A highlight is a new War Room module designed to facilitate crisis management by letting the SOC collaborate easily with other parts of the company, like PR, legal, and the CEO.
SOAR [security orchestration, automation and response] vendor Siemplify has introduced the 5.0 version of their Security Operations Platform. It’s a major release, which enhances collaboration, not just between the SOC team but between the team and other parts of the company in what the company is calling a War Room module, designed for company-wide crisis response. Other Playbook enhancements and reporting improvements have been made, which will help larger MSSPs in particular.
“We think this release is a pretty massive deal for us,” said Meny Har, VP of Product at Siemplify.
The enhancements start with War Room, a significant new collaboration capability designed to make crisis management easier.
“We at Siemplify see ourselves as a platform for the SOC,” Har said. “We are the whole of that process for security operations. What we have added here is a new module, War Room, which provides collaborative crisis management capabilities. What you can do with this is bring in people from the company beyond the SOC team, like the CEO, PR, or legal, to allow them to collaborate on the platform. The purpose is to handle high level messaging, when that needs to be done. It facilitates collaboration as a company, not just in the SOC itself.
“We have also made enhancements in collaboration working with other analysts,” Har added. “We had some level of collaboration before, but we took this up a notch, to make it easier to work with coworkers.” This includes the ability to integrate the tools already being used for communication, such as Slack and Microsoft Teams.
Another major enhancement is a new Remote Agent capability as part of an expanded incident response playbook.
“We serve almost 20 per cent of the Gartner quadrant for MSSPs, which means a lot of big MSSPs,” Har said. “Siemplify Remote Agent is something that can be installed on a customer site that allows them to use the customer’s tools on the customer site, because what is on the host isn’t always clear for them. The Remote Agent allows them to ask questions of Active Directory on the customer’s own premises, which lets them give much better service. This is something that makes it easier for larger MSSPs who get a lot of alerts a day to now go beyond just alerting the customer.”
Another new playbook capability is Expression Builder.
“As you build out a more complex playbook to write a complex query in an application like Splunk, Expression Builder enables you to have an intuitive drag and drop way of parsing information without having to use code,” Har indicated.
He said this is valuable because while vendors like Splunk have moved to no-code capabilities, this would only apply with Splunk to Spunk activities
“People don’t typically work just within Splunk, and if they also use other languages and tools, it’s still an issue,” he noted. “This makes data match with other tools managing Splunk.”
The Business Intelligence Reporting Framework has also been enhanced, with a new engine.
“We have added a full-blown editor to provide better and much more granular metrics,” Har said. This is especially important for bigger MSSPs, who need greater metrics than the typical customer. We needed to give bigger MSSPs a measurement to build much more granular reports.”
Siemplify v5.0 is available now.