In early January, Google Cloud underscored our commitment to advancing invisible security and democratizing security operations for every organization with the acquisition of Siemplify, a leading security orchestration, automation and response (SOAR) provider. And in the latest release of Siemplify SOAR we’re already leveraging these capabilities to propel security operations into the “anywhere operations” era, where you can operate at scale—no matter where your security team is, at any time and in any capacity; automate workflows and free up your team to do more strategic work; and accelerate processes to drive more effective and timely response.
The latest release of Siemplify SOAR sets you up with the building blocks you need—cloud infrastructure, automation, collaboration, and analytics—to take your response to the next level. It delivers relevant and impactful information front and center, improves collaboration among teams, makes building playbooks easier than ever before, and enables native investigation between Google Chronicle and Siemplify.
Upgraded Google Chronicle integration
The first step in realizing our strategy of integrating Chronicle and Siemplify includes the introduction of our improved Marketplace integration which now enables native investigation between Siemplify and Chronicle. A single connector pulls all Chronicle alert types (IOC matches, external alerts, rule alerts) into Siemplify enabling the examination of aggregated security information. The out-of-the-box Chronicle and VirusTotal enrichment playbook enables automated enrichment and hunting and new case view widgets display key insights from Chronicle and provide easy access to Chronicle capabilities without console switching.
New level of collaboration
With organizations of all sizes increasingly turning to security service providers to augment security operations, effective and transparent collaboration becomes paramount. This latest release introduces a new “collaborator” user type that makes it easy to collaborate, run joint investigations, open requests and chat about cases in real-time for MSSPs and their customers, as well as with departments outside of the SOC. The new chat function is documented as part of every case and messages can be pinned as evidence to the case wall.
Dynamic case views
With security teams drowning in data, the ability to respond quickly and effectively often boils down to the ability to view and analyze the most relevant data. The case overview leads analysts through alerts and the data collected by the playbook. The new dynamic case overview enables the creation of customized alert or case views using drag and drop widgets that display the most relevant information for each role, such as insights, enrichments, and playbook results.
Redesigned homepage experience
The completely redesigned homepage has been transformed into a broad and powerful hub for analysts. The new homepage now displays pending tasks assigned to you, playbook actions waiting for your input, highlighted cases you are involved in, and the ability to take action (i.e. approve a task) directly from the homepage. A new embedded chat function facilitates real-time conversations.
Enhanced playbook designer
The improved playbook designer canvas now provides a wider work space to create playbook workflows, advanced editing capabilities including the ability to copy, paste, cut or delete within and between playbooks and blocks, and the ability to easily undo/redo.