While attending Splunk .conf15 I attended an interesting presentation given by Christof Jungo, head of security architecture and engineering at Swisscom.Jungo described Swisscom\u2019s cybersecurity strategy which is anchored by a \u201cnerve center\u201d (based upon Splunk) that centralizes all security data \u2013 network data, endpoint forensics, application logs, identity and access management, threat intelligence, etc. Christof mentioned that this process has helped Swisscom accelerate threat detection.\u00a0In spite of all of this data, however, Christof described that it is still difficult to use this security data as efficiently as Swisscom would like to. Why? Jungo spoke of \u201cIT industrialization\u201d with specialized organizations and tools for the network, servers, applications, etc. So while it\u2019s easy to collect data from all of these stovepipes for incident detection, it\u2019s still difficult to operationalize security data for rapid incident response.\u00a0Yes, you can do one-off integration and rule sets between tools and security analytics platforms, but since each tool has its own policy engine, command structure, and API set, Swisscom claims that this can take 6 to 12 months to accomplish, and his organization simply doesn\u2019t have the luxury of time to integrate security technologies again and again.\u00a0To move beyond this cybersecurity bottleneck, Swisscom is championing an intriguing idea: Open security middleware through an abstraction layer, which Christof calls the collaborative security model. This middleware has a worthwhile objective as it is designed to accelerate the ability to operationalize security data analytics.\u00a0The Swisscom collaborative security model does three things:Re-directs technology integration.\u00a0This is intended to drive \u201cout-of-box\u201d two-way communication between security analytics and policy enforcement technology by placing the integration burden on the security vendors themselves through a series of open published middleware interfaces. It is also useful when enterprises add new types of threat detection tools as they can become part of a holistic ecosystem rather than run as another one-off security control.\u00a0Standardize security syntax and communications.\u00a0Aside from integration APIs, Swisscom is proposing open and freely available libraries for security commands (i.e. deny access, terminate a session, add rules, etc.) to standardize policy enforcement and remediation actions. Jungo believes that the oversight and governance of these standard libraries could be managed by a standards body like the W3C.\u00a0Create a common policy management engine.\u00a0Today, each tool has its own policy management adding time and operational overhead to threat prevention and incident response. To address this inefficiency, Swisscom\u2019s collaborative security model is designed to abstract policy management so that policy enforcement rules can be applied across a multitude of security devices simultaneously.Swisscom isn\u2019t just talking about cybersecurity middleware, it actually has a proof-of-concept working and has already used it to integrate Fortinet and Splunk. The next steps include integration with threat detection and testing\/scanning tools like vulnerability assessment.Ever since I got into cybersecurity, I always thought it was absolutely crazy that security tools don\u2019t work well together. Yeah, I get the competitive marketplace, but c\u2019mon \u2013 we are talking about safety and national security here! Fortunately, the industry is starting to get it. Software-defined everything gives us the opportunity to abstract the control plane just as Swisscom is advocating. Furthermore, we\u2019ve already seen some commercial progress along these lines in areas like network security policy management (i.e. vendors such as AlgoSec, Tufin, and RedSeal) and incident response (i.e. vendors like Invotas, Phantom Cyber, Resilient Systems, and ServiceNow).Swisscom and Christof Jungo deserve a lot of credit for pursuing and promoting this strategy and it sure makes sense to me. Security technology vendors may not like it and could try to disrupt a standard and open middleware layer believing it may strip away their unique value and commodify their tools. To succeed in this effort, Swisscom needs help from other end-user organizations. I strongly suggest that CISOs and security engineers connect with Jungo, follow Swisscom\u2019s progress, and join the effort if they see potential value here.