Data integration from multiple security point-products is a real problem for many enterprise customers. There are too many threat intelligence feeds – and no easy way to view all incoming data in a contextual way that facilitates interpretation, analysis, and remediation. Therefore, knocking down your organization’s in-house security software silos may become an essential element to improving your cyber-security profile.
Cybersecurity relies on tools to identify an increasing number of threats. However, the proliferation of security point products slows down the ability of organizations to identify threats and respond. For many customers, there is too much input, from too many sources – and few ways to analyze all of it efficiently.
Here are three paths to achieve better data integration for security:
- Frameworks. For customers, the challenge is how to achieve IT simplification to better guide their defenses against security threats. Some customers will look to software frameworks that can plug in, or integrate, data from multiple point-products. This approach works. SIEM (Security Incident/Event Management) is the most common consolidation point, but it is complex and it may require adopting standardized APIs, or agreeing to use a proprietary software framework from a single vendor.
- Cloud services. Many customers are now looking to the cloud itself to allow customers to scale-up their security analytics, and to leverage Cloud Service Providers’ (CSP) security tools. Using that approach, CSPs gather security data, analyze it, and flow remediation recommendation outwards to their rapidly growing customer bases.
- Containers. A third approach is to containerize the applications and data sources. By using software-defined containers, the data is isolated, and the total “surface”area for attack is reduced. This approach was discussed at ContainerWorld 2017 in Santa Clara, CA, Feb. 21-22, 2017.
The bottom line: Integration of software inputs is essential to improving security in a highly networked IT environment. This data integration is critical to providing a unified view of threats facing businesses and organizations, so that they can be fully seen – and addressed by IT staff.
Reducing Security Silos; Integrating Data
At the RSA security conference in San Francisco, David Ulevitch, founder of OpenDNS and a vice president of Cisco’s networking group, made the argument for data integration clearly. Customers need to reduce the number of information silos carrying security data – and they need to integrate the results for a full, 360-degree view of the security threats facing their organization.
His conclusion: cloud services will provide an efficient way to deliver security data more quickly and efficiently. Otherwise, standards battles over APIs will bog down progress – even as the threat “surface” expands from 50 billion devices to hundreds of billions in the IoT world.
Many speakers, in their RSA talks and presentations, came to a similar conclusion. For example, Ret. Gen Keith Alexander, former director of the NSA, told the Cloud Security Alliance (CSA) meeting at RSA that small companies, lacking the resources of large companies, would find it hard to address the growing security threats without leveraging security cloud services from CSPs.
Cast the Net Wider
Here’s why building a unified view of all security inputs is essential for companies seeking to defend their security perimeter: Without it, customers would likely miss important signals of threat behavior, and would not see “patterns in the data” that would point to security vulnerabilities. Large companies can well afford to maintain large IT staff, and to host their own, customized, security dashboards. But mid-size and small companies are looking to framework software partners and cloud services partners to extend their security “net” to find security intrusions and hacking.
Next Steps for Security Vigilance
Acquiring all of this software for on-site monitoring would become quite expensive, especially for SMBs. Even the big companies, with their larger attack surface and deeper investments in legacy infrastructure, will need help in pulling together as many security-related inputs as possible.
The rapid growth of the security ecosystem demands that customers pay close attention – spending much time winnowing through the long list of software products and security-related cloud services. Now, they need to take the next step, by integrating the data from their portfolio of security point-products.
My colleague Chris Christiansen contributed to this blog document. For more details, see The Bozman Blog on www.hurwitz.com.