Automation and AI are being enrolled to deliver analytical heavy lifting in a new partnership between cyber security giant Palo Alto Networks and Auckland-based Datavator.
Datavator is offering a security orchestration, automation and response (SOAR) managed service based on Palo Alto's Cortex XSOAR platform to free cybersecurity professionals from data overload and mundane tasks to do what they do best.
The partnership allowed security teams to automate tasks from the enrichment of incoming incidents, creating a playbook of activities to be performed, through to orchestrating remediation with integrations into hundreds of other security products, it was claimed.
The partners said they were increasingly seeing the same security themes coming out of customer and industry conversations.
Organisations were experiencing a growing flood of alerts making it impossible for security teams to effectively deal with the noise. Most were also using multiple tools for security management, reducing their ability to to detect and correlate events and to respond quickly .
At the same time organisations were struggling to find and hold onto skilled security resources while still needing to respond in real-time to potential threats on their environments.
"There's a global skills shortage in the cyber security space," said Vasely Sapunov, Palo Alto's New Zealand head of channel and commercial business. "At any given moment there are hundreds of thousands of job vacancies and the pandemic has only heightened the need for automation to be used."
Having a partner solely focused on data analytics, enrichment and automation using Palo Alto's cloud managed XSOAR platform allowed hard pressed professionals to focus on what was important, Sapunov said. It also showed the vendor's investment strategy was paying off.
Only a year old, Datavator was founded by two professionals who had come through major local industry players such as Datacom, Spark, Lancom and NTT. Initially focusing on data consulting, more and more the pair's work became focused on cyber security and then DevSecOps, including implementing a few security information and event management systems (SIEMS).
Seeing an opportunity to be more agile, Datavator was now driving automation and orchestration on XSOAR and fitting that into customer organisations, said Kevin Williamson, the company's co-founder.
"We looked around the market and we even looked at building our own SOAR," Williamson said. It's doable with Python and I've got a very technical founder with me."
In the end, however, it made more sense to buy one off the shelf.
The key was being able to validate the scale of a threat quickly among a flood of alerts and then remediating it at speed, Williamson said.
"Your security operation centre no longer has to be skilled up in ten different security vendors," he said. "The threat intel, the war room, we thought Palo Alto were market leaders."
Even a year ago the market was all about SIEM, Williamson said. That had changed in quick time as threat intelligence became a deluge.
Cortex XSOAR reduced the noise and allowed analysts to focus on what mattered by automatically enriching incident data to enable analysts to make decisions on severity. It also delivered shared intelligence and playbooks for incidents that were affecting local organisations.
Repeatable tasks could be automated to allow SecOps teams to focus on critical incidents while security teams could also use the platform for collaborative incident response with a "war room" facilitating case management and response.
"From our perspective, as we've grown in-country and made investments in people over the last two years, our channel strategy has matured," said Sapunov. "One of the key questions was what has the pandemic changed in terms of new emerging partners and who do we need to be talking to?"
The opportunity with Datavator, working cloud first and enriching data to build efficiency for enterprise and government customers, fitted the bill.
Datavator has "big-banged" the opportunity, buying the XSOAR platform and deploying it in AWS. It can now proceed to multi-tenant that with shared playbooks, threat intel and a local ecosystem.
Datavator is also looking at issues such as patching across customers from a vulnerability management point of view and using threat intelligence to prioritise where customers should focus their efforts.
After running accounts for the major service providers, Williamson always wanted to start his own business.
"It's been harder than I thought," he said. "It's been challenging, but I have enjoyed it. I see the family a lot more."