CISOs should examine commercial SOAPA offerings in 2018

Leading vendors are putting together proprietary SOAPA solutions. CISOs should establish an evaluation team tasked with looking for viable options.

CISOs should examine commercial SOAPA offerings in 2018
iStock

For over a year now, I’ve written about a burgeoning security technology initiative that ESG calls a security operations and analytics platform architecture (SOAPA). Here’s a link to original blog post I wrote about SOAPA back in November 2016. 

My thoughts behind the need for SOAPA are pretty simple:

  1. Independent point tools that provide a myopic perspective on security events are inefficient, as they depend upon humans to piece a holistic picture together. SOAPA is meant to aggregate, correlate, curate, and contextualize data and analytics from discrete tools. 
  2. Security operations remains anchored to manual processes and human intelligence. The problem here is obvious. Security workloads are rapidly increasing, but manual processes and human beings can’t scale to address new requirements. SOAPA is designed with automation and orchestration in mind to alleviate these issues. 
  3. According to recent research from ESG and the information systems security association (ISSA), 70 percent of cybersecurity pros claim the skills shortage has had an impact on their organization. What type of impact? Things like increasing the workload on staff, forcing them to hire and train junior personnel, creating an environment where the infosec team spends most of its time on emergencies, etc. SOAPA is intended to provide central command-and-control for security controls, monitoring, and operations, enabling the cybersec team to work smarter — not harder. 

CISOs recognize these issues, and many are addressing them head-on. According to ESG research from 2017, 21 percent of organizations say consolidating and integrating security technologies was one of their highest priorities. 

Organizations engaged in SOAPA projects tend to be on the leading edge with the architectural, engineering, and technical skills to link tools together through APIs or by using a distributed streaming platform like Apache Kafka

Unfortunately, the majority of organizations have all the requirements described above but lacks the resources for do-it-yourself SOAPA projects. CISOs whose organizations fit this description should dig into proprietary SOAPA solutions in 2018 to see if they can find a lead vendor that can provide all or most of the architecture on their own.

What to look for in a SOAPA solution 

For these CISOs, allow me to offer a few recommendations:

  • Aim high by looking for an all-in-one solution. A true SOAPA solution should offer central policy management, leading security analytics, an automation/orchestration abstraction layer, and distributed controls for policy enforcement. These elements should be glued together through common data and storage management, a messaging bus, APIs for integration, etc. CISOs should push vendors on enterprise-class scale and functionality, their integration layers, partnerships, their roadmaps, etc.
  • Insist on openness. No vendor will offer everything, so demand that vendors adhere to open standards, publish APIs, offer developer support, and partner with other security vendors as a community. While vendors may want the whole enchilada, leading SOAPA solutions should still be able to interoperate with best-of-breed point tools, as well. 
  • Consider how MSSP and SaaS services fit into SOAPA. Many organizations will want to supplement internal cybersecurity efforts with managed security services or SaaS offerings. For example, CISOs may look at managed EDR from Binary Defense or CrowdStrike, DLP from Digital Guardian, or threat intelligence platform services from Anomali, RecordedFuture, ThreatConnect, ThreatQuotient, etc. Leading SOAPA offerings should provide easy integration with these kinds of third-party services.  It's also important to consider how SOAPA can protect cloud-based workloads and use cloud-based resources to scale the architecture.  
  • Explore opportunities to replace existing point tools with SOAPA components. With SOAPA, the sum is truly greater than ts parts. So, while you may be completely satisfied with your current AV software, firewall, or web gateway, CISOs should weigh the cumulative architectural benefits of SOAPA against discrete advantages of myriad disparate tools.
  • Cast a very, very wide net. SOAPA is still in its genesis, so many vendors are still in their development phase. Remember, too, that SOAPA is an enterprise security architecture, and many security vendors are rooted in transactional technology sales rather than strategic projects. The list of vendors introducing SOAPA-like architectural solutions is long and includes SIEM vendors (IBM, LogRhythm, Splunk, etc.), endpoint security vendors (McAfee, Symantec, Trend Micro, etc.), and network security vendors (Check Point Software, Cisco, FireEye, Forcepoint, Fortinet, Palo Alto Networks, etc.) CISOs must understand that they will be banking on a SOAPA vendor for years to come, so it’s important to spend ample time getting to know the market and the strengths/weaknesses of diverse SOAPA offerings. 

If none of the commercial SOAPA offerings looks appealing, CISOs may want to consider professional service providers such as ThetaPoint that can start with their existing security technologies and build a custom SOAPA solution for them. 

NEW! Download the Winter 2018 issue of Security Smart