



Google has acquired security service provider Siemplify in an effort to add security orchestration, automation, and response (SOAR) capabilities to the Google Cloud security portfolio, enhance the Chronicle security analytics platform, and “hide” security. did. The company announced today.

Neither company has officially disclosed the value of the transaction, but sources, including Reuters, said Google paid $ 500 million to Siemplify, a cloud-based provider of tools for integrating and automating security operations. I am reporting. The technology allows enterprises to present a single platform for security analysis and response, integrate existing tools, and automate security playbooks.

SOAR services allow analysts to triage case loads faster by automating responses with more information from different security products in the organization.

As part of an invisible security initiative announced in July, Google sees such features as a priority for cloud services, especially both Google and Siemplify, according to Vice President and General Manager Sunil Potti. We aim to integrate it into the Chronicle security analysis platform. Google Cloud Security

“Security analysts share the belief that they need to be able to resolve more complex and more incidents with less effort and expertise,” he said in a blog post announcing the acquisition. increase. “Our intention is to integrate Siemplify’s capabilities into Chronicle in a way that helps businesses modernize and automate their security operations.”

Advances This acquisition continues Google’s commitment to cybersecurity. In August, the company announced that it would invest $ 10 billion in cybersecurity over the next five years to find ways to expand zero trust services, enhance open source security and improve software supply chain integrity. did. In October, the company deployed a cybersecurity action team, a series of advisory and incident response services to assist government and corporate clients.

With this acquisition, Google will be able to win the competition between major cloud service providers to provide security services across platforms, said chief analyst at research firm Omdia, a sister company to Dark Reading. Rik Turner says. Amazon Web Services (AWS) and Microsoft Azure have SIEM capabilities in their own clouds, but not all clouds have the same capabilities, but Google is trying to work well with other services. increase.

“AWS’native cloud security is AWS only, which means that if you’re migrating security to a multi-cloud and starting from the AWS Estate, AWS will point you in the direction of partners such as Palo Alto and Trend Micro,” says Turner. .. “Therefore, both Azure and GCP Nos. 2 and 3 are heterogeneous in their cloud security products, which can unfaithfully seduce AWS customers to AWS.”

The discussion for that adds, “Infrastructure-moved and protected workloads or data assets can be returned to AWS at any time because security spans both worlds.”

The three features behind SOAR allow security teams to effectively manage their operations. Orchestration links security products to your organization’s Security Information and Event Management (SIEM) system, where the system uses information from those products to better screen analysts for potential threat reports and alerts. I will be able to do it. By automating the analysis with a machine-extended playbook, the system helps analysts determine more quickly if a security event requires further investigation. Finally, many aspects of the response can be automated to quickly minimize the impact of the attack.

Cybersecurity start-ups have been working on three features, most of which are integrated into existing SIEM products. For example, in July 2020, Micro Focus purchased Atar Labs and integrated its SOAR capabilities into the SIEM system’s grandfather, ArcSight.

Ultimately, most SOAR products will be integrated with SIEM to become a standard feature, said Allie Mellen, a security and risk analyst at Forrester Research.

“Siemplify is one of the few standalone SOAR products, and many others have been adopted by SIEM vendors for many years,” she says. “Most other standalone SOAR vendors are building acquisitions or portfolios with other products such as the Threat Intelligence Platform. In a sense, this is a bold acquisition and the termination of standalone SOAR or frankly SIEM. indicate.”

With the confluence of all timing trends, the functionality of SOAR products has become more necessary. The ongoing shortage and high cost of skilled cybersecurity professionals means that workload reduction is important. The growing attack surface of your organization means that you need to monitor more data to get the visibility you need. Also, due to remote work and fast-moving attacks, automatic response is given higher priority.

Another blog post announcing the acquisition, CEO and co-founder of Siemplify. “There is a need and opportunity to grow our business to meet these challenges.”

The acquisition of Google may mean that some companies have fewer options when it comes to automating security operations, says Forester Melen.

“For clients, this acquisition means one less standalone SOAR offering,” says Mellen. “This benefits from using a security analytics platform that tightly integrates SIEM and SOAR, which allows practitioners to implement more seamless automation in their work, but some practitioners. Prefers to use separate and independent SOAR products because they know the depth of integration available. Be more powerful. “

