Symantec this week showed its Symantec Integrated Cyber Defense (ICD) Platform is making headway in the development space to help better secure the enterprise.
The company announced that more than 120 companies have now committed to building 250-plus products and services leveraging a common set of application programming interfaces (APIs) that are exposed via the ICD Platform.
Art Gilliland, executive vice president and general manager for enterprise products at Symantec, said the Symantec ICD platform is unique in that it does not attempt to impose a central control plane through which all cybersecurity events are managed. Instead, vendors commit to share cybersecurity alerts and events across open APIs that are published on the ICD Platform. Vendors that have committed to publishing those APIs include Amazon Web Services (AWS), Box, IBM Security, Microsoft, Oracle, ServiceNow and Splunk.
The Symantec ICD Platform has been evolving ever since the company acquired Blue Coat Systems in 2016. The subsequent integration effort led Symantec to realize the company could add substantial value by making it easier for a wide range of cybersecurity tools to share data, said Gilliland. But rather than trying to become an uber-platform that would see to subsume all other tools, Symantec realized more vendors would cooperate in an effort to share data that did not require them to give up control over their own data management plane. Instead, it will be up to each individual customer to decide how any given set of cybersecurity products and services should be integrated, he said.
To further advance that goal this week, Symantec also announced it is adding an “Innovation Playground” program within its Technology Integration Partner Program to make it easier for startup companies to leverage the APIs published by Symantec.
In addition, Symantec announced it is adding ICD Exchange, a universal data format for sharing events, intelligence and actions across Symantec and third-party systems; and ICD Manager, which provides unified visibility into threats, policies and incidents to reduce incident response times to minutes from days.
Finally, Symantec also announced Data Loss Prevention 15.5, which is now integrated with the company’s endpoint security software to better prevent untrusted applications from accessing confidential data. That capability also leverages the APIs that Symantec has developed.
In effect, Symantec is applying many of the concepts first advanced as part of the so-called API Economy to the realm of cybersecurity. By publishing a set of well-documented APIs, Symantec not only helps reduce the cost of implementing multiple layers of security, it also increases the probability that its core security offerings will be included in what ecosystem a cybersecurity team eventually builds.
But the biggest benefit may come in the form of advancing best DevSecOps processes. Once cybersecurity vendors start to implement a common set of APIs, it will become much easier for developers to programmatically invoke a wide range of cybersecurity functions. It may take a while for developers to master those APIs, but at the very least the opportunity to achieve that goal is now much greater than it ever was before.