Cloud Security , Cybercrime , Fraud Management & Cybercrime

Google Buys Siemplify to Bolster Security Analytics Tools

Security Orchestration, Automation and Response Platform Set for Google Chronicle
Google Buys Siemplify to Bolster Security Analytics Tools

Alphabet's Google has purchased stand-alone security orchestration, automation and response vendor Siemplify to bolster the threat detection and response capabilities built into Google's cloud services.

See Also: Webinar | Identity Crisis: Combating Microsoft 365 Account Takeovers at Scale

Siemplify is an Israeli startup providing a security operations platform offering security orchestration, automation and response, or SOAR, capabilities. It says its tools are widely used by security teams at large businesses, including major managed security service providers.

While terms of the deal, which was announced Tuesday, have not been disclosed, Reuters reports that Google paid about $500 million in cash to buy the firm, which is headquartered in Tel Aviv, Israel, and New York.

Google will build Siemplify into its Chronicle security analytics platform, which is designed to support threat hunting, detection, investigation and response, says Sunil Potti, the vice president and general manager of Google Cloud Security.

"We plan to invest in SOAR capabilities with Siemplify's cloud services as our foundation and the team's talent leading the way," he says. "Our intention is to integrate Siemplify's capabilities into Chronicle in ways that help enterprises modernize and automate their security operations."

Siemplify was founded in 2015 by current CEO Amos Stern, Chief Revenue Officer Garry Fatakhov and Alon Cohen, the head of research and development.

Previously, Siemplify received $58 million via three funding rounds. The third round, in May 2019, brought in $30 million, led by equity firm Georgian Partners, working with previous investors 83North, G20 Ventures and Jump Capital.

"The challenges we set out to solve are only becoming more profound, and organizations are facing an unprecedented volume of cybersecurity threats - all as the shortage of skilled personnel to address these threats remains at an all-time high," Siemplify CEO Stern says in a blog post announcing the Google Cloud deal.

'Missing Piece for Google's Chronicle'

The acquisition of Siemplify brings overdue functionality to Google's cloud service offerings, says Allie Mellen, an analyst at Forrester Research.

"A SOAR tool has been the missing piece for Google's Chronicle offering since practically its inception. Other security analytics platforms began incorporating SOAR as early as 2017," Mellen says.

"This acquisition is an important step in providing a unified offering to practitioners and in being able to compete more directly in the security analytics platform space," she says. "Enabling the orchestration of response across multiple tools is an integral part of security operations and has become an integral part of a security analytics platform. This acquisition continues to demonstrate that."

Google's Potti says the imperative with threat hunting as well as incident detection and response remains to automate as much as possible. "Security analysts need to be able to solve more incidents with greater complexity while requiring less effort and less specialized knowledge," he says.

The imperative to automate more detection and response activities continues to mount as the frequency and magnitude of major IT events keeps increasing. In recent weeks, for example, security and operations teams have been working overtime to track and remediate the "Log4Shell" remote code execution vulnerabilities in Apache Log4j 2, which are present in hundreds of widely used pieces of software and hardware and being actively targeted by attackers.

More Orchestration Required

Google's move to buy and integrate a stand-alone SOAR vendor into its wider service offering parallels an industrywide push to give security operations teams fewer tools with more capabilities, including with security information and event management, or SIEM, as well as security user behavior analytics, or SUBA, Forrester's Mellen says.

"This acquisition continues to show that businesses, customers and security professionals are looking for a holistic offering for security operations," Mellen says.

"Just offering a piece of the puzzle - a SOAR, a SIEM, or SUBA - is not enough. Security teams want a unified security analytics platform that they can use through the entire incident response life cycle - from detection to investigation to the orchestration of response."

She notes that some customers of Siemplify, however, had been using the tool because they preferred a stand-alone approach that offered more capabilities, rather than a suite-based option that might have offered less functionality but easier management.

With Google buying Siemplify, however, stand-alone SOAR options continue to dwindle.

That deal follows a pledge by Google last August to President Joe Biden that it would invest $10 billion over the next five years to strengthen cybersecurity. The funding will include "expanding zero-trust programs, helping secure the software supply chain and enhancing open-source security," Google's head of global affairs, Kent Walker, said at the time.

"We are also pledging, through the Google Career Certificate program, to train 100,000 Americans in fields like IT support and data analytics, learning in-demand skills including data privacy and security," he added.

M&A Activity Continues

In other cybersecurity merger and acquisition news, last month Baltimore-based cybersecurity firm ZeroFox announced plans to acquire data breach response services firm IDX, to become a publicly traded firm with an expected value of $1.4 billion. The deal is expected to close by June 30, after which the combined company would be renamed ZeroFox Holdings and trade on the New York Stock Exchange under the ticker symbol ZFOX.

On Tuesday, meanwhile, Boston-based threat intelligence firm Recorded Future announced the acquisition of SecurityTrails, which provides an inventory of all internet-connected assets inside an organization.

While full details surrounding the deal have yet to be disclosed, Recorded Future says the deal is worth $65 million. The aim of the acquisition, says Recorded Future CEO Christopher Ahlberg, is to help organizations not just diagnose inbound threats, but also better understand and diagnose their own attack surface. "It has been said, 'If you know the enemy and know yourself, you need not fear the result of 100 battles,'" he says.

The two firms have already been working together. "Recorded Future has been a long-standing partner of SecurityTrails and our intelligence collection capabilities and inventories naturally complement each other in terms of providing risk landscape visibility," says SecurityTrails CEO Chris Ueland.

Numerous Deals in 2021

The acquisitions of Siemplify and SecurityTrails at the beginning of the year follow what was a banner year for cybersecurity M&A activity.

In the third quarter of 2021, market researcher Momentum Cyber counted 75 cybersecurity deals, totaling $12 billion in value, with a median value of $118 million.

Those deals included:

  • Avast acquired by NortonLifeLock for $8.0 billion;
  • ExpressVPN acquired by Kape Technologies for $936 million;
  • Guardicore acquired by Akamai Technologies for $600 million;
  • RiskIQ acquired by Microsoft for $650 million.

In the first three quarters of 2021, Momentum Cyber counted 237 cybersecurity mergers or acquisitions, compared to 178 for all of 2020.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.