Cybernomics Radio
Welcome to Cybernomics, the podcast where we break down the latest enterprise innovations and challenges shaping the Information Security industry. Whether it’s AI, cloud computing, or digital transformation, we dive deep into the forces driving businesses forward.
Join host Josh Bruyning as he engages with industry experts and technology leaders to explore how businesses are leveraging technology for growth. From cutting-edge advancements to the economic impact of tech decisions, Cybernomics delivers insights that keep you ahead of the curve.
Tune in for expert analysis, compelling discussions, and a front-row seat to the future of Information Security.
Cybernomics Radio
#32 SOC Burnout with Dan Spiner, General Manager for North America @Cyngular Security
This episode explores the transformative role of automation in cybersecurity through Cyngular Security's innovative approach. By focusing on Cloud Investigation and Response Automation (CIRA), we discuss how this technology alleviates alert fatigue, reduces burnout among analysts, and empowers teams to enhance their security efforts.
• Cyngular Security introduces Cloud Investigation and Response Automation (CIRA)
• High alert volumes lead to analyst burnout
• Automation in investigations enhances operational efficiency
• Importance of human oversight alongside automation
• Quick and easy deployment process with no agents required
• Dual-engine approach combines automation and manual investigations
• Proactive threat hunting is critical for effective cybersecurity
• The misconception of safety on cloud platforms without continuous monitoring
• Cyngular offers peace of mind through rapid deployment and assessment
Welcome to another episode of Cybernomics. My guest today is Dan Spinner, who is the General Manager for North America at Singular Security. Dan, I've heard so much about this product, I've heard about what you guys are doing over at Singular and I'm hoping that we can just dive a little bit more into it to talk about the issues and the solutions, this new category called CIRA. Can you explain to us what CIRA is and give us a little bit of a rundown, an elevator pitch, if you will, of Singular security?
Speaker 2:Well, thank you for having me on the show and looking forward to sharing with you and your audience some of the main items about Singular Security and how Singular saves people's lives. I've been involved in this effort for about a year now and really dove into it because of its impact on the social side. I appreciate it's a business, it definitely is a money-making operation, but the way that Singular solves the problems in the SOC, I believe it has a huge impact on people's lives and we want to talk about that today. Specifically, to answer your question about CIRA, cira is a new category defined by Gartner as cloud investigation, response automation, automation of the incidents, investigation. So, as everybody knows, in a SOC there is a very high volume of alerts. Now there are some alerts that are suggested to be more severe, less severe. There is a filtering I agree with all the products that exist in the current stack, yes but ultimately there is a net number of alerts that need to be manually investigated today and that is where the challenge is.
Speaker 2:The challenge is the investigation process on each one is 10, 15, 20 minutes. Pick a time. It's significant, it's cumbersome, it's difficult and the volume. Even after the net reduction, the volume is essentially unbearable and becomes a burnout to typical SOC analysts and becomes a burnout to typical SOC analysts. It requires a significant skill to do the investigation and T3 SOC analysts are not that easy to be found. They burn out. And that is the space where Singular lives the automation, the hunting, investigation and actually providing mitigating suggestions to the SOC analyst who is still in the loop. We believe strongly that there should be a human being in the loop, just like in the Iron Dome system in Israel, there is a human being in the loop to make sure that shooting down incoming missiles is truly incoming missiles and not an airplane or passenger aircraft. Same way we investigate, hunt things down, provide mitigating suggestions and then we and that's where we fit and makes things a lot easier for the SOC analysts Empowering the SOC is our model.
Speaker 1:The Iron Dome is an apt comparison and metaphor because Singular, as I understand, is an Israeli-based company.
Speaker 2:And it's Israeli-based. That's what we do, and it's Israeli-based, that's what we do. As a matter of fact, the co-founder was the CISO at the company that invented the iron dough, and the other co-founder, who's the CTO, was the SOC manager at the company, and you know that's what he did. He says why am I doing this manually? You know as much as the Iron Dome and the CEO of this company is a co-founder and was the CISO in the development. The CTO of Singular was the person who had to manage the SOC and was doing all this manual investigation and said well, why am I doing this manually when all of this can be done using AI? And that's where Singular started.
Speaker 1:So he was doing all of the manual effort and I mean that's a great story, starting at the company that invented the Iron Dome, and being in that sock and in those operations, I would imagine would more than qualify you to be able to create some technology around this to make the job easier Because, like you said, it saves lives, some technology around this to make the job easier because, like you said, it saves lives.
Speaker 1:And it seems like that not only that's not only something that you've baked into your mission at singular, but it's something that's baked into the blood of the uh of the people who started singular, because the iron dome, as we know, as we well know with what's going on in that part of the world, is it is in the 24-hour job of saving lives. So that's an incredible pedigree to have and story to have attached to Singular. How does this philosophy that you guys have ingrained help reduce that problem of burnout and fatigue?
Speaker 2:Well, there's the burnout and the fatigue issue, which comes from the need of the manual work, and then there's the reality of the animal or what we're dealing with, that the intruder can come in at a ridiculous time in a different shift and go on for like a few seconds and make one attempt and do something and then goes dormant for six months and then another SOC analyst in another shift, possibly even a new employee, sees another alert. How do you connect these two or two or three or four or five? This is where an automated tool shines, because it's able to understand what happened, it can get history, it can connect the dots and it could actually put out an alert, an investigation and then the mitigation suggestion.
Speaker 1:So really the answer to that problem is I mean, it is that we are becoming sort of cyborgs. The way Elon Musk put it is that in order to become a cyborg in today's world, you have to reduce the interface problem. Right now we've just got thumbs and he wants to integrate it into our brain. So maybe there's going to be one day a tool that integrates with the brain of the SOC analyst that allows them to handle a million alerts per second. Who knows? We can hope, or maybe nobody wants to live in that world. You just can't keep up with the number of alerts. Right, it's just. It's impossible with the growing threats.
Speaker 2:The beauty of this product is that it sets up in like 15 minutes. It deploys in a read-only environment. Read-only we're reading the logs. We're reading the logs. We're reading the five network layers. We're just reading. We are not deploying any agents, no agents, there's no configuration, requires a few minutes to deploy and it immediately starts working. To understand the network topology, the first thing you get is a beautiful map, kind of a nice tool for everybody who, by any chance, you know, doesn't exactly know all the assets that they have. So, step one, quick deployment, no agents, read-only, accounts, safe, and then it starts working and it gives you a lovely way of seeing your network. Terrific. Then it starts understanding if there are any incidents that need to be recorded. Let's say there are 20 attempts at a login and then there's a successful one. Okay, check Red flag. No problem. Let it go Month later, same Same idea Duplicate, raise a red flag. Maybe this needs to be investigated.
Speaker 2:Singular basically has two engines the automatic engine that I'm discussing right now, and then there's an incident, kind of an incident investigation component where you can manually say investigate this and you can start looking at it from different angles. Same incident, but the investigation could be comprehensive all around it. And that's where the power is, because if you had to do that manually it'd be very difficult. But Singular can produce a full incident report with all the artifacts. That report is a great product for regulatory, for compliance. You know the new SEC reporting that requires delivery within four days of an incident. Singular can do that in a minute. A lot of times when you have to do these reports it takes multiple days to investigate what happened, what was the remit and not no more Everything. I keep saying, and I'm sorry to repeat myself, we are making it easier, we're empowering the the current sock analyst, who may not know everything, to be much more and be able to get stuff done that makes everybody sleep better at night.
Speaker 1:I would imagine you know the the cso sleeps better at night because he knows that uh, he's addressing these issues. If the SEC comes knocking on the door, if there's an incident, there's something that you can present in a court of law Before four days.
Speaker 1:Yes, exactly so it satisfies it checks so many of the boxes. And what I'm hearing some people may say is there are lots of tools and technologies out there that can monitor, that can set alerts, that can filter. What makes Singular so different from the other tools and technologies that are out there who do something similar?
Speaker 2:It's this whole automation. It's just automation of hunting, investigation and mitigation Automation. It's the automation aspect. That that's all.
Speaker 1:It is the automation aspect, while he keeps the human in the loop and the investigation piece is pretty, pretty unique here, where maybe a lot of tools at least as far as I know if anybody's listening or watching this and you know you want to comment or shoot me an email, we can. We can talk about it, but from what I know, a lot of those products, a lot of those tools, they they'll give you alerts and they'll tell you what's going on, but they're not doing the investigation, they're not putting their proactive there's the key word here yeah, here yeah proactive.
Speaker 2:Our unifying message is we are proactive in hunting things down and, by the way, things don't need to be blowing up to be detrimental. You could be a victim of somebody purely nesting in your system Nesting. They're not taking you down, they're not doing anything. They're just sucking out all the research, all the IP. They're just taking it all. And there are very few people who are in a cloud environment today who are not vulnerable to that situation. Of course, very few people. There are many people who do not vulnerable to that situation. Of course, very few people. There are many people who do not know that just because you're on AWS or you're on Azure, you're not protected. I know, you know the image is that you're protected, but you are not.
Speaker 2:You are not protective until something like a tool like Singular comes and investigates to make sure that there are no nesters in your environment. Why not? 15-minute install and you know that there are no nesters in the environment. And the product, by the way, is multi-cloud, so if you have somebody coming in on AWS, it will track that incident over to Azure. If you are a MSSP serving multiple clients, you have one single pane of glass to look at all your clients, multi-cloud and multi-tenant. I'm ready.
Speaker 2:Anybody who wants two offers, two really big offers, anybody who wants to sleep better tonight or tomorrow to know that there are no nesters in their network, reach out and you could have it deployed in 15 minutes and give it a try. I mean, well, you know, read only. Why not Just find out? And the main other offer is that if you just want to have an assessment, if there's anybody nesting, it's all in the same ballpark, Happy to help you so that you can be comfortable that nobody is stealing your information or about to ask you for a lot of money and lose your job. I don't want to do that.
Speaker 1:Why not? Why not, Dan? Thank you for spending time with us today on Cybernomics. If people want to find you, what is the best way for them to find you? You?
Speaker 2:could just go to the singularcom site and just hit. There's one thing that says you know, let me see a demo. Four minutes, four minutes of your life to see a demo.
Speaker 1:Why not? Why not Four minutes? Why not? Alright, we'll leave it there, Dan. Thank you so much. Dan, again is the general manager for North America at Singular, an Israeli-based company that has occupied this new category. Thank you so much for listening to this episode of Cybernomics. Thanks for watching. If you need to get a hold of me, you can find me on LinkedIn, linkedincom, slash Josh Bruning, or you can shoot me an email at josh at bruningcom. Also, check out our new website, bruningcom. That is bruningcom. That is our podcast agency that produces cybernomics and other podcasts in the tech industry. Thank you so much and we'll see you on the next episode.
Speaker 2:Goodbye.