Shared Goals: New Framework Aims to Improve Security for All

A new data framework shares signals among security products, enhancing visibility into vulnerabilities and helping to accelerate detection and response.

istock 1169668297 3

Cybersecurity remains a top challenge, concern, and management focus for CIOs, CSOs and CISOs, according to CIO research. These results are not surprising, given ever-changing threats and the need to manage multiple security tools just to get some visibility into the organization’s security posture.

That’s why many IT and security leaders look to best practices among their peers or within their industry as they navigate these issues. Shared information can be powerful.

Very loosely, that’s the idea behind the Shared Signals and Events (SSE) Framework, a new standard being developed by the OpenID Foundation. Open data frameworks are like the “rising tide raises all boats” concept; they allow information sharing between solutions to help drive better security for all users. SSE aims to make it easier for companies to share security events, and enable users, administrators, and service providers to coordinate in order to rapidly detect and respond to incidents.

“Security stacks today are often comprised of multiple products from different vendors that don’t speak well to each other,” said Ted Kietzman, Product Marketing Manager for Duo Security at Cisco. “That can lead to miscommunications and missed opportunities. It’s like watching a scene in a movie in which you’re thinking: ‘If only they had shared that information a little faster, that event wouldn’t have happened’.”

The value of sharing information

The SSE Framework is an open application programming interface (API) that allows communications between any security products from any vendor. The code is universal language that enables different tools to talk to each other.

“The framework allows you to share signals between all kinds of devices and users, including firewalls, identity access management systems, endpoint devices, etc.,” Kietzman said. “Doing so enables you to quickly see, for example, if someone turns off their firewall or their operating system is out of date.”

SSE is based on five communications concepts:

picture1 Cisco
  • Subject: a person, device, group, or organization
  • Event: a security-related incident pertaining to a subject, such as when a user’s session is revoked or their device goes out of compliance
  • Transmitter: a vendor that is broadcasting an event to other vendors
  • Receiver: a security vendor that receives and acts on events
  • Stream: the flow of events from a transmitter to a receiver

When a subject experiences an event, the transmitter sends information about it to a receiver via a stream. Each security product still performs its core function, however, data is efficiently shared with other systems to give context to the event. That helps both security vendors and your organization quickly identify remediation steps.

In addition to efficiency and improving security, signal sharing speeds response because the streams happen in real time.

The SSE Framework is already being used by some of the largest cloud services, according to the OpenID Foundation.

“One of the great things about this framework is that it’s based on open standards,” Kietzman said. “It’s easy to create connections between security tools, and it doesn’t matter which tools you have in your software stack.”


Copyright © 2022 IDG Communications, Inc.