What’s in a name? When it comes to the term ‘security platform,’ quite a lot, going by its overuse in the industry. This moniker is increasingly being deployed in the marketplace to describe varying types of solutions. We maintain that in order for an offering to be called a security platform, it must meet the following criteria:
- Comprehensive coverage: A platform offers visibility and builds efficiency across the broadest set of control points, not a small cross-section of your security environment.
- Integrated operations: You must be able to do more than see a problem. You must be able to detect, block, and remediate it, meaning all your tools are used within the platform experience.
- Open architecture: A platform that is proprietary is only half effective when you are leaving out control points, threat intelligence sources, and other critical tools that don’t integrate.
I covered the first two points in a previous post, where I laid out the requirements for a security platform. For instance, integrating just a couple of controls does not qualify. In this post, I will focus on the last point, which is that to truly be effective, a security platform must be open.
An effective security platform must be open
With the extreme number of threats lurking online, and the explosion of different apps and devices being used by today’s workforce, it takes teamwork to keep corporate networks safe. While Cisco offers the broadest set of security technologies that covers the widest swath of threat vectors and access points, our promise to customers is that we will integrate with complementary technologies and their legacy investments. They should be able to glean value from all of their security spending and still benefit from an integrated platform experience.
Furthermore, in light of trends such as remote working and digital transformation, it’s become imperative that security technologies and teams do not work in a silo. Not only do security tools have to work with one another to adequately defend today’s networks, but they must also work with other technologies in the IT and networking realms to foster the levels of automation and collaboration necessary to effectively and efficiently fend off evolving threats. Otherwise, threats slip through gaps in coverage, get lost amidst conflicting alerts, or security teams simply don’t have enough resources to deal with them even when they’re identified.
The days of the primacy of the point solution are over. In our Cisco 2021 Security Outcomes Study, it was found that well-integrated technology was one of the most important factors influencing security program success. Regardless of which technologies you have in place, and what you plan to acquire in the future, there must be a way to tie it all together if you’re going to stay a step ahead of attackers. Put another way, to be “best of breed,” a product has to include a platform experience.
Relating this to our consumer lives, when was the last time you bought a smartphone or fitness tracker without expecting a platform on the backend to help you sync data, collect key metrics, and share media? That’s why when we launched our Cisco SecureX platform last year, our intent was always for it to be open and integrate a comprehensive range of capabilities to bring a platform experience to all products, not just our own.
Cisco SecureX: A refresher
Cisco SecureX is a cloud-native, integrated platform that connects the entire Cisco security portfolio as well as many additional security, IT, and networking technologies from both Cisco and third parties. The goal is to simplify security via a single console. To substantially decrease the manual steps necessary for detecting, investigating, and remediating attacks. To streamline operations and conserve resources. And to enable traditionally separate solutions and teams to work together for stronger defenses.
“We have a small team, and [SecureX] helps us know what attacks are coming at us, and efficiently analyze and remediate quickly.… It is a very effective threat management tool, easy to use, and is very detailed to find any threats, block the incoming source, and remediate all infected devices.”
— Glenn McConnell, IT Director for Eagle Copters
SecureX provides unified visibility and control across your entire infrastructure – network, cloud, endpoints, and applications – reducing the complexity and confusion associated with the use of dozens of point products. In short, we bring everything together to help you do security better. And by everything, we don’t just mean our own products, although they are certainly a key piece of the puzzle.
So how do we do this?
How do we bring everything together in a way that is seamless and effective?
We offer pre-built integrations, an open architecture, and an expansive partner ecosystem to help you connect as much of your security infrastructure as possible. We work with everyone from the biggest names in IT to the niche, specialist providers, including many of our competitors. We partner with over 200 organizations to help make security as simple as we can for our customers. In short, we go to great lengths to make sure you can maximize your existing infrastructure while innovating for the future. Our SecureX integrations span two main focus areas: threat response and orchestration.
SecureX threat response integrations
Our SecureX threat response partnerships and integrations help you aggregate, analyze, and respond to threat data and intelligence from multiple sources in a cohesive way. These integrations include a wide range of security technologies – for example, email security, firewall, and SIEM/SOAR, just to name a few – in addition to threat intelligence feeds from key players such as our own Cisco Talos, plus Google, Microsoft, IBM, and many more.
SecureX orchestration integrations
SecureX orchestration integrations allow you to build automated workflows for dealing with common threats and routine security activities like threat hunting. Our orchestration integrations draw from both Cisco security capabilities and other security and IT solutions such as our own Webex, plus those from Microsoft, ServiceNow, Slack, and more. These automated workflows can help you reduce repetitive tasks and save critical working hours for your team.
For a more in-depth look at our various types of integrations, see the recent paper from ESG:
Integrating the Stack with Cisco SecureX
What are the benefits of these integrations and partnerships?
To do security right these days, it requires vast amounts of coordination. Coordination that the typical security team does not have the resources to do manually. In fact, 82% of customers said the ability to connect Cisco SecureX with third-party tools is important to them. And in a recent poll conducted by Cisco, more than a third of respondents said they were spending 40+ hours to integrate two or more security products.
Our robust set of integrations allows security teams to:
- Quickly analyze large sets of disparate data and threat intelligence to get a clearer picture of what’s going on in their environment. (As well as share intelligence from SecureX with third-party systems.)
- Use various technologies together to detect, investigate, and orchestrate a coordinated response to any potential threats across multiple vectors and access points.
- Automate common security tasks for a more streamlined approach to SecOps (as well as many NetOps and ITOps functions).
- Dramatically decrease the time spent integrating disjointed point solutions.
All of our integrations and partnerships enable you to leverage the strongest and most capable security solutions you have at your disposal – whether from Cisco or others – and make them even better by allowing them to act as a collaborative system. And because SecureX is cloud-based, open, and scalable, you can easily incorporate new capabilities into the platform as your needs evolve.
Finally, why are we discussing this now?
This week at our virtual Cisco Live conference, we’re taking our open platform and partnership approach to the next level. We’re showcasing new, automated workflows for combating supply chain attacks, phishing, and more. And we will soon make third-party integrations even easier through turnkey configurations for partner technologies such as Google, ServiceNow, Splunk, and others. SecureX customers will be able to configure these third-party integrations the same way they would Cisco integrations, without having to deploy new code in their environments.
These advancements support our overall mission of providing customers with simplified security, comprehensive protection, and always-on security intelligence – which are all impossible to deliver without an open architecture and strong relationships across the tech industry.
Learn more about Cisco SecureX and our open platform.
very interesting read