Google has acquired Siemplify in an effort to add SOAR capabilities to its Google Cloud security portfolio, augment its Chronicle security analytics platform, and further its efforts to make security invisible.
SOAR services allow analysts to more quickly triage caseloads by using more information from an organization’s various security products and then automating the response.
Google aims to integrate security capabilities into its cloud services, especially its Chronicle security analytics platform an effort that both Google and Siemplify see as a priority.
The acquisition continues Google’s push into cybersecurity. In August, the company announced it would invest $10 billion in cybersecurity over the next five years to expand its zero-trust services, bolster open source security, and find ways to improve the integrity of the software supply chain. In October, the company rolled out its Cybersecurity Action Team, a set of advisory and incident response services to help government and corporate clients.
This acquisition also puts Google ahead in the competition among major cloud service providers to provide security services across platforms, AWS and Microsoft Azure have SIEM capabilities within their own clouds but do not have the same features across all clouds, while Google attempts to play well with other services.
The triad of capabilities behind SOAR allows security teams to efficiently manage operations. Orchestration links security products to an organization’s SIEM system, allowing the system to use information from those products to help analysts better triage possible threat reports and alerts. By automating the analysis using machine-augmented playbooks, the systems can help analysts more quickly decide whether a security event needs more investigation. Finally, many aspects of the response can be automated to quickly minimize the impact of an attack.