In cybersecurity, the whole of security data is greater than the sum of its parts. Unfortunately, the way many security products are engineered, analysts are relegated to using individual tools – just the ‘parts’ – and struggle to see the ‘whole’ picture integration would provide.
Why? Data interoperability standards leave much to be desired, and vendors have little incentive to make integration a priority. As a result, organizations can accumulate as many as 25 or more cybersecurity tools in their defense portfolio – and many of them don’t automatically talk to each other.
Cybersecurity data that exists in silos leaves gaps for threats to slip by undetected. It would be far more useful to share the data collected from across the security organization for correlation and analysis.
Security Integration Among the Top 5 Challenges
Security professionals are finding the lack of integration to be increasingly problematic. For example, in our recently published survey, The Top Challenges for Network Security in 2019, data interoperability – tools that don’t talk to each other – ranked in the top five on a long list of challenges.
Nearly 60% of respondents said the tools in their organization just somewhat share data or not at all. When asked “Why?” respondents candidly offered comments like these:
- “Tools are purchased without ever sending employees to training or bringing hands-on experience from the vendor to assist in integration. We just buy things and cross our fingers that it was a good investment.”
- “Different vendor tools that don’t communicate to one another.”
- “Lack of standards for interoperability.”
- “They don’t talk to each other. They do talk to the SIEM but that is not enough.”
- “I inherited a hodge-podge of non-implemented or half-implemented projects.”
- Different solutions have a greater probability of catching issues that the other may not.”
This is simply unsustainable. As adversaries strive to come up with new ways to avoid detection, it simply makes sense for tools to provide security analysts the capacity to ‘compare notes’ or so to speak.
3 Reasons Why Integration Will Grow as an Imperative
We believe the problem has reached a critical mass. The market will increasingly demand that new cybersecurity tools adhere to open standards and open APIs for three key reasons:
1) Integration improves efficiency and detection.
When organizations have multiple tools that cannot easily share data, it’s more reliant on people to go in and check tools one-by-one. Analysts hop from one screen to the next looking for threats through a different console. This is a highly manual, slow and potentially an error-prone way of defending an enterprise.
Weaving disparate tools together in a way that allows analysts to slice and dice data on a single pane of glass gives them the ‘whole’ picture. This also enables the organization to take advantage of automation – detection rules, policies and workflows – that accelerates a security operations center’s (SOC) ability to detect and remediate threats.
2) Compose best of breed solution across vendors.
Customers should be able to pick and choose the tools – firewall, antivirus, honeypot or network threat detection platform – that works best for their unique environment. This is a necessity given the reality of the threat evolution. As one industry analyst noted, “The rapid pace of threat evolution means incumbent security vendors cannot reasonably respond to every new threat which creates an opportunity for emerging solutions.”
3) Open integration leads to a stronger ecosystem.
Integration will lead to a better ecosystem of solution providers. Open integration not only lets customers leverage the best capabilities of select tools – while avoiding vendor lock-in – it will also encourage vendors to foster innovation.
Integration Provides a Path to True Threat Hunting
Bricata has been engineered with integration in mind from the very beginning. While we employ multiple threat detection technologies onto a single platform, but what makes this so powerful is the way these technologies have been integrated together.
This tight integration brings an additional and timely benefit: the way we collect, and share data also allows it to be indexed, filtered and searched. This allows a security analyst to very quickly pivot to true threat hunting within a tool and console with which they are already familiar.
Indeed, the whole is greater than the sum of its parts.
If you enjoyed this post, you might also like:
Network Security: Why it’s Harder for Threats to Hide Behavior
*** This is a Security Bloggers Network syndicated blog from Bricata authored by ironcore. Read the original post at: https://bricata.com/blog/cybersecurity-integration-imperative/