2022-11-07

Embracing Change: How I Learned to Love a Distributed Security Data Strategy

Content
Share:

I have been a technical sales professional since the mid-90s, security focused since 1999, and have worked with SIEM and SOC software tools and platforms since 2008. I have had some amazing runs at various companies helping security professionals with all phases of the security operations lifecycle.

It has been an incredible experience to see how much of an impact the right technology can make in both the security posture of an organization and the day-to-day life of the security professionals who use it. Throughout my career I have been proud to say that I am helping the good guys protect people’s data, identity, money, and safety.

Much to the surprise of friends, family, and colleagues, I made the decision to join Anvilogic in June of this year. I had been working at a large software company in an SE leadership role and was quite happy, but I could see almost immediately that Anvilogic was different. This little startup, with due credit to Wayne Gretsky, is skating to where the puck is going, not to where it has been.

In the last few years of working with large and medium enterprises, I kept hearing the same things over and over again from my customers and prospects. As they were transforming their business and security practice to address the rapid move to cloud technologies, expansion of big data, and dealing with a shortage of skilled labor, they kept expressing a need for a new kind of security ecosystem that doesn’t rely on a single, monolithic SIEM and data store. In addition, the pain of creating, testing, deploying, and maintaining effective security content was a huge struggle, with the additional problem of having no ability to direct or measure SOC progress. 

A modern, hybrid data platform approach needs to leverage existing data stores, search engines, and correlation tools without giving up the ideals of a single pane of glass, SOC process automation, actionable alerting with minimal noise, and avoiding unnecessary data movement. On top of this, SOCs needed a platform to drive the entire lifecycle of security content, and a means to direct and measure the effectiveness of threat coverage and detections. Once I got a good look at Anvilogic, I knew that this was the solution customers were looking for.

Anvilogic gives the SOC the ability to truly move into the modern era of hybrid data environments without the limitations of legacy SIEM platforms. By providing a datastore-agnostic detection engineering platform with top notch security detection content, customers are free to keep their data where it makes the most sense without giving up any of their most important security operations processes and integrations. Anvilogic does all this while providing insight into the SOC’s ability to detect relevant MITRE ATT&CK Framework TTPs, and provides a means to measure improvement and change over time as gaps are closed through the detection engineering process. 

For example, many of my former customers have data in logging platforms like Splunk, but they still had lots of security-relevant data, from cloud providers like AWS and Azure that they weren’t able  to bring into Splunk due to resource constraints. They were either operating with blind spots, or living in detection silos. Anvilogic provides the perfect solution for this problem in our unified search engine technology, enabling them to search for security detections, e.g., through data center logs in Splunk, Azure logs in Azure, and AWS Cloudtrail logs in Snowflake. Alert fidelity is higher, and all detections come back to the same place.

When I started to explore the opportunity here I did my research on the product and problems that it solves. I quickly came to my “aha moment.” I started to think about how fun it would be to build a team of SEs and bring SOC leaders and practitioners to the same “aha moment” that I had experienced. I wanted to get these folks as excited as I was about modern SOC architecture and detection engineering automation, and help them achieve the benefits of this in their day-to-day lives, both for themselves personally and for their organizations.

I have no regrets! My days are filled with smiling SOC professionals as I get to help the good guys get better and better at what they do. I am part of an amazing team building an awesome culture and having fun doing it. We continue to hire the best in the business. Our product team is innovating at a dizzying pace. Industry watchers, investors, and thought leaders are validating our vision day after day. In short, Anvilogic is a great place to be, and now is the best time to be here so check out our current openings and connect with me on LinkedIn. If you're interested in learning more about how to improve alert fidelity and build better detections for your organization, view this on-demand webinar.

Andrew D’Auria

Director, Sales Engineering

Chat with our team to receive a free maturity assessment

Get in Touch

Ready to learn more about Anvilogic?

Kickstart your security operations

Anvilogic provided the necessary threat detection automation for our small SOC, adding a significant force-multiplier advantage for my team.