Enterprises have made tremendous investment in cyber security. Amos discusses how to extract value out of existing investments.
Sramana Mitra: Let’s start by introducing our audience to yourself as well as to Siemplify.
Amos Stern: I’m the CEO and Co-Founder of Siemplify. We’ve been around since the beginning of 2015. I’m originally from Israel. I spent about 10 years in the Israeli intelligence.
I was running the cyber security department. I was in charge of both application and infrastructure security. One of my responsibilities was building the security operations team. That was my first exposure to this space.
After my service, I went to the biggest defense contractor in Israel and spent a few more years on different projects. The latest one was for building the first cyber training simulator, which essentially meant building centers for training about 70 plus security operation teams all around the world.
That was when the lightbulb moment went off, and I realized that there was a company to build here.
Sramana Mitra: What specifically did you see where you felt that it warranted a company?
Amos Stern: What evolved in the 10 to 15 years since I started working in the unit and building security defense programs was that it wasn’t just four to five tools anymore. It wasn’t just an anti-virus, a firewall, and a proxy.
It suddenly became 50 different tools on the detection side. It was endpoint security, network security, and access control. As organizations grow into mobile and cloud, you need more security systems to protect each element of the organization.
What happens after detection and identification stayed the same since the last 15 to 20 years. It was handled by a team sitting in a studio operation center analyzing those alerts. The difference was that it’s not four systems; it’s 50 systems. It reached the point where it was unsustainable.
One, you didn’t have more people to throw at the problem. There’s a big shortage of personnel in cyber security. Two is, it was very mundane work. You have these analysts sitting there in shifts just collecting logs. After a year or two, people leave.
Three, the response process is just very slow. You’d have very inconsistent responses, because you had to rely on individual heroics. Everything was very manual. You had to swivel your chair in order to respond to a threat between five or more different systems. You’d have to be very apt at all of those systems. It’s really hard to run a very effective operation.
Of course, all those systems are completely agnostic to each other. If you had an endpoint security and a phishing system, they are not integrated directly to each other.
What we saw are two main problems. One is the technology problem. You have a lot of tools and they don’t talk to each other. We needed to build some sort of a glue that connects all your security systems together so that each new tool can work with the rest.
The second is the process. There was not a well-defined process of how to run security operations. How do you respond to phishing versus ransomware? What are the stages? What exactly is the playbook that should be executed every time we have this alert?
Once you have those two elements, you can start implementing automation. You have integrations to all those systems. That’s the first part. Then you have a playbook or definition of how to respond. Then you can also start applying automation to this playbook.
We call it the security operations center, but we’re not really running it as an operation. If you look at any other enterprise operation like sales operations or marketing operations, there’s usually a very well-defined process of how to run the operations.
In sales, you have a specific set of stages for an opportunity. You have a specific playbook. You have specific data that you capture and KPI’s that you measure. You usually run it in a platform to support an operation like Salesforce.
Marketing might have Marketo. HR might have Workday. Security operations was just a mishmash of tools. That’s all we were set to build – the security operations platform.