SECTOR ARE SO
MATT WALMSLEY, EMEA DIRECTOR, VECTRA
Many security teams are
overwhelmed with the scale and
ferociousness of digital threats.
Threats are sneakier and more damaging
and security operations centres (SOCs)
are being worn down, investigating and
stomping out incidents. No one vendor can
fulfil every single security requirement;
there are always integration needs that
drive technology partnerships and we’re
increasingly seeing security vendors
collaborate and partner for the benefit of
One way in which such partnerships
add value is through the integration of
complimentary tools which essentially
compound efficacy. For example, network
security tools like Vectra provide a trusted
view of what’s happening across an
One way in which such
partnerships add value is
through the integration of
enterprise network – from
users to data centre to
cloud – and across
all types of devices,
of our Endpoint
partners, has its
own view of what’s
happening inside highvalue
devices such as
cloud workloads, server and
laptops. Endpoint and network
security tools each have their own very perceptive views and when
that double vision is brought into singular focus, SOC teams can
detect and stop threats faster.
For example, the network viewpoint can tell you that a tunnel is
enabling a system outside your network to control a system inside
your network; while the endpoint viewpoint can tell you whether the
process generating that traffic is a RAT, TeamViewer, etc. Combining
the two perspectives allows threats to be quickly identified, validated
and remediated. It’s an idea that’s catching on quickly.
Just how integrated?
“The integration of endpoint and network security tools has the
potential to reduce the total cost of ownership of security solutions
and deliver better threat detection and automated remediation,”
wrote Gartner analyst Peter Firstbrook in the research note “How
to Decide Whether Endpoint and Network Security Integration Is a
Feature or a Fad.”
However, the true effectiveness depends on the level of
integration. Gartner identifies five levels of integration, from
packaging (Level 1), management (Level 2), threat intel (Level 3), alert
resolution (Level 4) to action-oriented (Level 5).
“Most solutions are integrated only at the packaging or threatsharing
level; few are sufficiently integrated at the policy layer to
change security posture based on context. Consequently, integration
has not yet delivered better-together security,” the report continues.
Robust and feature rich APIs are the foundation of integrations
that enable an enterprise’s well-co-ordinated security architecture.
API permits integration with virtually any other security solution.
This is an area we’ve put a lot of work and development into so that
we can easily integrate our Cognito Network Detection and Response
(NDR) platform with a wide range of leading endpoints, SIEM, SOAR,
Firewalls and other tools.
Integration of tools is enabling security teams to understand the
combined context of detections so they can quickly respond and take
swift, decisive action to remediate cyberattacks and avoid data loss.
Technology integration partnerships are a key enabler to reducing
attacker dwell times and reducing technology and cyber-risk. •