It’s 2020, yet many organizations still depend upon a myriad of disparate point tools for security operations, leading to many challenges. According to ESG research these are the biggest challenges associated with managing an assortment of point tools:
- it makes security operations complex and time consuming (35%)
- it is difficult to get a complete picture of their security status at any time (35%)
- triaging, prioritizing, and investigating all the security alerts generated (34%)
- each security tool demands its own management and operations, straining the organization’s resources (33%)
- the organization doesn’t have enough staff members or the right skills to manage all the tools effectively (25%)
This problem isn’t new. Recognizing this problem in 2016, we at ESG came up with a new concept called a security operations and analytics platform architecture (SOAPA) designed to consolidate and integrate every layer of the security operations stack — from the raw data, through analytics, to day-to-day security operations processes (see Figure 1).

Figure 1: SOAPA
SOAPA is a bottom-up stack in that it is meant to give SOC teams the ability to act upon security telemetry in real-time. Think of actions like quarantining a system, patching a server, or investigating an incident, all based upon efficient data collection, processing, analytics, and well-orchestrated security processes.