SDX Central Covers Siemplify’s Capabilities

Startup Siemplify is giving users the ability to build an automated playbook of responses to network intrusions.

The company is announcing general availability of an orchestration feature for ThreatNexus, its security operations platform. Orchestration had been available in beta; today’s announcement makes the feature more official.

July 20 2016

Startup Siemplify is giving users the ability to build an automated playbook of responses to network intrusions.

The company is announcing general availability of an orchestration feature for ThreatNexus, its security operations platform. Orchestration had been available in beta; today’s announcement makes the feature more official.

Based in New York with R&D in Israel, Siemplify focuses on the operations side of network security. It piggy-backs on the network and security monitoring systems that are already in place and presents the information in a way that’s more useful to human eyes.

“They don’t see a line of alerts. They see a story in front of them: This happened first, and this is what happened next,” says Meny Har, vice president of product development. It’s presented in graphical form, and security analysts can run what-if analyses by adding users, network nodes, or sensor locations to the graph, to see how widespread a problem is.

Early versions of ThreatNexus were able to recommend what steps to take after discovering breaches, but those actions had to be taken manually.

Information Overload

Siemplify is built on the assumption that an enterprise has installed multiple detection tools — most enterprises have at least three, says Amos Stern, Siemplify’s CEO and one of its founders — and hasn’t been able to keep up with the information overload.

“What happens after the detection has barely changed in the last decade,” Stern says. “The team might be inundated with alerts.”

ThreatNexus, amasses data from different tools and models it all in the same language, creating that graphical visualization of the network. Siemplify uses the information to detect breaches and, of course, provide analytics. The company also claims to be able to go hunting for intruders — that is, spot intruders before they can accomplish anything of consequence.

This kind of data handling has become a common theme in security. Plenty of data can be extracted from the network, either from sensors or by watching every packet flow; the trick is to distill that information down to something useful. Companies such as AT&T and startup Vectra talk about using big data and machine learning to accomplish that.

In a sense, the usefulness of these tools boils down to noise reduction. “We’re automating some of the investigation process and digesting it before we show anything to the analyst,” Stern says.

Siemplify has raised about $4 million in seed funding. Half of it was raised in April 2015. The other half came in December and was led by 83North, the venture firm that was formerly the Israel-based arm of Greylock Partners.