Google Cloud strengthened its security offering this week with the $500m purchase of Siemplify, developer of one of the most popular security orchestration, automation, and response (SOAR) systems on the market. Experts told Tech Monitor that rather than seeking to gain an advantage over the other big public cloud providers, Google is looking to use the purchase to take on traditional security vendors offering cloud security options.
Reports of Google’s interest in Israeli company Siemplify first surfaced last week, and the deal was confirmed late on Tuesday. Though terms have not been disclosed, the purchase price has been widely reported as $500m. The deal will see Siemplify’s systems integrated into Google’s own cloud security product, Chronicle.
“Siemplify is an intuitive workbench that enables security teams to both manage risk better and reduce the cost of addressing threats,” said Sunil Potti, vice president of Google Cloud Security. “Siemplify allows Security Operation Centre analysts to manage their operations from end-to-end, respond to cyber threats with speed and precision, and get smarter with every analyst interaction.”
Founded in 2015, Siemplify has developed one of the most popular SOAR platforms. It has raised $58m since it was founded and last year its customer base almost doubled, the company claims, though it hasn’t disclosed any figures relating to this.
SOAR systems allow companies to analyse threats to their networks and respond automatically. “A SOAR tool has been the missing piece for Google’s Chronicle offering since practically its inception,” says Allie Mellen, security and risk analyst at Forrester. “Other security analytics platforms began incorporating SOAR natively as early as 2017.”
Adding Siemplify’s software will give a significant bump to Chronicle’s capabilities, says Eric Parizo, principal analyst for cybersecurity operations intelligence service at Omdia. “This purchase provides strong overall SOAR capabilities, notably response automation, which instantly gives Google Cloud relatively mature technology to power its efforts to become a full-featured provider of threat detection, investigation, and response capabilities for enterprises,” Parizo says. “Chronicle is currently excellent at taking in threat data and conducting rapid real-time rules-based detection, but it has a way to go in several key areas, including analytics-based detection, event prioritisation, and threat response. Siemplify immediately adds the threat response portion.”
Does Siemplify give Google Cloud an advantage in the cloud wars?
Competition in the public cloud market is fierce, with Google Cloud currently trailing in third behind market leader Amazon’s AWS, and Microsoft Azure.
With businesses facing an ever-growing array of cyber threats, security is one of the primary concerns for tech leaders. Siemplify "gives Google Cloud’s security business an advantage that they didn’t have before," says Mellen. "It helps them reach closer to feature parity with other Security Analytics Providers vendors in the space." Microsoft's Sentinel security analytics platform does have automation and orchestration capabilities, she explains, while AWS does not offer a comparable product.
Omdia's Parizo says this is because Amazon's focus remains primarily on the infrastructure layer of the cloud, rather than the services that sit on top of it. "In regard to enterprise cybersecurity, Google Cloud doesn’t really see itself as competing specifically against AWS and Azure," he says. "I would argue here it’s competing for cybersecurity mindshare and market share against vendors like Trend Micro and Palo Alto Networks, as well as broadly against enterprise software vendors that would include Oracle, IBM and Microsoft."
What does Google Cloud's Siemplify deal mean for businesses?
Customers using Chronicle and Siemplify should view the takeover positively, says Pete Shoard, research vice president at Gartner. "Buyers of both Chronicle and Siemplify stand to gain significantly from this amalgamation," he argues. "Chronicle users [will benefit] from more operational security capability beyond that of Chronicle currently, and Siemplify customers from the power and speed of Google Search within Chronicle."
However, Shoard also notes that "timescales for integration are unknown at this stage", and says tech leaders considering using the system must ensure it fits their needs. "It should be noted that both Chronicle and Siemplify are not tools that benefit immature buyers in the cyber market, there are no ‘silver bullets’ here," he says. "Those that know security detection and response well will gain the most."
Join Our Newsletter
Want more on technology leadership?
Sign up for Tech Monitor's weekly newsletter, Changelog, for the latest insight and analysis delivered straight to your inbox.