Automated, Orchestrated, and Integrated: The Open Platform Approach

Security teams have enough on their plates without having to stitch together multiple tools for holistic visibility, context and response.

internet security concept picture id585148862
iStock

As organizations increasingly shift to cloud, the IT infrastructure becomes riddled with complexity. SecOps, NetOps, and ITOps teams have their hands full using multiple tools to manage data and applications across the distributed environment.

For SecOps in particular, tying these pieces together is a must-have. They require as close to real-time visibility as possible to quickly detect then remediate potential threats. The longer it takes to identify an incident, the greater the potential damage.

Yet, the stitching-together process takes effort when vendors’ solutions are closed or don’t integrate. According to a recent poll among 1,650 technology professionals, 45% have built two to four security integrations, using two or more products’ APIs or SDKs. Another 25% have scripted five or more integrations.

The respondents say this process takes considerable time:

  • 37% put the average at 40+ hours
  • 25% say 1-8 hours
  • 21% cite 9-40 hours
  • 17% use pre-built integrations

Some organizations (23%) have simply learned to live with the need to put effort into this process. Others (48%) either have dedicated staff resources to build these integrations or pay for outsourced services to do it. The remaining 29% have started looking to adopt an open platform approach.

Open for integration

Security operations teams have enough on their plates managing and maintaining their security stack. The noise from alerts can be deafening; 39% say the volume is causing burnout. Another 24% cite frustration with having too many consoles to consult.

Yet, there’s no reason to throw out existing tools or put all security technology eggs in one basket. It’s possible to avoid vendor lock-in and the expense of an overhaul with an underpinning, open security platform—one with pre-built APIs to automate and orchestrate integration of multiple third-party tools. A platform that is proprietary is only half effective when you are leaving out control points, threat intelligence sources, and other critical tools that don’t integrate.

Cisco SecureX is a cloud-native, integrated platform that connects the entire Cisco security portfolio as well as many additional security, IT, and networking technologies from both Cisco and third parties. It has been built via an open ecosystem of more than 170 partners and 35 third-party integrations, including open-source solutions used by SecOps, NetOps, and ITOps teams. It includes a library of pre-built automated security workflows and tools for customers to build and share their own. The SecureX ecosystem will continue to grow, with additional integrations in development now, both by Cisco and our technology partners.

“It’s a foundational approach, that brings together security tasks across multiple domains, as well as IT and networking tasks that aren’t even primarily security related,” says Ben Greenbaum, a Technical Leader in the Security Platform team at Cisco. “All of our products have APIs. Our APIs are open and accessible to users and therefore of course to the platform as well, which leverages them to coordinate and streamline tasks that used to involve tools, and people, from different business units. SecureX can use just about any API that’s available from Cisco or from 3rd party tools, to allow these powerful, complex orchestrations to occur outside of just the traditional SecOps space, into the ITOps and NetOps worlds.”

That level of orchestration is critical for security teams. The SecureX orchestration feature allows you to build automated workflows for dealing with common security use cases like threat hunting. We draw from both Cisco security capabilities and other security and IT solutions such as our own Webex, plus those from Microsoft, ServiceNow, Slack, and more. You can now detect, investigate, and orchestrate a coordinated response to any potential threats across multiple vectors and access points from one place. The bottom-line is that you can dramatically decrease the time spent integrating disjointed point solutions and stitching together sets of disparate data.

“One of the most important aspects as a CISO is to make sure I feed intelligence into other agencies,” says Mick Jenkins, CISO at Brunel University London. “The platform approach gives us superb stitching-together of forensic investigations.”

In addition, the engine supports organizational security-related initiatives such as SASE and Zero Trust.

“A platform approach like SecureX is the future of security at Mohawk Industries,” says Michael DeGroote, Infrastructure Consultant at Mohawk Industries. “It will make things easier, faster, and we will see much more going on in our environment than ever before. The automation and custom playbooks we have seen in SecureX will make a difference in a Zero-Trust environment and will improve security for our company even further.”

Learn more about Cisco SecureX. 

 

 

 

 

Related:

Copyright © 2021 IDG Communications, Inc.