Security Operations

Security Operations Automation: Get Ready, It’s the End of Console Monitoring

Alexa Rzasa
by Alexa Rzasa
category Security Operations
tags Autonomous Security, Security Automation

In early 2016, Mike Armistead, Robert Hipps and I founded Respond Software to create something big that would make a difference for the security operations industry. We knew that by leveraging our combined backgrounds we could create a breakthrough solution to bring an end to console monitoring.  Yes, you heard this right.

During those early days of the company formation, I was fortunate to recruit one heck of a team to help us. And, as a long-time practitioner myself, I wanted to find a way to share my experiences with a broader audience. With 22 SOCs built and 30+ counter nation-state investigations between us, this highly specialized and experienced group could share in the mental burn it required plotting the end of the status quo (which clearly isn’t working well).

However, extracting this team’s know-how in building Security Operation Centers and leading Computer Incident Respond Teams and then quantifying it into a mathematical structure seemed extremely complicated. It felt like enduring exploratory brain surgery.  But, between Robert Hipp’s team of amazing developers, my team of security experts, and the injection of real-world situations by important design partners and early customer, we have successfully built a product that is already delivering on the Respond promise in the real world. I am almost reluctant to label our solution “revolutionary” because every founder believes they are doing revolutionary work.

But what we’re doing at Respond Software IS revolutionary.  We’ve invented a practical approach to emulate and automate the decision-making and judgment of expert security analysts, a security operations solution that continues to learn over time.  With our charter customers, we are measuring productivity that is orders of magnitude better than today’s SOC analyst at handling security events.  Yes, I do mean ALL security events, continuously 365 x 24 x 7, with no funnel!

The genius of the Respond Software solution is that we enable scarce security professionals to be reassigned to a higher level of work so they can apply their creativity hunting for bad guys instead of watching events stream across a console. They can proactively manage security situations rather than triage alerts. We believe that this the only way the industry is going to gain on the modern threat. The end of the console is coming.