Integration is Key to Bringing Security Teams, Processes and Technology Together
I’m going to go out on a limb here and say that if you’re reading this article, chances are you’re into technology. At home, this may show up in the type of sound system you have or home automation solution. In either case, you have probably done extensive research and devised a solution comprised of components from various manufacturers that you feel are best suited to meet your needs. A CD player, turntable, tuner, receiver, amplifier and speakers. Or a smart hub (like Amazon Echo or Google Home), thermostat, cameras, door locks, flood lights, smart appliances, smart TVs, and the list goes on. You likely assembled these solutions over time and will continue to add more devices, expecting them to interoperate seamlessly to deliver as promised.
It’s quite similar to the environment in which we operate as security professionals every day. Most organizations have a complex security infrastructure that consists of multiple products from multiple vendors to create layers of defense, including firewalls, IPS/IDS, routers, web and email security, and endpoint detection and response solutions. We have SIEMs and other tools that house internal threat and event data – ticketing systems, log management repositories, case management systems.
In the past couple of years, we’ve seen a movement towards Security Orchestration, Automation and Response (SOAR) platforms and tools. Specifically, orchestration and automation tools that define playbooks and processes, or threat intelligence platforms that act as a central repository to aggregate and enrich vast amounts of internal threat and event data with external, global threat intelligence for context so that you can understand and prioritize it for action. Regardless of the type of platform, integration is key to bringing security teams, processes and technology together within the construct of a single security architecture to drive efficiency and effectiveness, eliminating repetitive tasks so that analysts are free to focus on higher priority activities.