"If you want to go fast, go alone. If you want to go far, go together." – African Proverb
Though likely first uttered on the savannah eons ago, it’s a remarkably relevant concept even in today’s age; a fitting way to describe the security industry.
I was in Miami recently for the A-ISAC (Aviation Information Sharing and Analysis Center) annual conference. The A-ISAC’s mission is consistent with other industry ISAC’s; facilitating collaboration across the global aviation industry to enhance its ability to prepare for and respond to vulnerabilities, incidents and threats.
The A-ISAC’s members, many of whom compete in the aviation marketplace, understand that “going together” via sharing actionable security information is vital to being secure. In the security industry, we understand the importance of collaboration and community. However, people outside of our industry are sometimes surprised by the notion of cyber intelligence sharing, especially when it occurs between competitors.
The proverb applies equally well to the emerging security automation and orchestration (SAO) market. In fact, I’d argue that collaboration and a community focus are critical success factors for a security automation and orchestration platform.
Security automation and orchestration platforms require integration with various security products and services to function. With experts claiming nearly 1,500 vendors in the security industry, there are far too many product and service integrations for any one company to maintain. Without a community sharing the burden, it’s simply not possible to address the wide range of technologies and use cases in production. For some SAO platforms, as much as a third of all integrations are community derived; shared by users and vendors for the benefit of all.
The evolving nature of security drives a need for a community to work together. This means not only sharing integrations, but also best practices to address the latest threats. For security automation and orchestration platforms, playbooks are the codification of those best practices; guiding the platform to orchestrate according to the security operations plan.
Traditionally, software assets like playbooks have been considered proprietary; intellectual property owned by the developer and shared only with licensed users. An open or community-based approach is proving to be a better answer in SAO though, since users may draw on the experiences of other like-minded users. A large and active user community offers the opportunity to share playbooks and collaborate on ideas for new automation use cases.
To be effective, collaboration must happen within the community-at-large, and at times, privately within an organization. Simply connecting users in the community-at-large is important to facilitating the exchange of ideas. In the SAO market, this is often accomplished with communication tools like Slack, which enables group and direct messaging within a community. Messaging tools are effective for technical and design support, quick answers to questions, and brainstorming on solutions to problems.
Sharing within the community-at-large is also most effective when supported by source and version control tools like Github. In these centralized and shared repositories, individuals publish their technical work and may also include presentations, tech notes, blogs, and other documentation.
While collaboration within the community-at-large is common, there are situations where sensitive information simply cannot be shared. In these cases, collaboration on a micro level, perhaps among a trusted circle or team, is necessary. Once again, leading Security automation and orchestration platforms include capabilities like built-in chat to process and review events privately, as well as tools to visualize activity related to alerts or cases.
Whether it’s supported technology or simply relationships developed at events like the A-ISAC, collaboration and community are key to the security industry and emerging technologies like SAO platforms. In many ways “going together” does more than “take us far,” it’s what allows us to even make the journey safely.