As John Donne once wrote, “No man is an island entire of itself.” With digitalization bridging any distance, the same logic could be applied to tech.

Threat actors have vast underground forums for sharing their intelligence, while security professionals remain tight-lipped in a lot of data breach cases. Much like the way a vaccine can help stop the spread of infectious diseases, sharing threat intelligence and defense strategies can help to establish a more secure future for everyone. 

So what is the answer? Partnerships. Some of the world’s largest and most successful companies take advantage of tech developed by other businesses. This way, they can provide quick time-to-value to their customers, plus the resources to improve their core offerings. 

Current State of Affairs

According to a recent ESG study, 80% of organizations use more than 10 data sources as part of their security operations. More than half (52%) believe their security operations environment has become more difficult to manage over the last two years. The growing number of disparate tools and volume of data they produce overwhelm security operations center (SOC) managers. Not only does it make it harder for security analysts to respond to threats well, but it also affects the team’s morale.

Research from the Information Systems Security Association found that 83% of 280 security professionals surveyed want to see vendors build open standards into their products to enable interoperability.

Shouldering internal research and development (R&D) loads through strategic tech partnerships is nothing new. Before we dive into some of the specific reasons why technology integration matters, let’s cover the basics.

What Is Integration?

Integration enables applications and systems that were built separately to work together, resulting in new capabilities and efficiencies that cut costs, uncover insights and much more.

When done correctly, seamless integration allows a user to receive prioritized real-time data from various sources. For example, a recent update of IBM’s Qradar and Zscaler allows users to monitor suspicious behavior and automate policy updates to eliminate threats in near-real time.

IBM QRadar integration with ZScaler allows users to collect web and firewall logs directly into QRadar. By routing internet traffic to ZScaler Cloud Firewall, customers can inspect all user traffic for malicious intent and bad actors. This is a truly modern way of securing internet traffic, offering unlimited scalability and performance, without the cost and complexity of maintaining traditional firewalls. Couple that with the advanced threat detection and correlation capabilities of QRadar, this provides unparalleled security value. Alerts generated from ZScaler Cloud Firewall can now be ingested directly into QRadar using the HTTPS protocol, meaning that information about various threats like malicious IPs and unauthorized sites, can be sent to QRadar in real-time to leverage its correlation capabilities and detect threats across the organization’s network.

Regardless of the approach, whether point-to-point or using a central network element, organizations often use a mix of different integration capabilities. For example, a portal where customers place orders or view their accounts uses a mix of application programming interface (API) management, database integration, application interfaces and related steps in a lead-to-cash process.

Why Integration Matters

It’s critical to ensure key systems and applications run smoothly. There is no shortage of cybersecurity technology vendors. That’s why organizations need to synchronize security tools in their tech stack. Security workers want more industry collaboration. To stay competitive, vendors that support open standards for tech integrations are the ones more likely to become successful. 

Addressing SecOps Challenges

Innovations speed up business, but what about security? Most businesses have been reactive, instead of proactive, in addressing newly emerging security vulnerabilities.

Meanwhile, threat actors, unconfined by policies or rules, employ new tools like machine learning. Legacy SOCs struggle against these advanced attacker techniques. In addition, the global shortage of skilled workers and slow deployment of security operations (SecOps) tools persist.

Some of the most common SecOps challenges that stem from legacy SOC environments include:

  • Low visibility and context
  • Overly complex investigations
  • An overwhelming volume of low-fidelity alerts created by security controls
  • Disjointed systems
  • Prevalence of manual processes.

So, how can technology integration address these challenges?

Making the SecOps Environment Simpler

Of course, new tech is meant to make our jobs easier. When using a cloud or a Software-as-a-Service (SaaS) solution, you expect to complete your work with less time, effort, resources and cost, not the other way around.

A SOC employing several tools that don’t talk to one another properly adds to the so-called swivel chair syndrome. Using a solution that allows you to integrate your existing tech stack is about removing the cost, resource and risk barriers.  

Bringing Dispersed Data Together

With an integrated technology stack, correlating data happens in a more efficient way. At best, this takes place in an interface that is simple to operate. It aggregates, processes and correlates large quantities of data for thorough investigations — all in one place. Doing this may require a tradeoff between usability and data organization. Yet it’s a critical component of a platform to organize data from multiple sources without compromising its quality.

Aiding the Global Workforce Shortage

The lack of cybersecurity talent has started to take its toll. Having fewer trained workers makes the already difficult task of managing cybersecurity risks even harder. In addition, having a number of tools that aren’t interoperable frustrates analysts and makes them more likely to burn out or want a job change, affecting the business’s ability to retain talent. 

Does your security team spend too much time making the software function as desired instead of taking advantage of solutions? Technology integrations offer a lifeline when it comes to filling skills gaps and talent shortages. 

Integration: It All Works Together

In many industries, superior technology integration is key to productivity and speed. It transforms the way a business can select and refine a new product, process or service. If a business chooses technologies that don’t work well together, it can end up with a product that doesn’t have the proper market fit. Effective technology integration begins in the early R&D project phases and informs a roadmap for design, engineering and production.

No single tool or security concept impacts the security industry as much as collaboration. Those organizations that can develop and maintain technology ecosystems along with digital agility will adapt to change quickly. That way, they will find the path to success for themselves and their customers alike.

More from Application Security

Does Follina Mean It’s Time to Abandon Microsoft Office?

As a freelance writer, I spend most of my day working in Microsoft Word. Then, I send drafts to clients and companies across the globe. So, news of the newly discovered Microsoft Office vulnerability made me concerned about the possibility of accidentally spreading malware to my clients. I take extra precautions to ensure that I’m not introducing risk to my clients. Still, using Microsoft Office was something I did many times a day without a second thought. I brought up…

Why Your Success Depends on Your IAM Capability

It’s truly universal: if you require your workforce, customers, patients, citizens, constituents, students, teachers… anyone, to register before digitally accessing information or buying goods or services, you are enabling that interaction with identity and access management (IAM). Many IAM vendors talk about how IAM solutions can be an enabler for productivity, about the return on investment (ROI) that can be achieved after successfully rolling out an identity strategy. They all talk about reduction in friction, improving users' perception of the…

Controlling the Source: Abusing Source Code Management Systems

For full details on this research, see the X-Force Red whitepaper “Controlling the Source: Abusing Source Code Management Systems”. This material is also being presented at Black Hat USA 2022. Source Code Management (SCM) systems play a vital role within organizations and have been an afterthought in terms of defenses compared to other critical enterprise systems such as Active Directory. SCM systems are used in the majority of organizations to manage source code and integrate with other systems within the…

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…