Matt Walmsley, Head of EMEA Marketing – Vectra, explains why partnerships in the cybersecurity sector are so important.
Many security teams are overwhelmed with the scale and ferociousness of digital threats. Threats are sneakier and more damaging and security operations centres (SOCs) are being worn down, investigating and stomping out incidents. No one vendor can fulfil every single security requirement; there are always integration needs that drive technology partnerships and we’re increasingly seeing security vendors collaborate and partner for the benefit of their customers.
One way in which such partnerships add value is through the integration of complimentary tools which essentially compound efficacy. For example, network security tools like Vectra provide a trusted view of what’s happening across an enterprise network – from users to data centre to cloud – and across all types of devices, including IoT. Cybereason, one of our Endpoint security technology partners, has its own view of what’s happening inside high-value devices such as cloud workloads, server and laptops. Endpoint and network security tools each have their own very perceptive views and when that double vision is brought into singular focus, SOC teams can detect and stop threats faster.
For example, the network viewpoint can tell you that a tunnel is enabling a system outside your network to control a system inside your network; while the endpoint viewpoint can tell you whether the process generating that traffic is a RAT, TeamViewer, etc. Combining the two perspectives allows threats to be quickly identified, validated and remediated.
It’s an idea that’s catching on quickly.
Just how integrated?
“The integration of endpoint and network security tools has the potential to reduce the total cost of ownership of security solutions and deliver better threat detection and automated remediation,” wrote Gartner analyst Peter Firstbrook in the research note “How to Decide Whether Endpoint and Network Security Integration Is a Feature or a Fad.”
However, the true effectiveness depends on the level of integration. Gartner identifies five levels of integration, from packaging (Level 1), management (Level 2), threat intel (Level 3), alert resolution (Level 4) to action-oriented (Level 5).
“Most solutions are integrated only at the packaging or threat-sharing level; few are sufficiently integrated at the policy layer to change security posture based on context. Consequently, integration has not yet delivered better-together security,” the report continues.
Robust and feature rich APIs are the foundation of integrations that enable an enterprise’s well-co-ordinated security architecture. API permits integration with virtually any other security solution. This is an area we’ve put a lot of work and development into so that we can easily integrate our Cognito Network Detection and Response (NDR) platform with a wide range of leading endpoints, SIEM, SOAR, Firewalls and other tools.
Integration of tools is enabling security teams to understand the combined context of detections so they can quickly respond and take swift, decisive action to remediate cyberattacks and avoid data loss. Technology integration partnerships are a key enabler to reducing attacker dwell times and reducing technology and cyber-risk.