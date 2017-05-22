I’ve written a lot about ESG’s security operations and analytics platform architecture (SOAPA). SOAPA is happening because enterprise organizations are surrounding SIEM with lots of other security analytics and operations tools to accelerate incident detection and response. As this occurs, many organizations are actively integrating these technologies together with the goal of building an end-to-end, event-driven, security technology architecture.

SOAPA is impacting security strategies of large organizations, leading to reactions and changes on the supply side. What type of changes? I recently sat down with Haiyan Song, EVP at Splunk, to discuss Splunk’s views on SOAPA. Here are a few highlights of our discussion:

Where are Splunk customers pushing on SOAPA? Incident response. Haiyan indicated that customers want to make analytics-driven decisions for incident response. Splunk is addressing this with “adaptive response.” This initiative looks a lot like SOAPA with an architectural framework, integrated components, partner participation, etc. The goal? Acceleration and automation of threat detection, investigations, and incident remediation. SOAPA benefits. Splunk likes to think in terms of customer outcomes and benefits rather than bits and bytes. For Haiyan, SOAPA represents an opportunity to increase industry innovation and ultimately deliver a security architecture that allows customers to increase productivity and accelerate actions while streamlining day-to-day security operations.

For more detail, check out the first part of my interview with Haiyan here. More later this week.