Integrating Security Products is Vital for Cyber Resilience

Technology innovation is relentless: The tech landscape is continuously being reshaped by a never-ending stream of advances occurring in every segment of the industry. For security professionals, it’s vital to understand how that fundamental trend affects cybersecurity product development and industry M&A—and ultimately the cyber resilience of your own organization.

Cycles of Startup and Consolidation

It used to be that you could detect distinct cycles of innovation in the information technology industry. Innovators and entrepreneurs whose ideas couldn’t get traction in large companies left and formed their own startups. Most of those startups failed, but some solved real business challenges and flourished. These successful startups were usually eventually acquired by big companies, and their technology integrated into a larger portfolio. A few continued and prospered as independent companies, becoming significant players. And the cycle repeated.

Fast forward to today: It’s no longer called “information technology”; it’s just called technology, because it permeates all aspects of life and work. The cycles occur so fast that there’s a constant flow of innovation and consolidation through M&A. And to prosper over the long term, tech companies have no choice but to continuously pursue innovation through acquisitions as well as in-house organic development.

How Continuous Innovation Impacts Cybersecurity

Across the tech industry, this flow of innovation and M&A translates into a never-ending stream of new products and services, intense pressure to keep up with competitors, and a continuous challenge to integrate newly acquired products.

But when it comes to cybersecurity, there’s another critical dimension. Cybercriminals also have access to advances in technology, and they are highly motivated to innovate rapidly in order to evade cyber defenses. As a result, cybersecurity companies compete not only with each other, but also with cybercriminals.

This means it’s essential for businesses to be able to continuously access the latest innovations in cybersecurity. Failure to do so means you’re increasingly exposed to new threats as attackers find ways to bypass existing security controls.  

Open APIs and Pre-Written Integrations are Key to Cyber Resilience

The cybersecurity industry, like other technology sectors, includes a dynamic mix of broad solutions designed to protect an organization from top to bottom, and point solutions focused on narrower problems or threats. These point solutions are often developed by innovative startups, and can sometimes be better at addressing specific threats than the corresponding elements of a broader solution.

For businesses, taking advantage of the best solution for each threat is not only vital but also extremely urgent, because of the need to stay ahead of attackers’ rapidly evolving attack methods. In order to achieve true cyber resilience, organizations need the most up-to-date cybersecurity tools and the latest threat intelligence, and they need it now.

But it’s equally important that each solution is integrated with the rest of your cybersecurity environment, so that the products can work together to block threats. Case in point: Because email is the number one vector through which malware and phishing attacks enter an organization, your secure email gateway will often identify threats first. You’re going to want data about those threats shared with your:

• Security Incident Event Monitor (SIEM), which watches for security incidents around the network
• Security Orchestration and Response (SOAR) system, which can automatically act on detected threats
• Endpoint security products
• IT Service Management (ITSM) system, which manages the changes needed to remediate attacks

You need these products to work together seamlessly, whether you’re getting everything from one vendor or choosing separate best-of-breed solutions for each element.

Unfortunately, even buying everything from a single vendor is no guarantee that different security products will work well together, because of the integration challenges large vendors face when they acquire products.

Enter open APIs, which are critical to achieving seamless integration. There are two primary ways to integrate security products: integrate products using APIs, assuming they’re available for your deployed tools; or obtain pre-written integrations from your suppliers, which are often built using those APIs.

The Difference Between Legacy and Cloud from the Ground Up

When it comes to integration challenges, it’s important to closely examine your vendor’s history, its strategy, and the APIs it provides. Some vendors offer legacy on-premises solutions that have been retrofitted for the cloud, and weren’t designed with APIs and integration in mind. Other companies designed their products for the cloud from the start, using a multi-tenant architecture based on microservices, which enables them to provide integration with other products simply by exposing microservices via APIs.

As a result, integrations are faster and easier to create, whether you’re using APIs yourself or obtaining pre-built integrations from your vendor. You can see this manifested in the number of consoles your cybersecurity vendor offers to manage their portfolio of products. The fewer administrative consoles, the better integrated the portfolio.

And make no mistake, the speed at which integrations become available for your cybersecurity solutions can be lifesaving. Sharing information among security tools can dramatically raise your cyber resilience by helping you detect threats faster and reduce dwell time. Integration between security products can help to stop threats entering your network, and it can stop them spreading and causing significant damage.

More About Cyber Resilience, APIs and Integrations

To learn more about the cyber resilience role of APIs and pre-written integrations, you can read the following deeper dives:

• Want Cyber Resilience? Integrate Email Security Into Your SIEM
• Sharing Threat Intelligence Among Best-of-Breed Security Tools

The Bottom Line

Open APIs and pre-written product integrations are key to increasing an organization’s cyber resilience. But it’s not always easy to tell which cybersecurity suppliers integrate well with others. Look for whether they publish an open API, offer pre-written integration software, and how many administrative consoles it takes to manage their product portfolio (the fewer the better).