Security Operations Innovator

Jackie Groark Talks Cybersecurity Trends: Automation, Product Consolidation and the Pursuit of Efficiency

Alexa Rzasa
by Alexa Rzasa
category Security Operations Innovator

Veristor is an industry-leading systems integrator and value-added reseller (VAR). Founded in 2001, the company specializes in virtual infrastructures and architecting public, private and hybrid cloud services and solutions for its enterprise customers. Its goal is to build systems that improve end-to-end business performance, productivity and profitability. Naturally, robust security is essential for achieving this aim.

That’s why Veristor brought Jackie Groark on board. A thought leader in security operations, processes and strategy, Groark has multiple decades of experience in IT, threat monitoring, incident response, content development, and threat intelligence—and she knows how to build a security operations center (SOC) from the ground up. As Vice President of Security and Chief Information Security Officer (CISO) at Veristor, Groark was tasked with building out the company’s entire security practice. She has developed a holistic approach to cybersecurity consulting, established processes and procedures, hand-picked Veristor’s cybersecurity product and service offerings, and engaged a team of dedicated experts in the field.

“Our approach is highly consultative and we offer this free of charge,” Groark explains. “We like to talk with customers about their current approach to their cybersecurity program. We help them assess the maturity of that program, and we try to give them the appropriate building blocks that match it up with a risk-based framework. A major value-add that we bring is talking strategy, talking maturity, and talking frameworks.”

Groark has a unique perspective on the market forces and trends that are currently shaping the cybersecurity industry. Her two roles at Veristor encompass leading the company’s internal information security program as well as its customer-facing security practice.

She’s constantly reading, questioning, and talking with others to stay up to date on the latest developments in the field. Groark and her team need to keep track of more than one hundred vendors in Veristor’s portfolio of cybersecurity offerings, but she’s also always on the lookout for innovative startups with game-changing solutions.

This drive has led to numerous partnerships that bring great value to Veristor’s customers, including a new one with Respond Software. Veristor recently announced that it will be offering Respond’s security monitoring and incident analysis software.

“Here at Veristor, we have a wealth of knowledge around the entire security platform,” says Groark. “We try to educate our customers about the fact that security stretches across all areas of technology, and we help them find solutions that integrate or enhance with what they currently have in place. We also look for ways to consolidate and simplify. We look for things that will increase their security program’s overall maturity, whether that be processes or technology” she adds.

Finding the right place for automation

With her deep understanding of security operations across many different organizations, Groark knows that not every automated solution is right for every company. "We run across companies who would like to implement orchestration and automation, but they're not quite mature enough in their processes and technologies to be able to do it effectively and successfully just yet," she says.

Nonetheless, she sees a great deal of interest in the concept. “Automation is one of the most exciting trends today,” Groark says. “Lots of vendors are adding automation to their technologies in the ways that make the most sense for the space they’re in. So, for example, many next-generation endpoint protection platforms (EPPs) have added endpoint detection and response (EDR) capabilities. Since EDR capabilities allow visibility into the endpoints, they’re able to record system activities and events taking place on them, which allows for better detection of threats and automated response.”

Some automation solutions might be too complex to implement or maintain, however, and others may run the risk of damaging the business if they make incorrect decisions. “Automation is great,” says Groark. “But if you automate to the point where you have no human intervention, that’s where a lot of companies start to get uneasy. They don’t want to turn things completely over to automated systems, because they don’t want the systems making final decisions for them that might impact their critical business processes. If the automation doesn’t work exactly the way it was expected to work, it can actually lead to bottom-line losses. Finding that balance is crucial.”

“Respond saves an enormous amount of time and provides greater accuracy when identifying threats,” Groark continues. “It does all the investigative work, collecting disparate information or evidence, knitting it together, vetting it, and then presenting it in a complete story form to the analyst. But the human analysts are still in control if need be. This is much more efficient and effective, allowing SOC analysts to focus on activities that can’t be automated.”

Complexity and solution consolidation in security

Another trend that Groark has been seeing is a growing preference for simplicity. "When we listen to our customers, we hear that their budgets are finite, and they already have too many technologies. They only want a new technology if it is significantly better and cheaper than what they already have or it can replace at least two existing technologies,” she says.

Far too many companies are already stretched too thin when it comes to training their security teams to use all the tools they have. “Companies are tired of having this whole laundry list of technologies that they have to pay for, support, and train their people on. Often, they end up using only 20 to 40 percent of their technologies’ capabilities,” Groark adds.

As tool sprawl has become ubiquitous in cybersecurity, vendors are responding by offering products that integrate additional capabilities. They’re motivated by the prospect of selling their customers on single-vendor platforms. “Many of the vendors are expanding into each other’s spaces,” says Groark. “There are lots of players out there right now, but everyone is expecting that the total number of vendors will come down within the next five years. A lot of acquisitions are happening, too.”

This collapse of product categories may carry both benefits and drawbacks. “It’ll be good if the vendors that are doing the platform play are acquiring the best-of-breeds,” says Groark. “And it may mean that newly-acquired companies will have more access to funding that will let them make their products even better.”

“On the flip side, it could be a bad thing if technologies end up being poorly integrated and don’t work well,” Groark adds. “And less competition may end up bringing higher prices or reducing vendors’ drive to be the best.”

All in all, Groark is enthusiastic about the possibilities for the industry’s future. “I would encourage customers not to be afraid of automation,” she says. “It can definitely help in terms of faster and more accurate detection, as well as gaining efficiencies, which in turn can result in recovering budget and resources. Try it out; do a proof-of-value first.”

For customers considering automation, Groark also recommends that they lean into their relationship with an experienced solution provider or consultant who can help ensure their project’s success.

Want to learn more about the innovators and industry leaders who are partnering with Respond Software? Check out our new blog article series here.