Vendor Collaboration in the Cybersecurity Industry is Essential (and Our Customers Deserve It)

July 28, 2020
Vectra AI Security Research team
Vendor Collaboration in the Cybersecurity Industry is Essential (and Our Customers Deserve It)

With businesses scattered into remote workforces, vendor collaboration in the cybersecurity industry is essential. As people continue to work remotely, vendors in the cybersecurity industry must collaborate to deliver effective security solutions. Businesses today face unprecedented challenges across all industries, making vendor collaboration in cybersecurity even more essential.

There has been a remarkable and rapid shift in the way companies operate as record numbers have implemented a remote workforce to keep their operations going and their teams collaborating. Indeed, the Office of National Statistics (ONS) data from May estimates that roughly half of workers in the United Kingdom now work from home, compared to just 5.1% in 2019.

Cybercriminals have been quick to take advantage of a prolonged period where organisations have had to sustain a remote workforce. Many cybercriminals are specifically seeking to exploit VPNs and other exposed aspects of remote working. The increased threat profile and newly exposed attack surface means that while their operations may be scattered, businesses need advanced security capabilities that are cohesive, focused and agile.

The gamut of security technologies—from network detection and response (NDR), endpoint detection and response (EDR), perimeter defences, and privilege access management in the cloud, data centre and enterprise—must possess low friction. And they must integrate seamlessly with the workflows and processes of security teams that operate them.

Security vendor integration

As the cybersecurity market continues to grow and diversify, organisations have benefited from being able to choose from an increasingly large array of services and solutions to address their unique security needs. Most security architects have constructed operations that include services, tools and systems from multiple vendors that cater to specific needs, such as email security, firewalls, endpoint protection, security information event management (SIEM), and threat detection and response.

While some vendors offer an extensive suite of security products under a single brand, customers can end up compromising on capabilities. Conversely, using services, tools and systems from multiple vendors enables customers to benefit from their specific expertise and pick the best-in-class solution for each capability gap they need to address. However, a multivendor approach can come at the expense of overall cohesion. Products from different vendors do not necessarily work well together, resulting in the security team having to manage multiple systems that do not share information with each other and cannot be fully automated into a single system.

With hundreds or even thousands of threat behaviour alerts coming through every day, having to manually crosscheck different solutions wastes time and labour as security teams act as human middleware. This also creates operational gaps that allow threats to go undetected. Responsibility for overcoming these issues falls not with individual companies, but with the security industry. Vendors must create solutions that work with others, facilitate automated workflows, and free-up valuable human resources for high-value tasks to keep up with modern threats and incident response.

Playing nicely together creates security value

Delivering collaborative security offerings requires solutions that are technically and strategically aligned. When it comes to the front-end technical side of things, security solutions need APIs that allow different tools to communicate and share information effectively. But APIs alone do not offer a complete solution. They are merely interfaces that require connections to be built and interactions orchestrated. The next step involves using those APIs to connect interactions and features shared between different tools, often via embedded apps and widgets.

Strategic alliances can deliver powerful benefits to vendors and help their customers to improve their security posture. Vectra has worked with CrowdStrike, Cybereason, Microsoft and many more to integrate the Cognito Platform to work in harmony with their EDR solutions.

This enables security teams to work together to improve visibility and insight into the threats they are facing and reduce their incident response time. When CISOs deploy different solutions that work together efficiently, they are much better equipped to connect the dots among different sources and respond accordingly.

This approach is like the SOC visibility triad model, which combines NDR, EDR and SIEM including Microsoft Sentinel, Splunk and Q-Radar. The SOC visibility triad can be applied to cloud, data centre and SaaS as well as enterprises, hybrid clouds and IoT networks—while also incorporating attacker behaviour modeling. By achieving excellent SOC visibility you can significantly reduce the risk of threat actors moving undetected for extended periods inside your organisation. Early detection and response can make the difference between a contained incident or a catastrophic breach.

As vendor integration continues to improve, there will be a more concerted effort by the security industry to form strategic partnerships and create solutions that work smoothly together. This will serve to reduce technical complexity and risk and create new value in how security operations are performed. With organizations set to face continued challenges in securing their expanded remote operations, integrated tools and processes will help security operations teams cover more ground and be more effective in mitigating cyberattacks.