Today, the rapidly evolving cyber threat landscape has driven an explosion of security products, generating an ever-increasing mountain of potentially valuable data and insights. But with that comes the increased complexity needed to make sense of it all and extract real value for the organization. Today, integrating security products into an established operational environment can be extremely resource intensive, time-consuming, and costly, all at the expense of many hours that could be better spent threat hunting and responding to malicious actors.
For too long, many cybersecurity vendors have made life harder for customers by assuring their “secret sauce” was theirs and theirs alone. Customer organizations were not able to get the full value from the purchased tools because of the lack of interoperability, the expense of integration and the potentially valuable data locked away in proprietary silos and data formats. This untenable situation provides the cybersecurity vendor community with a real opportunity.
We have seen this play out before. Prior to the beginning of the Industrial Revolution, tools were mostly handcrafted and not precise or consistent enough to support manufacturing needs. It was widespread standardization that changed the landscape and led to the Industrial Revolution. Interchangeable parts allowed for the easy assembly of new and innovative products, much cheaper repairs and fewer skills and time required of workers. Best of all, it led to dramatically reduced costs across the board, for producers and consumers.
Trellix believes we need to foster a similar revolution in cybersecurity today. We need to foster a more open cybersecurity ecosystem, where products from vendors and software publishers can freely exchange information, insights and analytics, and seamlessly orchestrate comprehensive responses to our adversaries. As an industry, we urgently need to further develop and promote openly available common architectural components focused on ontology, messaging, data sharing, tooling, APIs, and practices for operational interoperability amongst cyber security tools. In short, the goal is to “integrate once, reuse everywhere", meaning:
For enterprises and security operations staff, this results in:
For security vendors, the benefits are tangible. They include:
Like the beginning of the Industrial Revolution, where interchangeable parts provided the economic incentives and the foundation for true innovation, we believe an open cybersecurity ecosystem, where products from all vendors and software publishers can freely exchange information, insights, analytics, and orchestrated responses, will lead to real advancements in cybersecurity and provide a foundation for cybersecurity innovation to flourish.
The security industry is not delivering the promised protection that people and organizations need, in large part, because of a lack of collaboration at a data and interface level. There are two dominant cybersecurity models: best of breed, where the customer is free to choose any available product but is responsible for integration; and end-to-end, where a single vendor provides a fully integrated solution. Both models come up short, however, because they are based on closed systems of proprietary interfaces that are controlled by dominant vendors and restrict third-party developer participation. This limits customer choice and favors vendor’s development priorities and resources. Attackers have a critical time advantage, and they are able to exploit the inherent weaknesses in these two security models. When a new threat-type emerges, the security industry responds with new solutions to combat this threat, and customers try to determine which is “the best,” which takes time.
Trellix is committed to playing a powerful, constructive role in helping to solve the world’s most complex cybersecurity challenges. To honor this commitment, we are and have been historically a leading open platform cybersecurity company. To support this evolution, we are partnering with standards organizations, consortia and policy makers to push the cybersecurity industry toward broad adoption of this open platform model. This will help ensure innovation and open competition, and enable the entire cybersecurity ecosystem to meet the security challenges of the 21st century.
Interoperability is critical and vital on multiple levels, as cyber threats continue to challenge organizations across the globe.
The cybersecurity industry needs to change by offering customers solutions that benefit from an open platform model. This is an architecture that makes it easier to deploy and manage a broad set of capabilities, not a business model dictating who and how others can participate. Open cybersecurity platforms increase the rate and breadth of innovation by lowering development costs across the ecosystem. This helps leverage the power of the entire cybersecurity community to help stop the existing and emerging malware, correlate events across the broadest set of threat intelligence, and have compliance solutions appropriate for the largest population of customers.
Cybersecurity vendors should not be competing on plumbing, rather, the plumbing is the foundation – the common platform — upon which cybersecurity tools are built. Cybersecurity vendors have a real adversary we must defeat, and vendors should not be distracted by each of us having to replicate different ways to provide product plumbing.
We must find ways to up-level competition between vendors while focusing on defending against the adversary we all face daily. We need to focus on improving security in order to, for example, help hospitals better understand the threat landscape to prevent life-threatening cyber-attacks, help businesses to focus on their missions and not cybersecurity and to help better identify national security threats in order to protect critical national functions. Interoperability makes these things possible, and we must continue to have the important conversations and take actions needed to make true interoperability a reality.