Super Cyber Fridays!
Join us TOMORROW, Friday 03-07-25, for "Hacking the Commodification of Cyber Crime"

Join us Friday, March 7, 2025, for “Hacking the Commodification of Cyber Crime: An hour of critical think about how your security program changes when the entry barrier goes away.”

It all begins at 1 PM ET/10 AM PT on Friday, March 7, 2025 with guests Jason Baker, Principal Security Consultant, GuidePoint Security, and Quincy Castro, CISO, Redis. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, GuidePoint Security

Defense in Depth
Is There an Increasing Consolidation of Vendors in the SOC?

We've seen a wave of attempts at platform consolidation across the security operations center. But will the unique challenges of the SOC ultimately favor a more modular approach? 

Check out this post from Francis Odum for the discussion that is the basis of our conversation on this week’s episode, co-hosted by David Spark, the producer of CISO Series, and Howard Holton, CTO, GigaOm. Joining them is Francis Odum, founder, Software Analyst Cybersecurity Research.

Rebalancing the SOC

We suffer an imbalance at the SOC that challenges operations and makes it harder for cybersecurity to work with essential partners.  "The industry is still way too lopsided with a focus on detection vs response/remediation. The ‘AI’ automation/SOAR tools are only used by security. And security needs connective tissue to work with IT on many response functions," said Andrew Armstrong of ServiceNow. This isn’t a simple matter of changing focus. The SOC faces foundational issues. As Erik Bloch of REVSOC AI explained, "I don't think a ‘modern’ platform solves any of the issues facing today's SecOps and SOC teams. The way we have set up SOC and SecOps teams is broken, from process to tooling. No platform can solve that. Silver bullets do not exist."

The case for consolidation

Some consolidation in the SOC is needed. This may not ease administrative burdens, but it could allow organizations to reduce their stack. That doesn’t mean platformization will eat the SOC. "Some consolidation is necessary. There's no point gathering all that data if it can't be efficiently analyzed. At the same time, no single platform nor vendor will ever be able to 'do it all,' making cyber risk quantification an extremely valuable addition to the SOC," said Yakir Golan of Kovrr.

It comes down to data

For consolidation to be meaningful, deep data integration is required. Ahmed Hamza of the University of Colorado Boulder laid out the challenge, saying, "You can only get these to work well if they are intimately consolidated and even trained together, with the data science involved in some of the higher level autonomous attempts." This requires robust standards, something we’re still sorting out as an industry. "ESG has been suggesting SOAPA (security operations and analytics platform architecture) since 2016. The key is integration. I'd like to see standards to make this easier. Gartner is also on board with its cybersecurity mesh architecture (CSMA)." said Jon Oltsik.

Concentric cycles

It’s important to remember that consolidation comes in cycles, but these cycles depend on scale. Cole Grolmus of Strategy of Security laid this out, saying, "Jim Barksdale (former CEO of Netscape) said. ‘There’s only two ways I know of to make money: bundling and unbundling.’ We call ‘bundling’ different things, but that's what is happening here. This market feels confusing because bundling and unbundling are happening at the same time. The larger cohort of companies is trying to make money from bundling the security operations domain. The earlier-stage companies are trying to make money from unbundling components of the SIEM."

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our other unwitting contributors: Danny W, FinTech & Financial Funding, Jay Jay Davey of Planet, and Omer Singer of Anvilogic.

Listen to the full episode.

Huge thanks to our sponsor, Palo Alto Networks

Subscribe
Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series producer David Spark. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Brett Perry, CISO, Dot Foods.

Thanks to our Cyber Security Headlines sponsor, ThreatLocker

Cyber chatter from around the web...
Jump in on these conversations

“How does your workplace assign the domain admin role?” (More here)

“Can you share an example of a new security tool or method that greatly improved your organization’s security?” (More here)

“Why do hackers sometimes target hospitals?” (More here)

Coming Up On Super Cyber Friday...
Coming up in the weeks ahead on Super Cyber Friday we have:

• [03-07-25] Hacking the Commodification of Cyber Crime

• [03-14-25] Hacking Competitive GRC

• [03-21-25] Hacking Narrative Threats

 Save your spot and register for them all now!

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.