In this second of a two-part video series, Mike Viscuso, Carbon Black CTO, and I pull on more SOAPA (security operations and analytics platform architecture) threads, including the role of SIEM in the next-gen SOC. Because it is in the context of SIEMs that we’ve seen the adoption of standard formats such as CEF and LEEF for alert propagation and STIX and TAXII for threat intelligence sharing, we explore not only the need for more such standards but the factors that lead to adoption. We then discuss user behavior analytics (UBA) data enrichened with other sensor data as an example of how a reference architecture like SOAPA makes data actionable, in this case to thwart the insider threat. We wrap up with a view into the future with respect to possible industry consolidation and the emergence of cybersecurity platforms to relieve point tool fatigue, a theme Mike challenges, noting the need for ongoing innovation to counter the motivated adversary.
Stay tuned for additional ESG videos offering new perspectives on the need for a security operations and analytics platform architecture (SOAPA).