by Matt Walmsley, EMEA Director at Vectra
The events of the past few weeks and months have put a huge amount of pressure on CISOs and IT security teams to ensure their networks are protected following an upsurge in remote working. This may not be a challenge for companies who already have measures in place for employees to work from home. Yet for others who are used to being able to monitor, control and protect machines from the relative safety of an on-premise network confined to one location, this has been a sea change.
With resources under extraordinary pressure, CISOs have to make sure that they are able to continue to protect their networks, while at the same time using budgets wisely, bearing in mind the hit to cashflow many organisations have experienced. With so many different risks to contend with, CISOs will be looking to mitigate as many as possible, necessitating a range of security technologies such as privilege access management, cloud and network monitoring, endpoint protection and perimeter defences.
Through collaborating together, cyber security vendors can address this issue by enabling their solutions to work and integrate with those from other suppliers.
The need for comprehensive security
As threat actors will try a whole range of attacks to infiltrate an IT network, organisations will want to make their IT security solutions as comprehensive as possible. Failure to do so could leave large defensive gaps for threat actors to take advantage of. For instance, exploits that operate below the operating system at the firmware level of a device can weaken endpoint detection and response (EDR) solutions, as seen in those reportedly stolen from the NSA-linked cyberespionage team the Equation Group by the Shadow Brokers hacking collective. Yet a network detection and response (NDR) solution could detect such malware and act upon it.
To create a comprehensive solution, CISOs very often choose different vendors to fulfil specific functions within their organisation’s security architecture. Buying elements of the security technology stack separately also enables organisations to ensure they get the “best of breed” or the solution that works better for them for a particular security requirement. A single vendor’s security portfolio might for instance, have an excellent next generation Firewall (ngFW) solution but fall short when it comes to its endpoint protection platform (EPP) Yet purchasing a ngFW solution and EPP solution from respective specialists means that both are likely to offer exactly what the organisation is looking for, allowing the specialists to serve the organisation’s specific needs.
Challenges in connecting the dots
A potential downside to creating a security system that uses different components is that they may not work in cohesion with each other. For example, the security team may have to log into separate systems to correlate information that could help them identify an attack. Having to pivot from one system to another takes up valuable time that IT security teams can little afford to waste. Each day security teams may receive many thousands of alerts that need to be investigated. Going through all of them manually and checking in with different parts of their security system means that the security team often acts as “human middleware” and inevitably incidents will be missed, and threat actors could slip through the net undiscovered, or before containment actions can be taken.
One answer to this problem is to improve how disparate technology solutions work seamlessly together and provide automation that can compare results from different sources to identify potential threats. This responsibility falls to the vendors who should create solutions that work well with other solutions. This includes having a common application programming interface (API), to ensure interoperability. However, APIs are not the only, or complete solution because they require interactions to be orchestrated and connections to be built which can be time consuming and inefficient.
Collaboration in action
When looking to see what solutions to integrate with, vendors need to take a view of the market and consider what is working well and what could add value. It is then vital to begin building alliances with potential partners to ensure the partnership would be mutually beneficial. For example, we have adapted our NDR solution to integrate well with other Endpoint Detection and Response (EDR) solutions such as CrowdStrike’s, Microsoft’s and Cybereason’s, among others. This partnership is beneficial to both of our customer bases as both solutions provide a perspective when responding to an incident or hunting for a threat that the other cannot, to offer a complete view of the enterprise networks we are working to protect.
Some might think that buying a complete security solution covering everything from NDR and EDR to threat intelligence and PAM could be the solution to resolving compatibility issues. However, this is not always the case. Very often these offerings have been put together from pre-existing products that the vendor owns following various buyouts or takeovers. This can result in severe interoperability issues that the vendor is yet to address.
By deploying different solutions that are able to work together, CISOs can compare readings from different components to see whether something is simply an anomaly or an actual attack. For instance, the SOC visibility triad model can provide full visibility across on-premise, cloud and SaaS, while also leveraging attacker behaviour models to detect known and unknown threats. Excellent SOC visibility allows security teams to be threat aware and agile and in so doing reduce the risk of having a threat actor hiding in an organisation’s network, undetected. Ultimately this can make the difference between a fatal breach, and a contained security incident.
The future of integration and collaboration
Integration between solutions has progressed greatly in the last few years but needs to go further with more vendors working together. By creating greater interoperability between products, vendors can add value to their customers by creating well-rounded security systems that offer more protection, less stress, enable teams to work smarter not harder, and deliver better value. End of article.
About the Author
Matt Walmsley is Head of EMEA Marketing at Vectra AI. Matt is a senior technology industry marketer with extensive international experience in IT security, networking and communications markets. Before joining Vectra, he was an EMEA Marketing Lead at Emulex. Prior to Emulex, he was an EMEA Regional Marketing Leader at Hewlett-Packard where he managed a team responsible for marketing communications & lead generation activities to the service provider, enterprise, small & medium business (SMB) and security market segments across EMEA. He received a diploma in business management and a masters of business administration (MBA) in performance & change, strategy, finance, and marketing from The Open University Business School