SOAPA Video with McAfee (Part 2)

In part 2 of our SOAPA video, Jason Rolleston, Vice President of product marketing for security operations products at McAfee, and I chatted about:

  1. Security analytics and operations. Analytics and operations are foundational elements of SOAPA, so I asked Jason to tell me about McAfee’s strategy in each area. Rolleston points out that there is more security data than ever, so finding the signals within the noise is more difficult than ever. McAfee is moving beyond event correlation for security analytics, putting a lot of resources into machine learning for anomaly detection. McAfee believes it has an advantage by applying machine learning across technologies. On the operations side, McAfee wants to help analysts take more effective and efficient actions, so it is investing in automation capabilities with Investigator, Active Response, Sandboxing, etc.
Topics: Cybersecurity SIEM SOAPA

Machine Learning: Security Product or Feature?

Around 2010, security analytics technologies started to integrate big data science and open source technologies like Hadoop (and HDFS), Pig, Mahout, etc. The goal? Ingest, process, and apply new types of algorithms to security data to supplement human intelligence for finding needles in growing haystacks of security data. The US Department of Energy was an early pioneer in this area with a project called Orca from the Oak Ridge National Lab. 

Topics: Cybersecurity SIEM machine learning

Why Splunk Acquired Phantom

Early this morning, I received news that Splunk had announced its intention to acquire Phantom for $350m. Just as IBM purchased Resilient Systems a few years ago, Splunk decided to add a dedicated security operations automation and orchestration tool set to its SIEM platform.

Topics: Cybersecurity SIEM SOAPA

Enterprise Plans for Security Automation and Orchestration

With the global cybersecurity skills shortage hanging over them, CISOs are turning toward security automation and orchestration technologies to improve staff productivity. This is happening faster and wider than most people realize. According to ESG research, 19% of enterprise organizations have already deployed technologies for security automation and orchestration extensively, 39% have done so on a limited basis, and 26% are engaged in a project to automate/orchestrate security operations. 

Topics: Cybersecurity SIEM

Artificial Intelligence and Cybersecurity: The Real Deal

If you want to understand what’s happening with AI and cybersecurity, look no further than this week’s news. On Monday, Palo Alto Networks introduced Magnifier, a behavioral analytics solution that uses structured and unstructured machine learning to model network behavior and improve threat detection. Additionally, Google’s parent company Alphabet announced Chronicle, a cybersecurity intelligence platform that throws massive amounts of storage, processing power, and advanced analytics at cybersecurity data to accelerate the search and discovery of needles in a rapidly growing haystack. 

Topics: Cybersecurity SIEM machine learning artificial intelligence SOAPA

CISOs Should Examine Commercial SOAPA Offerings in 2018

For over a year now, I’ve written about a burgeoning security technology initiative that ESG calls a security operations and analytics platform architecture (SOAPA).  Here’s a link to original blog I posted about SOAPA back in November 2016. 

Topics: Cybersecurity SIEM SOAPA

A Few Cybersecurity Predictions for 2018

Over the past few weeks, dozens of people have reached out to me with their cybersecurity predictions for 2018. Some prophecies are fairly obvious (ransomware will continue in 2018) while at the other extreme, some people are pushing doomsday forecasts aimed at garnering press hits (i.e., the US will suffer a cyber-attack in 2018 that knocks out the power grid for a substantial amount of time).

Topics: Cybersecurity SIEM cloud security machine learning SOAPA GDPR

SOAPA Video with Arbor Networks (Part 1)

Next up on the SOAPA video series is Arabella Hallawell, Sr. Director of Product Marketing at Arbor Networks. I first met Arbor Networks back in 2003 when it was a leading provider of network behavior anomaly detection (NBAD) tools and the company has been a steady player in network security ever since. Today, Arbor Networks is a leading provider of products and services for DDoS protection, network security analytics, threat intelligence, etc. 

Topics: Cybersecurity SIEM SOAPA

SOAPA Video with Siemplify (Part 2)

Siemplify, like other companies I’ve interviewed, is a security operations technology company. What sets Siemplify apart, however, is the background of its founders. This team isn’t composed of serial startup technologists from Silicon Valley, but rather cybersecurity experts from Israel. In fact, Amos Stern spent a good portion of his career as a security analyst, building SOCs, and training security personnel.

Topics: Cybersecurity SIEM SOAPA

The Cybersecurity Skills Shortage Impacts Security Operations

According to ESG research, 45% of organizations report having a problematic shortage of cybersecurity skills in 2017. Of course, this applies to all areas of cybersecurity but recent ESG research shows that the skills shortage has a direct impact on security analytics and operations. The research reveals that:

  • 54% of organizations say they don’t have the appropriate security operations skills for an organization of their size.
  • 57% of organizations say they don’t have appropriate security operations staffing for an organization of their size.
Topics: Cybersecurity SIEM SOAPA