As John Donne once wrote, “No man is an island entire of itself.” With digitalization bridging any distance, the same logic could be applied to tech.
Threat actors have vast underground forums for sharing their intelligence, while security professionals remain tight-lipped in a lot of data breach cases. Much like the way a vaccine can help stop the spread of infectious diseases, sharing threat intelligence and defense strategies can help to establish a more secure future for everyone.
So what is the answer? Partnerships. Some of the world’s largest and most successful companies take advantage of tech developed by other businesses. This way, they can provide quick time-to-value to their customers, plus the resources to improve their core offerings.
Current State of Affairs
According to a recent ESG study, 80% of organizations use more than 10 data sources as part of their security operations. More than half (52%) believe their security operations environment has become more difficult to manage over the last two years. The growing number of disparate tools and volume of data they produce overwhelm security operations center (SOC) managers. Not only does it make it harder for security analysts to respond to threats well, but it also affects the team’s morale.
Research from the Information Systems Security Association found that 83% of 280 security professionals surveyed want to see vendors build open standards into their products to enable interoperability.
Shouldering internal research and development (R&D) loads through strategic tech partnerships is nothing new. Before we dive into some of the specific reasons why technology integration matters, let’s cover the basics.
What Is Integration?
Integration enables applications and systems that were built separately to work together, resulting in new capabilities and efficiencies that cut costs, uncover insights and much more.
When done correctly, seamless integration allows a user to receive prioritized real-time data from various sources. For example, a recent update of IBM’s Qradar and Zscaler allows users to monitor suspicious behavior and automate policy updates to eliminate threats in near-real time.
IBM QRadar integration with ZScaler allows users to collect web and firewall logs directly into QRadar. By routing internet traffic to ZScaler Cloud Firewall, customers can inspect all user traffic for malicious intent and bad actors. This is a truly modern way of securing internet traffic, offering unlimited scalability and performance, without the cost and complexity of maintaining traditional firewalls. Couple that with the advanced threat detection and correlation capabilities of QRadar, this provides unparalleled security value. Alerts generated from ZScaler Cloud Firewall can now be ingested directly into QRadar using the HTTPS protocol, meaning that information about various threats like malicious IPs and unauthorized sites, can be sent to QRadar in real-time to leverage its correlation capabilities and detect threats across the organization’s network.
Regardless of the approach, whether point-to-point or using a central network element, organizations often use a mix of different integration capabilities. For example, a portal where customers place orders or view their accounts uses a mix of application programming interface (API) management, database integration, application interfaces and related steps in a lead-to-cash process.
Why Integration Matters
It’s critical to ensure key systems and applications run smoothly. There is no shortage of cybersecurity technology vendors. That’s why organizations need to synchronize security tools in their tech stack. Security workers want more industry collaboration. To stay competitive, vendors that support open standards for tech integrations are the ones more likely to become successful.
Addressing SecOps Challenges
Innovations speed up business, but what about security? Most businesses have been reactive, instead of proactive, in addressing newly emerging security vulnerabilities.
Meanwhile, threat actors, unconfined by policies or rules, employ new tools like machine learning. Legacy SOCs struggle against these advanced attacker techniques. In addition, the global shortage of skilled workers and slow deployment of security operations (SecOps) tools persist.
Some of the most common SecOps challenges that stem from legacy SOC environments include:
- Low visibility and context
- Overly complex investigations
- An overwhelming volume of low-fidelity alerts created by security controls
- Disjointed systems
- Prevalence of manual processes.
So, how can technology integration address these challenges?
Making the SecOps Environment Simpler
Of course, new tech is meant to make our jobs easier. When using a cloud or a Software-as-a-Service (SaaS) solution, you expect to complete your work with less time, effort, resources and cost, not the other way around.
A SOC employing several tools that don’t talk to one another properly adds to the so-called swivel chair syndrome. Using a solution that allows you to integrate your existing tech stack is about removing the cost, resource and risk barriers.
Bringing Dispersed Data Together
With an integrated technology stack, correlating data happens in a more efficient way. At best, this takes place in an interface that is simple to operate. It aggregates, processes and correlates large quantities of data for thorough investigations — all in one place. Doing this may require a tradeoff between usability and data organization. Yet it’s a critical component of a platform to organize data from multiple sources without compromising its quality.
Aiding the Global Workforce Shortage
The lack of cybersecurity talent has started to take its toll. Having fewer trained workers makes the already difficult task of managing cybersecurity risks even harder. In addition, having a number of tools that aren’t interoperable frustrates analysts and makes them more likely to burn out or want a job change, affecting the business’s ability to retain talent.
Does your security team spend too much time making the software function as desired instead of taking advantage of solutions? Technology integrations offer a lifeline when it comes to filling skills gaps and talent shortages.
Integration: It All Works Together
In many industries, superior technology integration is key to productivity and speed. It transforms the way a business can select and refine a new product, process or service. If a business chooses technologies that don’t work well together, it can end up with a product that doesn’t have the proper market fit. Effective technology integration begins in the early R&D project phases and informs a roadmap for design, engineering and production.
No single tool or security concept impacts the security industry as much as collaboration. Those organizations that can develop and maintain technology ecosystems along with digital agility will adapt to change quickly. That way, they will find the path to success for themselves and their customers alike.
Senior Product Marketing Manager
Olga Hout is a contributor for SecurityIntelligence.