And what does it tell us about Cybersecurity?
As the founding CEO of StackStorm and now DeepTempo, I’ve seen how the needs of CISOs and SOCs have changed over the last 10+ years.
When we started StackStorm, the cybersecurity landscape was different. Our power users rarely asked for more alerts — rather, they just wanted context and to handle the alerts they received in a better manner. Signatures, rules, and predefined playbooks formed the cornerstone of defense.
Incidentally — a little bit about StackStorm. Think of it as a SOAR that is more broadly applicable than only security. In fact recently an analyst called it one of the top 5 open source SOARs:
https://research.aimultiple.com/open-source-soar/
We called what we did event-driven automation. We sold StackStorm back in 2017 — our seed investor wanted a quick win — and the project lives on as a Linux Foundation project. It is used in security by many more advanced shops, including many managed security providers, sometimes just for the ChatOps support and other times for its ability to stitch together an enormous number of systems with rules and workflows before sending alerts downstream to Splunk. StackStorm is Python under the hood and saves enormous time even vs. vibe coding your way to system control and integrations.
Fast-forward to today, and the threat landscape has dramatically evolved. CISOs bellowing “don’t give me any more indicators” sound a bit less credible now that their systems cannot see or isolate common attacks. Signatures and traditional rule-based detections simply aren’t keeping up. According to CrowdStrike’s recent Threat Report, over 80% of today’s attacks bypass traditional signature-based systems, exploiting the gaps in rules and static detections. Novel attacks, including zero-days and advanced persistent threats (APTs), have soared. The National Vulnerability Database reported a record-setting 26,448 new Common Vulnerabilities and Exposures (CVEs) in 2022 alone, up sharply from approximately 12,000 when StackStorm was sold in 2017.
Living-off-the-Land (LotL) attacks have become common, using legitimate system tools to remain undetected by traditional methods. Symantec reports a stagge
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: