Google has acquired Siemplify, an Israel based cybersecurity start-up, to include security orchestration, automation, and response (SOAR) to its Google Cloud security portfolio, augment its Chronicle security analytics platform and make its security “invisible,” the two companies announced today.

Although none of the companies disclosed the value of the acquisition, Reuters reported that Google paid $500 million to Siemplify.

Siemplify is a cloud-based provider of tools for integrating and automating security operations. The technology allows companies to present a single platform for security analysis and response, bringing existing tools and allowing automated security playbooks. SOAR allows analysts to quickly triage caseloads by using information from various security products of an organisation and then automating the response.

This acquisition has put Google ahead among major cloud-based security services, says Rik Turner, principal analyst with research firm Omdia (a Dark Reading sister company). “Amazon Web Services (AWS) and Microsoft Azure have SIEM in their clouds, while Google attempts to play well with other services,” he explains.

Most SOAR products will eventually merge with SIEMs to become standard capabilities, says Allie Mellen, an analyst for security and risk at Forrester Research. “Siemplify was a standalone SOAR, as vendors picked SIEM over the years. Most standalone SOAR vendors have been acquired or built their portfolio with other products, like threat intelligence platforms. So in some ways, that makes this a heady acquisition and signals the end of the standalone SOAR or, frankly, SIEM,” she added.

Timing is everything

A confluence of trends has made SOAR products more necessary. The continued shortage and high cost of skilled cybersecurity professionals mean reducing workloads. Organisations’ growing attack surface area means that more data needs to be monitored to gain the necessary visibility.