Technology Security startup Siemplify, which makes a security operations center (SOC) platform that runs on top of a customer’s existing SIEM or log management system, has added an orchestration module to enable greater automation.
Siemplify’s ThreatNexus software takes feeds from multiple sources, including security information and event management products, threat intelligence feeds, log management systems such as Splunk, and Active Directory.
Siemplify aims to make it easier for security operations teams to understand the context of alerts and events by creating highly visual “storylines” that show how a security event moves through the organization, what security products were triggered and why, which systems the event touches, and which users may be affected.
The goal is to help security teams prioritize and investigate events, and then speed up response and analysis. The ThreatNexus platform includes investigation tools, case management, threat hunting, and reporting.
The newest element in the ThreatNexus platform is an orchestration module. This module lets security operators create workflows to streamline incident management and response.
For example, an organization might create a workflow that, if malware is detected on an endpoint and reported up to ThreatNexus, a hash of the virus could be made and other hosts could be scanned for that specific malware. Any infected hosts would automatically be brought into the open case in ThreatNexus.
Operators can also automate remediation, such as triggering a NAC system to quarantine infected hosts, oractivating a firewall rule. Workflows can also tie into ticketing systems to notify administrators and track remediation efforts.
For more about Siemplify, you can see my profile of the company when it emerged from stealth.