It all started with “no security alert left behind,” the idea to build a security orchestration, automation and response (SOAR) platform that would centralize an organization’s security alerts, alarms and incidents to automate incident response and deliver a better security operations center (SOC).
In the early days, we had the fortune—or misfortune—of taking a product we thought was a great tool to some prospective customers for feedback. While these organizations were seemingly similar with similar pain points, they all asked for different things. It was then when we realized we had to build our SOAR solution with a commitment to extensibility and flexibility.
After rounds of feedback, it was clear the industry demanded a product that could adapt to the nuanced ways in which organizations report, track, escalate alerts, assign tasks, classify severity, score risk, etc. So, what we built at Swimlane was a people-centric technology—allowing unique people and organizations to operate the platform in a way that suited their unique needs.
We built a product that really helps people.
Today, the API-first architecture allows every customer to easily integrate the tools they have for nearly any use case. They see different dashboards. They have varying levels of users with robust role-based access control. They have different case management capabilities. They have different integrations. They track their ROI with different statistics and have the ability to report on any field. But they’re all using the same product. Our customers can say, “If we’re going to use a SOAR platform, let’s have the SOAR platform come to us and how we operate—not ask us change the way we operate to accommodate the SOAR platform.” I think we’ve done this better than anyone else and that’s what I think is great about it.
With eyes on the future, we need to continue to make the ability for people to automate their security work as easy as possible—supporting a community-based defense model and enabling organizations that don’t traditionally have access to enterprise capability with enterprise-grade automation.
As threats rise and organizations continue to make security a priority, we’re going to see higher velocity as a business. From the number of people looking at SOAR, buying solutions or making budget available for SOAR platforms to the partners selling it to the MSSP organizations that are leveraging it, it’s only going to continue to accelerate. It’s going to be a lot of fun.
We will also likely see many more use cases and prove a lot of our theories around community participation and sharing. I think we’ll see an evolution of SOAR, not only to support the traditional incident response security operations use cases, but I also think there’s going to be a lot more conversation around securing cloud workloads and infrastructure, DevOps and vulnerability management. As IT continues to move quickly, it’s exciting to see how SOAR and Swimlane can participate in these emerging and ongoing conversations.
Hear more from CEO Cody Cornell
About Hands-Free Security
Hands-Free Security is a podcast produced by Swimlane that brings together thought leaders and subject matter experts to discuss security operations strategies, best practices, industry insights and emerging technologies, such as security orchestration, automation and response (SOAR).
For collaboration inquiries, please contact firstname.lastname@example.org.
*** This is a Security Bloggers Network syndicated blog from Swimlane authored by Cody Cornell. Read the original post at: https://swimlane.com/blog/swimlane-reflection-2018/