|
|
|
|
|
|
by tomashertus
817 days ago
|
|
|
These are exciting times in the cybersecurity industry with the recent growth of open-source security tools (osquery, Fleet, Wazuh, etc.). Anyway, I'm skeptical about the detection efficacies, usefulness, and scalability of those products. I do not see them widely adopted either. These are my observations from your pitch: Your pitch mentions large costs for traditional SOAR products and that you want your solution to be focused on smaller companies that don't have money to pay for expensive SOC tools. Nevertheless, the market reality is that if a company has a SOC team (who is the traditional end-user of SOAR tool), they don't care about $100k for a SOAR because they will spend hundreds of thousands a month for log storage, security tools, and HR. It's much more common for your target audience to use ITSM as a security incidents management tool. Just look at what ServiceNow is doing in this space for example: https://docs.servicenow.com/bundle/washingtondc-security-man.... Based on this one fact, I think that you didn't spend enough time understanding your target customer who are in this case not SOC/Security teams, but IT teams. Incident management is a critical process for every SOC team and its effectiveness is tracked by measuring the mean-time-to-resolve metric. How do you want to convince SOC teams to use open-source tools for their mission-critical process rather than buying one of the established SOAR tools that are integrated with their security stack? (& there are many options in the SOAR space) How can your product help companies lower the operational costs of case management? (improving the mean-time-to-resolve KPI) Please, don't get discouraged by my comments. SOAR is an essential part of every security stack and the current offerings have flaws. But the narrative in your pitch is flawed and indicates a lack of understanding of current security buyers and personas. |
|
|