A Taste of SOAR Own Medicine: Inside Siemplify’s New Network & Security Operations Center, A Nerve Center Powered by Its Own Product

When Siemplify revealed roughly a year ago that it was launching Siemplify Cloud, an industry-first, cloud-native version of its security orchestration and automation (SOAR) platform, the announcement was about more than a product.

“We had to change all our mindsets as a company,” recalls Alon Cohen, Siemplify co-founder and CTO. “There are different processes between being a SaaS (software-as-a-service) company and an on-premises company.”

Not only is Siemplify Cloud designed for rapid time to value across today’s hybrid networks — giving organizations eager to onboard and experience the benefits of SOAR the ability to do it quickly — it also has a secondary function: allowing businesses to entrust to Siemplify the often laborious responsibility of updating and maintaining systems.

Above all else, transitioning to a cloud company (roughly 75% of new Siemplify customers are deploying the cloud version of the Siemplify Security Operations Platform) requires adherence to a fundamental principle: reliability. “The language of Saas is security uptime,” says Cohen.

To accomplish this, Siemplify has mimicked the very clients it serves, in the place where they house its platform. It recently stood up a combined network/security operations center (NOC/SOC) in its Tel Aviv office.

While the aesthetics and amenities may be modest, at least for now, compared to some of the Fortune 500 and leading MSSPs dotting Siemplify’s customer ranks, the NOC/SOC is a signal that the future is here — and client trust is everything.

Siemplify NOC/SOC Engineer Oriann Barzely, also a computer science student at Israel’s Holon Institute of Technology, grinds out the overnight shift in the company’s new makeshift command post

“The customer cannot do maintenance and handle the platform’s infrastructure,” says Gil Mandelboim, a Siemplify software engineer and current head of the NOC/SOC. “Everything is on us.”

Mandelboim oversees six part-time employees, who are also computer science students. In rotating shifts, they staff the center 24×7.

Each member of the NOC/SOC is tasked with troubleshooting problems the client may be facing, typically all common cloud snarl-ups like remote agent login snafus, network disconnections, high CPU usage and application bugs requiring a hotfix.

Every customer “alert” routes through the NOC/SOC, but Siemplify DevOps, R&D and support teams are all a phone call (or WhatsApp) away, no matter the time of day, to ensure the ticket is resolved.

“If it’s something that we can fix immediately without the customer even feeling it, of course we’re doing that,” Mandelboim says. “If it’s something being escalated, we let the customers know that we’re working on it.”

When it comes to triaging customer issues, Siemplify holds a unique advantage over other cloud companies thanks to its intellectual property. By using the Siemplify platform, NOC/SOC personnel are able to create custom playbooks to use during the response process, actually making the product better in the process.

 “We’re using Siemplify for Siemplify,” Mandelboim says with a chuckle. “The NOC analysts are writing integrators and connectors to the system This is a cool experience to use Siemplify as customers, and it allows us to give feedback, find bugs and make feature requests.”

Having access to the leading independent SOAR platform also comes in handy in another way. Siemplify’s operations center is transitioning to a hybrid model, of sorts, recently adding the SOC component as it seeks to monitor and quell threats (with the specialized assistance of an MSSP).

Putting the “S” in SOC

Engineer Tomer Mamistvalov readies the NOC/SOC for a shift handover.

Cybersecurity companies are high-profile targets by hackers (FireEye was the victim of a sophisticated attack late last year), who use them as a springboard to customer or partner networks. In the case of SOAR, which is designed to integrate with hundreds of vendor IT and security tools, miscreants can leverage the technology to discover entry points and opportunities to strike. “We have to stay protected,” Mandelboim says.

Analysts inside the Siemplify NOC/SOC can leverage their own SOAR platform to ingest security alerts from third-party tools and build workflows that they can execute when triaging, investigating and responding to alerts.

Through the NOC/SOC, Siemplify is actively upholding its end of the SaaS bargain, both in terms of ensuring customer uptime and keeping itself protected, which in turn keeps customers and partners protected.

And this obligation will only become more imperative as plans get underway to migrate all instances of Siemplify Community, the company’s free SOAR version, to the cloud.

“We need eyes all the time,” says Cohen, who expects to grow the NOC/SOC team globally and adopt a true “follow-the-sun” approach. “This is not just the future of SOAR, it’s the future of the world.”

Dan Kaplan is director of content at Siemplify.

The post A Taste of SOAR Own Medicine: Inside Siemplify’s New Network & Security Operations Center, A Nerve Center Powered by Its Own Product appeared first on Siemplify.

*** This is a Security Bloggers Network syndicated blog from Siemplify authored by Dan Kaplan. Read the original post at: