How to be next-gen at Black Hat USA ‘19

The past few months have been busy for us at Devo! We’ve been on a security conference tour; the first stop was Gartner Security & Risk, then AWS re:Inforce, and last week, Black Hat. Black Hat was exciting because, in case you missed it, we announced our vision for and showcased our next-gen cloud SIEM!

Despite the long days, I love shows like Black Hat. Compared to other shows, it’s filled with tons of security practitioners, from analysts to very engaged CISOs – and one common thread amongst all was the realization that they need to go further with less and aren’t happy with the SIEM they have. What do I mean by this? Research shows that today’s SOCs struggle with effectiveness, and analysts are burned out for a variety of reasons. Organizations want to help analysts work smarter while reducing the number of tools that add to alert noise and overall complexity, lowering costs, and reducing risk and MTTR. Needless to say, this is easier said than done! 

Still, it’s enlightening to hear firsthand how businesses approach security, their choices when it comes to building out a SOC (or not), and the decision-making involved in the tools they use – as is empathizing with their challenges and then showing them that they don’t need to settle for the status quo, thanks to our next-gen SIEM. One theme that was particularly attention grabbing – and is also a cornerstone of our SIEM – is the need to make the tough job of security analysts better. And I’m not talking about through some far-fetched time AI; instead, the industry overall should be taking a step back and rethinking what a SIEM should be: a solution that lets analysts focus on high impact threats, magnify their intuition, and improve the speed and accuracy of triage, investigation, and response.

The SIEM is well suited to be the central hub for all data and processes in a SOC, but only if it can handle the volume and variety of data that’s being generated, deliver analytics-based enriched insights to the analyst, and enable rapid automated remediation. Enter Devo Security Operations. If you’re questioning whether or not you want or even need a next-gen SIEM I encourage you to read more about what we’re up to. And if you’re eager to see it firsthand check us out at our next security event!