maxkabakov - Fotolia
With the vast number of security products on the market and the growing amount of security data generated, enterprises face an uphill battle.
Siemplify, a startup based in New York, is aiming to make that hill easier to climb with its security operations platform, which the company hopes will be a Salesforce-like hub for security professionals. Siemplify's platform is designed to tie various third-party products together and streamline the data for enterprises.
Nimmy Reichenberg, chief strategy officer at Siemplify, explained the company's mission to provide an all-in-one spot for SOC teams to get their work done, as well as the relationship between SOAR and SIEM and why security product integration is becoming harder to accomplish.
Editor's note: This interview has been edited for length and clarity.
Tell me the story of how Siemplify was founded.
Nimmy Reichenberg: Siemplify was started by three people: Amos Stern, Alon Cohen and Garry Fatakhov. Basically, all of them have security operations experience from the Israeli Defense Force. All three of them went to work for a government defense contractor, and what they did is train SOCs all over the world, so they trained dozens and dozens of both civilian and security operations teams on how to better deal with cyberthreats. Through this work, it became very clear to them that the way that security operations teams work is highly flawed. There are so many things that can be improved about how these teams work, and they had this idea: why don't we build this product and start a company that will solve what we're seeing from training security operations teams around the world? And they founded Siemplify.
What does Siemplify do?
Reichenberg: What we essentially provide is security operations platform. The easiest way to describe our vision is that just like how Salesforce is a platform that sales professionals work on or Workday is what human resources professionals use to get their work done, Siemplify is the platform where security operations teams log on in the morning and get their work done. We provide a security operations platform. A big component of what we provide goes by SOAR, security orchestration automation and response, and that functionality basically has to do with building repeatable processes and integrating the various tools security teams use to investigate threats and remediate threats using as much automation as possible. We know that there's a huge shortage in security professionals these days so obviously there's a lot of appetite in automating anything that can be done.
Reichenberg: SOAR is definitely a complementary solution to SIEM. SIEMs definitely have a place when it comes to storing all your logs, doing that initial analysis and correlation and firing off an alert to an analyst. That's kind of what SIEMs do and that's not going away. We could talk about next-gen SIEMs or there's all these newer technologies but essentially that is what they do. SOAR tools take that alert and apply a process to it -- encase it into case management, decide a playbook that walks the analyst through the steps of what actually needs to be done once that alert is fired, automate that, and provide machine learning.
Do you think it's easier to integrate with other vendors' security products today than it was five years ago?
Reichenberg: I would say the answer to that is no. One of the things that SOAR solutions do is act as a security fabric that connects all your tools, but the reason why it's harder to integrate tools is that there's just so many of them out there. The number of security tools out there is only growing. Nothing is going away, and everyone is still using the antivirus tools from 50 years ago only now there's 50 products on top of that. Ten years ago, the average company maybe used a dozen or two dozen security tools. Now it's pretty common to find companies that use 50, 60 or 90 different security tools throughout the company. So integrating tools is harder [today], and the reason is if I'm a new company and I built this new security tool and it's great, do I really now want to invest the time and effort to make it agree with 500 other security tools? And the answer is I'm probably not going to do that. Our approach is we don't detect anything bad; that's a type of tool we integrate into our platform. Our job is to be that connecting tissue between all the different tools. We have over 200 integrations of tools already built into our platform, so we have well-connecting tissue, if you will, and apply a process of how all these tools actually work and apply a playbook that addresses each specific scenario in cybersecurity.
What do the next 12 months look like for the company?
Reichenberg: The category is exploding rapidly. The key thing for the next 12 months is scale. We have to scale everything about the company. Scale our processes, scale our go-to-market, et cetera. From a product perspective, what we're working on is making the product easier to use in the market, and that's kind of our differentiator -- make it easy to address a wide variety of use cases.
How do you plan on utilizing your $30 million Series C?
Reichenberg: We're going to do a pretty horizontal use of the money because we need to scale everything. Maybe a little more towards go-to-market -- sales, marketing, customer success -- because we're adding a lot of customers, and the rest to R&D so it's pretty horizontal.