Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

The Integration Imperative for Security Vendors

Integration is Key to Bringing Security Teams, Processes and Technology Together

Integration is Key to Bringing Security Teams, Processes and Technology Together

I’m going to go out on a limb here and say that if you’re reading this article, chances are you’re into technology. At home, this may show up in the type of sound system you have or home automation solution. In either case, you have probably done extensive research and devised a solution comprised of components from various manufacturers that you feel are best suited to meet your needs. A CD player, turntable, tuner, receiver, amplifier and speakers. Or a smart hub (like Amazon Echo or Google Home), thermostat, cameras, door locks, flood lights, smart appliances, smart TVs, and the list goes on. You likely assembled these solutions over time and will continue to add more devices, expecting them to interoperate seamlessly to deliver as promised. 

It’s quite similar to the environment in which we operate as security professionals every day. Most organizations have a complex security infrastructure that consists of multiple products from multiple vendors to create layers of defense, including firewalls, IPS/IDS, routers, web and email security, and endpoint detection and response solutions. We have SIEMs and other tools that house internal threat and event data – ticketing systems, log management repositories, case management systems.  

In the past couple of years, we’ve seen a movement towards Security Orchestration, Automation and Response (SOAR) platforms and tools. Specifically, orchestration and automation tools that define playbooks and processes, or threat intelligence platforms that act as a central repository to aggregate and enrich vast amounts of internal threat and event data with external, global threat intelligence for context so that you can understand and prioritize it for action. Regardless of the type of platform, integration is key to bringing security teams, processes and technology together within the construct of a single security architecture to drive efficiency and effectiveness, eliminating repetitive tasks so that analysts are free to focus on higher priority activities. 

A single security architecture requires bi-directional integration. Relevant, prioritized threat intelligence must flow through all systems, playbooks and processes so that automation is based on the right data. And systems and tools must feed data, events and what has been captured, back to the central repository for use in other systems. This central repository also serves as organizational memory for learning and improvement. 

More recently, we’re seeing the emergence of XDR solutions that ESG defines as, “An integrated suite of security products spanning hybrid IT architectures, designed to interoperate and coordinate on threat prevention, detection, and response. XDR unifies control points, security telemetry, analytics, and operations into one enterprise system.” There are even more challenges here because no organization is starting with a clean slate; there is existing infrastructure and the appetite to rip and replace is low. What’s more, different departments with different budgets and teams are using different solutions, so the decision-making process to move forward with a single vendor solution will be a labyrinth, at best. 

An XDR solution can’t just integrate within its own set of products. It must integrate with a range of existing tools and technologies for a certain period of time, which could be several years. As with SOAR tools, this integration must be bi-directional to reap the full value from the XDR solution. What’s more, time will tell if XDR solution providers will be able to maintain the level of innovation of best-in-class solution providers who focus their resources to address specific use cases, new types of threats and emerging threat vectors.

A case in point, in response to threat activity around COVID-19, many commercial threat intelligence providers, governments, open source feeds and frameworks like MITRE ATT&CK are providing valuable threat and outbreak-specific data. Consuming all this data is a real challenge, especially since many of the sources are new and no ready-made connectors exist to plug these feeds into existing security infrastructure. Organizations don’t have teams of analysts sitting idle and available to manually sift through numerous, new sources and massive volumes of indicators and operationalize them. What’s needed are custom connectors to any type of threat intelligence feed that can be written and deployed within hours so organizations can begin ingesting threat data from new sources quickly. Any all-in-one enterprise system needs that level of external integration capability as well.

Advertisement. Scroll to continue reading.

Don’t get me wrong. As I have written about before, complexity is the enemy of security and a defense-in-depth approach brings complexity due to fragmentation. But bigger, broader solutions can’t solve this alone. Integration needs to play a role to maximize overall efficiency and effectiveness. Just as you’ve seen if you’ve committed to Amazon Echo or Google Home, they both have their sweet spots but need to be open and flexible because even they shouldn’t try to do it all. 

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem