ESG's Jon Oltsik talks with Dimitri Vlachos, VP of Marketing for Devo, about SOAPA and Cybersecurity. This is part 2 of a 2-part series.
Read the related ESG Blog: SOAPA Video with Devo (Part 2)
Jon: I'm back with Dimitri Vlachos, CMO from Devo. Welcome back.
Dimitri: Thank you. Good to be here again.
Jon: So last time, we kind of geeked out on the technology layers. So what are the common use cases that people use your security tools for?
Dimitri: I'd say three main use cases. So security analytics, right? Being able to do investigations, threat hunting, detection. Those are kind of the key core use cases where we have customers using us for. Customers are rapidly expanding their footprint, right. They've gone through massive digitization, from new applications are spinning up to new ways to reach their customers.
And they're finding a lot of the older tools they had can't cover that, both in terms of the amount of data but more importantly also the types of data and the rapid changing nature of that data source.
Jon: Okay. What else? Threat hunting, I think.
Dimitri: Threat hunting is a big one. Fraud has been one that... antifraud where people are more and more eCommerce online. And they're seeing bots come in and actually do purchases, right? So it's, "How do I protect my inventory to protect my brand?" So that's kind of fraud detection at a real time kind of speed.
That's another big use case. And then good old threat investigation, right? I found something, I know something's going on, how do I rapidly respond, find the data to actually go and then automate that response?
Jon: And with the retrospective capabilities, because you can retain so much data, you can go back in time, and look, and maybe they started a year ago.
Dimitri: I mean, unfortunately, right, if you look at the stats, we know that typically when people actually learn about an incident, it's been in there for a long time. So the ability to really go back and understand it is critical.
Jon: Okay. As you know, SOAPA is a very tightly integrated architecture. It's based on open standards. And so there are lots of different tools that may participate. Who are you integrating with? Not who, but what types of technologies?
Dimitri: I look at is kind of two major ways we integrate. One is that we have your customer's data. Now, we want to bring a lot of intelligence. So you look at infrastructure, data logs, machine data telemetry, we'll bring in threat intelligence, right, to enhance that data. We'll also bring a lot of business context data in. So for example, we talked about while you're looking at threat hunting or investigation, well, how do we merge that with customer billing information?
Where was that customer, you know, who was that customer, what were they doing? We look at the different applications they might be using, and be able to trace the customer, and who's affected by it. So that's one type of integration is bringing other enhancements of data to get a much richer view of the story. So that's one set. Another set is really downstream.
Well, how do we now automate the response? So we've learned a lot of intelligence, we've detected things that might be in real time that we're doing, you know, automated correlation and detection, it might be that we've investigated and want to kick off a response. So we have integrations downstream with SOAR vendors and other types of automation to automate that response.
Jon: And I would imagine the security controls as well to, like, update a role or put the...
Jon: Quarantine the system, those kinds of things.
Dimitri: Absolutely. That's, you know, the different playbooks and different automations that we see downstream, absolutely. We also see people integrate with us to use it for a more general platform for getting their data out whether that's a BI tool, as we're seeing broader teams want to access, right? We're able to provide them access to that data completely open.
Jon: Okay. Now, started as a general purpose tool, moved to the cybersecurity expertise. What kind of cybersecurity resources do you have? How are you enhancing the product for a cybersecurity specific audience?
Dimitri: We've built a couple things. One, we have a targeted solution that sits on top of our platform that is specifically viewed at analyst workflow. So how do I go from, you know, whether it's detection, whether it's looking at incidents and investigation. And we have a team now. We have a dedicated security team that's building, and enhancing, and continue to develop this solution.
Jon: Okay. And I would imagine you have some field resources or cybersecurity expertise working with customers as well?
Dimitri: Yup, absolutely.
Jon: Professional services or is that a third-party thing?
Dimitri: No. Professional services is, you know, part of the way… a lot of the organizations we will interact with are quite advanced in their security analytics and their security program, they love our out-of-the-box capabilities, built the platform, as well as this purpose-built security solution. But they also want to build, you know, "Okay.How can I go build a purpose-built solution for our business?"
So they might build it themselves. It's very easy to build those yourselves. They might work with us to build those. But that's where we do a professional services, to help with that type of work.
Jon: Okay. So final question. You worked with me for a couple years. You've seen the SOAPA architecture, where do you think SOAPA goes over the next year or two?
Dimitri: So I think there's a couple aspects to that. One, I think SOAPA is a great platform or architecture for going broader than security. You know, the same issues we're seeing of the expansion of the enterprise architecture, the rapid expand to the number of endpoints and interactions that you have to secure, you also have to monitor those for performance. And that same rich data set is great for that as well.
So we see SOAPA, I guess, a couple of things. One is expanding beyond security a little. But two, also making sure that data is not just security. We really have a mantra of all data is security data. So it's not just security data that we typically think of whether it's endpoint security, infrastructure, you have to bring in all these other types of data.
And that's where I think it's going.
Jon: And at the same time, the security use case is changing. It's getting more expanded, the attack surface is growing. So you have to bring in more data just to…
Dimitri: Just to keep up.
Jon: Just to keep up security.
Dimitri: Absolutely, absolutely. And so I think there's that with also the ability to really have the analytics to do that. And there's two aspects to that. There's bringing, you know, whether you want to ML, right? There's all the buzzwords of ML. But I think it's true of how do you bring advanced analytics directly into the domain of security. We're also seeing that large organizations have data science teams that are aiding in that, you know?
So the ability to have an architecture that allows data scientists to work with that data, look at it, deploy their models on it, that's a key piece we also see as well.
Jon: Yeah, I couldn't agree more. Well, thanks for stopping by.
Dimitri: No worries. Thank you.
Jon: And we'll continue the video series as the year progresses.