What is SOAPA?
Security Operations and Analytics Platform Architecture (SOAPA) is a new InfoSec approach that leverages multiple technologies and unites them as one platform. By bringing together security data from multiple sources, SOAPA users are able to analyze, manage, and report on actionable items unlike ever before.
How Does SOAPA Work Compared to Traditional SIEMs?
Traditional SIEMs use a
Collection > Detection > Response model
Step 1. Collection:
Traditional SIEM encourage you to collect as much data as possible. Focuses only on a subset of "potential" data sources. The traditional SIEM does not offer visibility across the entire Enterprise.
Step 2. Detection:Traditional SIEM uses static correlation models. Offers little chance of success when detecting complex threat scenarios. The traditional SIEM generates an incredibly high volume of false positives, resulting in "Alert Fatigue."
Step 3. Response:Automation typically doesn't exist. Investigation and Remediation become manual efforts and can be very time consuming for your SecOps team.
Response > Detection > Collection model