SOC, Content

McAfee SOC Embraces Swimlane SOAR

McAfee's Security Operations Center (SOC) has embraced Swimlane, a four-year old provider in the relatively new security orchestration, automation and response (SOAR) arena.

SOAR is a hot topic among MSSPs and security-minded MSPs. In theory, SOAR technologies allow service providers to automate major chunks of their cyber efforts. That's especially important since manual processes require expensive cyber talent -- which remains in short supply.

McAfee said it expects the Swimlane integration across its own product line and other third-party platforms within the SOC will make its security staff more productive and its technology stack more effective, which, not coincidentally, is SOAR's value proposition. Along those lines, the Denver, CO-based Swimlane, which is backed by $4 million in investment capital, said it will automate and orchestrate a wide range of use cases surrounding incident response and other McAfee SOC processes.

Why McAfee Selected Swimlane SOAR

In its search for a SOAR platform to automate and orchestrate numerous use cases, McAfee said it was enamored with Swimlane’s technology for its flexibility, speed, ease-of-use and ability to seamlessly integrate and operate within McAfee’s SOC. McAfee believes that it now can pare its investigation time of phishing emails while gathering more information than analysts could manage manually.

McAfee CISO Grant Bourzikas
McAfee CISO Grant Bourzikas
Swimwell CEO Cody Cornwell

“Since launching the McAfee next-generation SOC, we’ve worked extensively to evaluate and integrate with the right partners to ensure we have the best-in-class SOC,” said Grant Bourzikas, McAfee chief information security officer. “The integration of Swimlane’s SOAR platform will deliver critical orchestration and automation we need to further improve response time across our SOC case management.”

Swimlane was equally enthusiastic about the agreement’s potential. Cody Cornell, Swimlane co-founder and CEO, said that working closely with McAfee will enable Swimlane to “deliver industry-leading SOAR capabilities and gain valuable insight to help shape future capabilities.”

SOAR: What Exactly Does It Stand For?

The SOAR acronym appears to have undergone a recent alteration by researcher Gartner from an earlier abbreviation for Security Operations, Analytics and Reporting. No matter, according to the researcher, the SOAR market, as newly framed, appears poised to balloon. For example, Siemplify, whose platform streamlines security operations SOAR tools, recently landed $14 million in Series B venture funding.

Gartner projects that in two years, 15 percent of security organizations staffed by at least five pros will adopt the SOAR technology, a startling climb in a short period of time from the current one percent adoption rate. The confluence of an increasingly toxic threat landscape, a pressing shortage of trained security experts and constrained budgets is the segment’s prime mover, the analyst said.

ESG’s Jon Oltsik

Other researchers see the segment’s prospects similarly. According to Enterprise Strategy Group's (ESG) research, 19 percent of enterprise organizations have already deployed technologies for SOAR extensively, 39 percent have done so on a limited basis, and 26 percent are engaged in a project to automate/orchestrate security operations.

“It’s still early and the market remains confusing to many infosec pros,” wrote Jon Oltsik, an ESG senior principal analyst, in a recent blog. “Should automation and orchestration be aligned with their ? Should it be tightly integrated with IT operations?” he said.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.