ESG's Jon Oltsik talks with Exabeam Chief Marketing Officer Rick Caccia about SOAPA and Cybersecurity. This is part 1 of a 2-part series.
Jon: I'm here with Rick Caccia, the CMO from Exabeam to talk about SOAPA. So, welcome, Rick.
Rick: Thanks, Jon. Good to be here.
Jon: Glad to have you. So, let's start at the bottom of the pyramid. We're seeing a lot more collection of data. We're seeing a lot of data growth for security analytics and operations, which to me, is the foundation of SOAPA. Are you seeing the same thing?
Rick: Absolutely. So, every single customer we have is collecting more data than before. I'll give you a little story. When I was at ArcSight, seven years ago, we sold ArcSight Logger that had 42 terabytes of storage on board. That was considered enough for many companies for 30 days. Today we have customers collecting 300 terabytes in a day. So, 200 times growth in seven years.
Jon: Oh, boy. And so, what's driving that? What's driving all the data that people are collecting for security?
Rick: I think it's a couple of things. One, they're just generating more data. So, if they were collecting network traffic, they're generating more network traffic. They're also collecting data they didn't collect before. So, they're collecting email, and web, badge readers, end point data, things that they just didn't collect before. And so, there's more data and then more data collected.
Jon: Okay. And so, what I hear from a lot of people is, "Okay, I'm collecting more data, but that means it's harder to get value out of the data because there's so much of it. Now, I have to figure out not only what's going on with a lot of data, but what's going on with all this data." Is that something you're hearing as well?
Rick: Yeah. I think that's been behind the rise of UBA, which is, people have so much data they can't make sense of it. They used to use data correlation and SIEM to make sense of it, and now they're saying we have new techniques that have come from algorithms and machine learning that will help us make sense of it.
Jon: Okay. Now, speaking of SIEM, a lot of time when I talk to people about SOAPA, they say, "Oh, you're just talking about SIEM in the center and a couple of different products that are integrated into SIEM." And that's not what I mean at all. So, what do you see in terms of SIEM functionality? Where does that go in a SOAPA architecture from an Exabeam perspective?
Rick: So, I think if I look at SIEM and I came out of the SIEM industry, you know, all the leading SIEMs are well more than a decade old. That's pre-Hadoop, pre-iPhone, pre-Facebook. So you're saying these things were built for a world of much less data, much more fixed, much more under your control. So I see the SIEMs breaking apart. When I hear you talk about SOAPA, when I hear customers talk about SOAPA, they're talking about a different architecture that's in response to that. So, something that's more flexible, that can handle massive data, that can handle change, where you can assemble the pieces from different vendors. They're seeing something that is today's answer to what SIEM used to be.
Jon: Yeah. That's consistent with what I say. I say, SIEM functionality doesn't go away, but having it in a monolithic product, well, that may be changing and that's why we need an overarching architecture where you can put these pieces together to interoperate.
Rick: Yeah. I'd say the SIEM problem hasn't gone away. It's still there, which is, how do I make sense of all the stuff I have? And SOAPA is the architectural response to that problem today.
Jon: Yeah. I couldn't agree more. So, will you stick around for another video?
Rick: Happy to.
Jon: Okay. Thanks so much.