This interview delves into the Security Technology Operations space.
Sramana Mitra: Let’s start by introducing our audience to yourself as well as to LogRhythm.
Chris Petersen: I’m the Chief Technology Officer and Co-Founder of LogRhythm. LogRhythm is a cyber security company. Our mission is to help enterprises and organizations protect themselves from cyber threats.
We do that by developing software that helps security operations team and security operations centers detect the threat that slipped through the normal defenses and enter its environment.
We hope that enterprises, organizations, and teams respond to those threats by giving them the tools and workflow that makes the response fast and highly-efficient so that when a threat actor does compromise an environment, they can be neutralized very quickly.
Sramana Mitra: Can you talk about where exactly in the ecosystem are you positioned with respect to other companies? Who’s the competitor? Who’s the partner? What other adjacent products and segments do you tie into?
Chris Petersen: We consider ourselves to be one of the pioneers in next-generation security information management. It’s called SIEM. It has evolved over the years. It’s now a broader platform that often consists of a collection of different products that are designed to solve a collection of problems across detection, response, and recovery workflow.
That begins with solutions like log management analytics, which involves collecting vast amounts of data from machines about users, systems, and applications and making it searchable. They can analyze it. It involves applying advanced analytics across that data so that we can detect threats that are only possible to see once we have that centralized visibility.
We also have capabilities that help to orchestrate and automate the workflow and response process of security operations teams. That gets us into a class of products which is often referred to as Security Orchestration Automation Response (SOAR).
We leverage automation across the workflow as much as possible and even automate getting devices off the network and things of that nature. Then there are advanced areas where we get deep into user activities and also network activities. It gets sent to some of the product categories called User Entity Behavior Analytics (UEBA) and Network Detection Response (NDR). Across all those categories, we have many competitors.
Sramana Mitra: Talk to me about the competitive landscape.
Chris Petersen: Some competitors are larger platform companies like LogRhythm that have a collection of products. Those include Splunk, IBM, Microfocus, and Arcsight. Arcsight was one of the original leaders in first-generation SIEM. Then there are some up and comers we compete against. Some of the public cloud vendors are trying to get into the market. Microsoft Azure has brought products to market. We don’t see them much yet, but we see them once in a while. Google also has a product that we also are not seeing a lot of. They introduced something adjacent to what we do. We might see them a little bit more in the future as well.
Sramana Mitra: Talk to me about what trends you’re seeing in the security process automation space in your customer base. What level of adoption do you see? If you look at enterprises, is security automation technology widely rolled out at this point?
Chris Petersen: No, I would say automation is relatively very nascent. It’s very interesting because we actually introduced automation into our software six or seven years ago. Our automation features went largely unused by most of our customers because they weren’t quite ready for it. We were ahead of the market.
Over the past few years, that has changed. We are seeing a lot more automation as organizations take cyber security more seriously. They’re investing in security operation centers and security operations teams to staff those centers.
We are seeing our feature set adopted. As per our latest adoption survey, almost 33% of our customers actually use automation. As a broad industry, I think it’s less than 10%. The reason why companies have been hesitant to use automation is the risk of automation going awry.
When you automate something, you potentially could make a mistake. The last thing a security team wants to do is disable the email account of the CEO or the Head of Sales. That’s a barrier to automation.
With the enhancements in technology, maturity in the automation platforms, and the risk factors, organizations have begun to adopt automation a lot more. The pace of automation and adoption has been exponential over the past three years. I expect that to continue.
This segment is part 1 in the series : Thought Leaders in Cyber Security: LogRhythm CTO and Chief Product Officer Chris Petersen