Published on: August 5, 2024
In a recent SafetyDetectives interview, David Bizeul, Co-founder and Chief Scientific Officer at Sekoia.io, shared insights into his extensive cybersecurity journey and the innovative approach behind Sekoia.io. With over two decades in the field, David’s experience spans key roles in large organizations such as Airbus and Société Générale, where he pioneered the development of internal CERTs. His passion for operational cybersecurity and commitment to creating practical, scalable solutions led to the founding of InThreat, which later evolved into Sekoia.io. Today, Sekoia.io stands out in the cybersecurity market with its mission to simplify and enhance security operations through its integrated, cloud-based SOC platform, combining advanced threat intelligence with seamless response capabilities.
Can you tell us about your background and what led you to co-found Sekoia.io?
With over two decades in the cybersecurity field, my journey began with a strong focus on threat intelligence (CTI). I have held various roles in large corporations (Airbus, Société Générale), where I created and led internal CERTs. This deep experience and passion for operational cybersecurity led me to co-found InThreat, now part of Sekoia.io, to provide such teams with the solutions they actually need. I am convinced that Sekoia.io’s vision based on openness, transparency and interoperability is the future. This open approach is what I am advocating for today within the Open Cybersecurity Alliance or other similar initiatives. In the end, I believe pragmatic security services allow us to solve society issues.
What is Sekoia.io’s mission, and how does your SOC platform differentiate itself in the cybersecurity market?
Sekoia.io’s mission is to simplify cybersecurity and make it cooperative. We provide an integrated, SaaS-based SOC platform – also labelled XDR or Next-Gen SIEM – that provides operational security teams with a unified view and full control over their information system. Our platform stands out by combining detection and response in one seamless solution, leveraging advanced threat intelligence to stay ahead of threats. Unlike traditional on-premise solutions, Sekoia.io’s cloud-based approach offers rapid deployment, cost savings, extensive integration capabilities and an Open XDR architecture. The platform’s flexibility and adaptability, along with a predictable pricing model, make it a comprehensive and scalable choice for modern cybersecurity needs.
How does Sekoia.io’s approach to efficiency-driven SOC operations help organizations better manage their cybersecurity needs?
Sekoia.io’s efficiency-driven SOC operations help organizations manage their cybersecurity needs by integrating end-to-end capabilities into a single platform. This streamlines workflows, reduces complexity of managing multiple tools, decreases alert fatigue and saves time. The cloud-based deployment offers scalability and flexibility, adapting quickly to evolving threats. By incorporating CTI and automating repetitive tasks, the platform enhances detection accuracy and response speed. Additionally, the open product philosophy ensures seamless integration with existing security infrastructures (200+ integrations in the catalog), maximizing investments and avoiding vendor lock-in. This comprehensive approach – that can be deployed either in internal, external or hybrid SOCs – boosts operational efficiency and effectiveness in cyber defense.
Generative AI appears to be a real game changer in cybersecurity. How is Sekoia.io integrating AI into its SOC platform to enhance threat detection and response?
Generative AI is very good at creating content. We integrated this capability in our solution as an assistant to help SOC analysts in their daily tasks. Our datasets are combined with a foundation model to offer very precise augmented context for our users. This allows them to improve the understanding of an alert or get more actionable actions. The assistant can also answer on SOC related questions by receiving deep-dived questions, such as “What are the top 3 users that generated alerts this month?” or “What are the main techniques used by APT29?”. For Sekoia.io just as for cybersecurity in general, AI helps us achieve a higher level of efficiency… even though I am convinced it does not replace humans.
Can you explain the concept of Security Service Delivery Platforms (SSDPs) and how they are transforming the cybersecurity service model?
Gartner’s introduction of the Security Service Delivery Platform (SSDP) reflects a strong market trend. These new tools will progressively transform the cybersecurity service model by decoupling the services itselft and the technology used to deliver it. This is possible by centralizing data and tools into a unified, cloud-based framework. This shift from on-premise SOC solutions to SaaS platforms, as highlighted by Sekoia.io, enhances efficiency and scalability. SSDPs enable 24/7 operations through collaborative, global virtual SOCs, allowing seamless handover of alerts and investigations. They democratize advanced security capabilities, making them accessible to SMEs and facilitating the evolution of Managed Security Service Providers (MSSPs) into Managed Detection and Response (MDR) and even Managed Extended Detection and Response (MXDR) services. This innovation fosters collaboration, reduces complexity, and improves response times.
How does a threat intelligence-powered SOC platform enhance the capabilities of Managed Security Service Providers (MSSPs)?
Maybe the obvious difference between an Enterprise and a MSSP is that the first one is using the solution for its final purpose whereas the second does it for many customers. This changes a lot and every interface or configuration step will need to take into account these two facets, meaning many parameters, such as the ability to be managed in a mutualized way, the multi-tenancy aligned with delegation capabilities, the creation of rules that can be enforced on a pool of customers, the ability to create generic response playbooks that will adapt with the customer technology stack. Shipping the features with this dual mode, you allow a MSSP to do everything an Enterprise can do and much more, indeed he can bring his own additional value and mutualize skills and tactics on many customers.
The built-in Threat Intelligence is an optimization driver of most of SOC activities. Indeed, if you have a detection on one rule, the CTI will explain how this rule relates to a specific threat and why this threat is important for your organization. You want to respond on this threat? CTI might know about most relevant counter-measures that can be activated. But the most important value of our CTI is its reliability. It’s pretty exhaustive about threats and with very little risk of false positives. That means you can get critical alerts on day one of your SOC. This impressive time-to-value is a real driver of success for MSSPs.
How can SMEs stay ahead of evolving cyber threats, and what role does Sekoia.io play in this effort?
To stay ahead of tomorrow’s cyber threats, SMEs need to rely on accessible and scalable security solutions that can be operated by a trusted, expert partner. Sekoia.io plays a crucial role in this effort with its SOC platform, which empowers small SOC teams with a single “control tower” and automated response capabilities. By transitioning from legacy systems to a SaaS model, SMEs can manage complex security needs more efficiently and cost-effectively. Our threat intelligence and SOC platform also facilitates collaboration with Managed Security Service Providers (MSSPs), enabling SMEs to leverage specialised services without extensive in-house resources. This democratizes access to top-tier cybersecurity, ensuring SMEs remain resilient against modern threats. It also supports the development of local partners, cyber ecosystems and expertise.