, Haiyan makes an important point about the security market itself. Today’s security industry is guided by product category taxonomies that need to evolve. The classic definition of SIEM is simply too rigid due to innovation, new requirements, and product overlap. As an architecture, SOAPA is much more flexible and thus could be used to help CISOs address cybersecurity analytics and operations needs rather than force fit their requirements into a supply-side product-centric model.