CyberSponse, Inc.: Enhancing Security Operations with Orchestration and Automation

Follow CyberSponse, Inc. on :

Larry Johnson, CEO

In today’s cybersecurity landscape of big data, privacy breaches, and ever-present nation-state sponsored attacks, the security of an enterprise is vital and requires constant evolution. A multitude of technology solutions is available to aid organizations in optimizing their cybersecurity posture, as traditional mechanisms alone are no longer common practice for most enterprises. Coined by the global research firm Gartner, Security Orchestration, Automation and Response or “SOAR” is a technology process that provides case management functionality by orchestrating and automating the incident response process used by security operations analysts and incident responders. This case management system, or “SOAR” solution, ensures effective and efficient incident management and remediation streamlining security analysts’ processes.

CyberSponse is an Arlington, Virginia-based cybersecurity organization that offers the market-leading SOAR platform, allowing incident responders to combine cybersecurity solutions with human intuition to help enterprises enable their cybersecurity teams to work in alignment with and maximize their existing tools, increase efficiency and expedite remediation. The CyberSponse CyOPs SOAR platform is a holistic and enterprise-built security orchestration and security automation workbench that empowers security operation teams and facilitates cross-functional collaboration.

In an interview with CIO Applications, Larry Johnson, CEO of CyberSponse, discusses CyberSponse’s inception, growth, research, and development activities in the field of cybersecurity.

Can you give us an overview of your company?

Larry: Founded in 2011, CyberSponse began as a startup based in Phoenix, Arizona and recently relocated its headquarters to Arlington, Virginia to capitalize on the growing demand for cybersecurity solutions in government agencies and private organizations. CyberSponse holds a patent on the technological process underlining the entire security orchestration and automated response industry, which is the real-time deployment of an incident response roadmap. We are proud to have the largest presence of any SOAR vendor with the U.S. Federal government agencies, and to have an exponentially growing commercial market presence as well. We pride ourselves on being fast-moving, disruptive organization, that seeks to tackle the status quo with our innovative security automation and orchestration platform, to enable incident responders to work faster, smarter, and much more effectively.

What are some of the market pain points that CyberSponse addresses?

Larry: One of the leading reasons underlying inefficiency in cyber functions today is alert fatigue and the inefficient use of an enterprise’s existing tools, coupled with a lack of cyber personnel. CyberSponse’s SOAR platform is completely agnostic to an environment’s current and future capabilities, with over 250 connectors and integrations that allow organizations to integrate with their existing cybersecurity products to work with each other in an orchestrated manner, behind a single pane of glass without scrolling through multiple interfaces or data sources. This allows organizations to save an immense amount of time, and further allows incident responders to focus their efforts on actual threats to their environment, as opposed to performing an endless loop of mundane tasks related to what many times is rendered as nothing more than a false positive. The CyberSponse SOAR platform also enables security analysts to customize CyOPs Dashboards and Role Based Access Control to monitor security operations KPIs and create enterprise-level management of tasks and permissions within the platform.

CyberSponse offers the market-leading SOAR platform, allowing incident responders to combine cybersecurity solutions with human intuition to help enterprises enable their cybersecurity teams to work in alignment with and maximize their existing tools, increase efficiency and expedite remediation

What are some of the key features of CyberSponse’s SOAR solution?

Larry: With regard to key features, our platform provides a full audit log, role-based access control, and dashboarding functionalities, along with more connectors and integrations than any other SOAR platform on the market. The CyOPs multi-tenancy feature allows organizations to work with several tenant nodes through a single CyberSponse console to remotely monitor, navigate and control security operations. Our platform is agnostic, meaning we don’t replace any products that are being utilized by security analysts in their organization. The CyberSponse SOAR platform enables customers to integrate and interconnect all of their tools amplifying the impact of the team, tools, and time. Our clients leverage a multitude of products and tools, and the customizability of our product effectively caters to our client-specific demands, which in turn maximizes their investment and results in greater efficiency and the elimination of alert fatigue. The CyberSponse SOAR solution also enables security analysts to create and customize CyOps Dashboards to monitor security operations KPIs, allowing personnel to always have a customized and tailored pulse on the status of their security operations. With this feature, analysts can also create enterprise-quality automated reports for auditors and security leadership. Additionally, the versatile CyOPs SOAR platform has a drag-and-drop playbook builder enabling security analysts to easily and efficiently create playbooks that don’t require coding. The CyberSponse SOAR ticketing system allows security analysts to track the progress of an incident throughout its lifecycle, and provides important context like tracking details, timestamps, and task assignments. With the CyberSponse SOAR platform, security analysts are able to leverage the built-in CyOPs Queue Manager to handle automatic work assignments across multiple queues, teams, and shifts.

Can you give us a case study where CyberSponse helped a client overcome a specific challenge?

Larry: We worked with a multinational bank that was experiencing difficulty in retaining cybersecurity employees and high-turnaround, resulting in the inability to efficiently perform their daily functions. After implementation of the CyberSponse SOAR solution, the bank immediately began to see the ROI and reduced their average remediation time for alerts from hours to minutes, while minimizing the effects of their personal situation. By leveraging the combination of built-in features like CyOPs Queue Manager and Role Based Access Control, the firm was able to screen functions and handle automatic work assignments across multiple queues, new employees, and teams. The newly employed personnel no longer needed to learn how to use every product leveraged by the client, because every tool was connected behind CyberSponse’s “single pane of glass” SOAR platform.

What gives CyberSponse a competitive edge over other SOAR vendors?

Larry: CyberSponse has a competitive edge due to our ability to be being a fast-paced, disruptive organization, that thrives on staying ahead of the curve, enabling incident responders to work smarter and much more effectively. One of our biggest differentiators is CyberSponse’s collaboration with U.S. Cyber Command—which is a great source of pride for our organization. CyberSponse is not venture backed, unlike most of our competitors, which allows us to be more creative and innovative on the technical side, and more agile and strategic on the business side. Another advantageous differentiator is that CyberSponse is vendor agnostic, allowing our customers to use all their preexisting tools as we have over 250 connectors to integrate with, right out of the box. At CyberSponse we value our customers, we want them to have a great experience while using our product while simultaneously making them more effective, that’s why we also give our customers access to our CyOPs Playbook repository, CyOPs Connector repository, CyOPs Report repository, and CyOPs Training Resources. The CyberSponse CyOPs multi-tenancy feature enables us to set up a single master control to regulate, monitor, provide feedback, and communicate with several tenant nodes, which is unlike any other offering in the market.

How does CyberSponse envision the next 12 to 18 months?

Larry: At CyberSponse we are constantly seeking to innovate, for example developing additional connectors, incorporating elements of artificial intelligence and machine learning, and integrating MITRE ATT&CK framework playbooks into the platform so that the entire globally accessible knowledge base can be processed in an automated fashion. We are also excited to continue to strive to provide a cutting-edge, market-leading solution that can usher in a future of fully-autonomous security operations centers, and in turn making our CyOPs platform even more intuitive.