The IT manager tasked with understanding today’s complex vendor landscape is in an unenviable position. The rapid proliferation of new types of cyber security threats and general IT dynamics has, in turn, driven a near equal proliferation of products and services aimed at helping manage the associated risks. Keeping up with the categories of products and services that now make up the security vendor landscape is challenging enough, not to mention keeping abreast of the strengths and weaknesses of individual vendors.
On some level, the vendors themselves complicate this process through their efforts to differentiate around unique features or capabilities. Not all of this is disingenuous. The pace with which cybersecurity threats emerge and/or evolve creates both the need and the opportunity for vendors to innovate new capabilities that create true separation from other players in the market.
This specialization is, to a large degree, a necessary response to the continued innovation on the threat side of the equation. We see constant and clear evidence that traditional security products (firewalls, intrusion prevention/detection systems) continue to serve a key role but alone can’t ensure protection from attacks of increasing scale and complexity.
However, leading vendors are not only pushing their own technologies in pursuit of new solutions, but also committing active teams to finding these opportunities through collaboration with other, sometimes competing, vendors. Expanded use of APIs by a variety of technology companies, in conjunction with movements toward SaaS and cloud computing, have made a strong case for the necessity of third-party collaboration and integration.
In the security arena, this collaboration between vendors most commonly takes the form of API integrations that allow for the exchange of threat, vulnerability, or general security event data across products. In particular, most now expect vendors to support integration with major players in the SIEM space. Enterprises and service providers often leverage SIEM platforms to deliver a consolidated view of relevant security information for correlation of events and to provide a “single pane of glass” view into their environment.
How to collaborate
There are some important considerations for vendors looking to collaborate, which also reflect some of the characteristics of collaboration that end users should be looking for from their vendors.
It’s imperative to find opportunities where complementary capabilities address real-world use cases or scenarios. There are a number of trends within IT at any given time driving changes to the dynamics of how products and services are being used. Occasionally, these become disruptive trends that render good products or services suddenly vulnerable to obsolescence if they can’t evolve.
One such trend would be the DevOps model, where application development, testing, and release of new applications or application updates occur more rapidly. Even in the most disciplined application development environments where secure coding is part of the SDLC, every change to an application can introduce new vulnerabilities. Suddenly, in this environment, application security scanning tools that were built to operate around more defined, spaced development cycles find they need to not only speed up their operation, but also tie into complementary products or services that help security teams act on results more quickly.
One way vendors can extend this concept further is to seek out technology collaboration that creates opportunities for automation in security operations. Every day we see clear evidence of the increasingly automated nature of the cybersecurity threat landscape. The result is faster, larger, more complex attacks that can rapidly move from target to target seeking vulnerabilities to its tactics, techniques, and procedures.
As a result, forward-thinking security teams recognize they need collaboration and integrations that do more than add another product’s data to a SIEM or other platform for consolidated human decision-making. Fight bots with bots and leverage unique combined technology capabilities to allow for faster response. Then focus the human skills on deeper interpretation and longer-term remediation strategies. If we apply this to the DevOps example above, this might look something like a technology integration that takes the results of dynamic application testing and automatically feeds it into an application security product (such as a Web Application Firewall) for automated policy deployment in response to newly identified vulnerabilities.
Steps for IT pros to leverage or spur collaboration
There are some basic tactics that enable IT professionals to get more from potential collaboration within their stable of security vendors.
First, really understand the unique requirements of your network, applications, and business. With all the buzzword bingo in the security space, it’s easy to get bogged down and become convinced you have to address something that either isn’t a problem for you or poses little risk. An example of this emerged in our 2016 Global Application & Network Security Report, where 35 percent of respondents listed APTs as the biggest danger, yet only 23 percent of respondents had actually experienced any such attack.
Another pitfall to avoid is becoming overly focused on the security headlines and assume those are critical requirements for protection. We see this often with customers exploring protection options from DDoS attacks. The seemingly daily headlines about multi-100 Gigabit-per-second attacks push many to focus primarily on total mitigation capacity of cloud vendors, but in so doing they overlook the potential damage of smaller or encrypted attacks.
The final step is to familiarize yourself and get comfortable with one of the existing security product/service taxonomies. That’s not to suggest you should become rigidly fixated on the idea that all solutions need to fit neatly into one or the other for consideration. Focus on addressing your critical requirements, but know the categories to help you compartmentalize and quickly compare vendors. It can also help you understand which categories are being successfully integrated for specific unique use cases and where your organization can flourish among the competition.