Google has announced the acquisition of security orchestration, automation, and response (SOAR) provider Siemplify, with the aim to integrate SOAR capabilities into its own Google Chronicle security solution.
Both Google and Siemplify highlight the growing number of cyberattacks and threats among the factors that can motivate investing to improve security operations for many businesses and enterprises.
We both share the belief that security analysts need to be able to solve more incidents with greater complexity while requiring less effort and less specialized knowledge. With Siemplify, we will change the rules on how organizations hunt, detect, and respond to threats.
Security orchestration, automation, and response is an approach to security incident management that emerged in recent years with the goal of improving the efficiency of security operations.
In a SOAR platform, orchestration is mostly meant as a response to the complexity of dealing with multiple tools that are not built to operate seamlessly together, including for example, vulnerability scanners, intrusion detection systems, event management platforms, and more. Without orchestration, says Siemplify, organizations may get overwhelmed by multiple alerts originating from the same incident.
Automation is the second pillar of SOAR, which helps relieve the burden on security analysts. To this aim, SOAR platforms use playbooks as their basis to automate the initial analysis of an incident. For example, a suspect phishing attack can be dealt with by carrying through a number of steps that can be easily automated using a tool to analyze attachments, hashtags, URLs, possibly leading to inclusion in a blacklist. This leaves only a reduced number of cases for further inspection by security analysts.
According to Google Cloud Security’s VP/GM Sunil Potti, Siemplify capabilities will be integrated with Google Chronicle, a Cloud service aimed to retain, store, and search all collected telemetry data with cybersecurity in mind. Siemplify will provide the foundation for Chronicle SOAR capabilities, says Potti.
Founded in 2015, Siemplify created a SOAR cloud-provider agnostic solution including a community-supported free-tier. It is not yet clear at the moment whether Siemplify will keep its free-tier offering or its cross-cloud capabilities. Siemplify’s CEO Amos Stern highlighted, though, Google’s commitment to multi-cloud environments.
Siemplify is not the only player in the SOAR field, with Palo Alto Networks Cortex XSOAR, Swimlane, Splunk, and many others. Additionally, Microsoft is offering its own SOAR solution in Sentinel for its Azure Cloud platform.