Cloud Security, Cloud Security, SIEM

Google Cloud acquires SOAR provider Siemplify for a reported $500 million

Urs Holzle, Senior Vice President for Technical Infrastructure at Google, speaks on the Google Cloud Platform during a Google I/O Developers Conference in San Francisco, California. (Photo by Stephen Lam/Getty Images)

Google Cloud announced Tuesday it had acquired Siemplify, a leading Israeli security orchestration, automation and response (SOAR) provider that Google believes will enhance its goal of delivering a modern threat management stack. Analysts say the buy makes Google Cloud more competitive against Amazon Web Services and Microsoft Azure.

Sunil Potti, vice president and general manager of Google Cloud Security, said in a blog post that adding Siemplify’s SOAR capability with Google Chronicle’s security analytics will go a long way to realizing the company’s goals for securing today's cloud environments.

“In a time when cyberattacks are rapidly growing in both frequency and sophistication, there’s never been a better time to bring these two companies together,” Potti said. “We both share the belief that security analysts need to be able to solve more incidents with greater complexity while requiring less effort and less specialized knowledge. With Siemplify, we will change the rules on how organizations hunt, detect, and respond to threats.”

MSSP Alert posted about Siemplify's history in the MSSP partner ecosystem, having launched a cloud native SOAR platform for MSSPs and business customers in June 2020. A leading Siemplify partner includes Cygilant, an MSSP that serves mid-market customers.

Jake Williams, co-founder and CTO at BreachQuest, called the acquisition "brilliant," providing a differentiation from competitors.

“While both Amazon and Microsoft certainly have invested in security and hunting offerings on their platforms, Google has acquired an existing SOAR vendor,” Williams said. “This will likely make it easier for organizations to integrate SOAR into their cloud platforms given that the Siemplify platform is already familiar to many analysts. Siemplify also has a freely available community edition, which likely dramatically increases the existing user base that will be familiar with the technology. All in all, it’s brilliant acquisition for Google.”

Rick Holland, vice president of strategy and chief information security officer at Digital Shadows, added that for companies to effectively defend against today's threat landscape, defenders must move at the speed of the adversary. Holland said defenders are managing ever-growing attack surfaces and are overwhelmed by alerts: they can't detect and respond to all the security issues with manual efforts.

“Automation via SOAR enables scalability that’s no longer a ‘nice to have’ feature, but now has become a ‘must-have,’ capability” Holland said. “The more operational uses cases that are automated, the more time freed-up to defenders to focus on the alerts and playbooks that matter most.”

 Saryu Nayyar, founder and CEO at Gurucul, said as security teams struggle with recruiting and retaining expert talent, they are increasingly looking for solutions that provide greater context, guidance, and enable faster response. Nayyar said SOAR products such as Siemplify, can provide that guidance and blueprint for next steps that security teams struggle with once an attack campaign has been clearly identified.

“However, the challenge that security teams continue to struggle with is clearly identifying the attack campaign without a long and arduous investigation process that is further challenged by attacker dwell time and the sheer volume of noise, false positives and poorly-prioritized IoCs that plague most SIEM and XDR solutions,” Nayyar said. “These gaps are the primary enemies of the SOC team in their threat detection and response efforts. What's needed is the ability to marry identity analytics, user access profiling and risk-based analytics to help security teams contextualize and prioritize alerts where a solution such as Siemplify can help them optimize their response once an attack is actually detected early enough to stop damage or loss.” 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.