September 19, 2022 By Olga Hout 4 min read

As John Donne once wrote, “No man is an island entire of itself.” With digitalization bridging any distance, the same logic could be applied to tech.

Threat actors have vast underground forums for sharing their intelligence, while security professionals remain tight-lipped in a lot of data breach cases. Much like the way a vaccine can help stop the spread of infectious diseases, sharing threat intelligence and defense strategies can help to establish a more secure future for everyone.

So what is the answer? Partnerships. Some of the world’s largest and most successful companies take advantage of tech developed by other businesses. This way, they can provide quick time-to-value to their customers, plus the resources to improve their core offerings.

Current state of affairs

According to a recent ESG study, 80% of organizations use more than 10 data sources as part of their security operations. More than half (52%) believe their security operations environment has become more difficult to manage over the last two years. The growing number of disparate tools and volume of data they produce overwhelm security operations center (SOC) managers. Not only does it make it harder for security analysts to respond to threats well, but it also affects the team’s morale.

Research from the Information Systems Security Association found that 83% of 280 security professionals surveyed want to see vendors build open standards into their products to enable interoperability.

Shouldering internal research and development (R&D) loads through strategic tech partnerships is nothing new. Before we dive into some of the specific reasons why technology integration matters, let’s cover the basics.

What is integration?

Integration enables applications and systems that were built separately to work together, resulting in new capabilities and efficiencies that cut costs, uncover insights and much more.

When done correctly, seamless integration allows a user to receive prioritized real-time data from various sources. For example, a recent update of IBM’s Qradar and Zscaler allows users to monitor suspicious behavior and automate policy updates to eliminate threats in near-real time.

IBM QRadar integration with ZScaler allows users to collect web and firewall logs directly into QRadar. By routing internet traffic to ZScaler Cloud Firewall, customers can inspect all user traffic for malicious intent and bad actors. This is a truly modern way of securing internet traffic, offering unlimited scalability and performance, without the cost and complexity of maintaining traditional firewalls. Couple that with the advanced threat detection and correlation capabilities of QRadar, this provides unparalleled security value. Alerts generated from ZScaler Cloud Firewall can now be ingested directly into QRadar using the HTTPS protocol, meaning that information about various threats like malicious IPs and unauthorized sites, can be sent to QRadar in real-time to leverage its correlation capabilities and detect threats across the organization’s network.

Regardless of the approach, whether point-to-point or using a central network element, organizations often use a mix of different integration capabilities. For example, a portal where customers place orders or view their accounts uses a mix of application programming interface (API) management, database integration, application interfaces and related steps in a lead-to-cash process.

Why integration matters

It’s critical to ensure key systems and applications run smoothly. There is no shortage of cybersecurity technology vendors. That’s why organizations need to synchronize security tools in their tech stack. Security workers want more industry collaboration. To stay competitive, vendors that support open standards for tech integrations are the ones more likely to become successful.

Addressing SecOps challenges

Innovations speed up business, but what about security? Most businesses have been reactive, instead of proactive, in addressing newly emerging security vulnerabilities.

Meanwhile, threat actors, unconfined by policies or rules, employ new tools like machine learning. Legacy SOCs struggle against these advanced attacker techniques. In addition, the global shortage of skilled workers and slow deployment of security operations (SecOps) tools persist.

Some of the most common SecOps challenges that stem from legacy SOC environments include:

  • Low visibility and context
  • Overly complex investigations
  • An overwhelming volume of low-fidelity alerts created by security controls
  • Disjointed systems
  • Prevalence of manual processes.

So, how can technology integration address these challenges?

Making the SecOps environment simpler

Of course, new tech is meant to make our jobs easier. When using a cloud or a Software-as-a-Service (SaaS) solution, you expect to complete your work with less time, effort, resources and cost, not the other way around.

A SOC employing several tools that don’t talk to one another properly adds to the so-called swivel chair syndrome. Using a solution that allows you to integrate your existing tech stack is about removing the cost, resource and risk barriers.

Bringing dispersed data together

With an integrated technology stack, correlating data happens in a more efficient way. At best, this takes place in an interface that is simple to operate. It aggregates, processes and correlates large quantities of data for thorough investigations — all in one place. Doing this may require a tradeoff between usability and data organization. Yet it’s a critical component of a platform to organize data from multiple sources without compromising its quality.

Aiding the global workforce shortage

The lack of cybersecurity talent has started to take its toll. Having fewer trained workers makes the already difficult task of managing cybersecurity risks even harder. In addition, having a number of tools that aren’t interoperable frustrates analysts and makes them more likely to burn out or want a job change, affecting the business’s ability to retain talent.

Does your security team spend too much time making the software function as desired instead of taking advantage of solutions? Technology integrations offer a lifeline when it comes to filling skills gaps and talent shortages.

Integration: It all works together

In many industries, superior technology integration is key to productivity and speed. It transforms the way a business can select and refine a new product, process or service. If a business chooses technologies that don’t work well together, it can end up with a product that doesn’t have the proper market fit. Effective technology integration begins in the early R&D project phases and informs a roadmap for design, engineering and production.

No single tool or security concept impacts the security industry as much as collaboration. Those organizations that can develop and maintain technology ecosystems along with digital agility will adapt to change quickly. That way, they will find the path to success for themselves and their customers alike.

More from Application Security

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today