It’s an established problem that many organisations have too many security tools deployed. Each one requires expertise, integration points, patches and in the case of many, they can even extend your attach surface. I recently read this article by Rick Howard from Paloalto Networks* and it calls attention to the fact that platforms which don’t integrate [easiliy] are likely to fail the test of enterprise deployments and will not be extensible in the long term, minimising the value they bring to the business.
[…] most network defenders. For their entire careers, they have been trained that vendor-in-depth and best-in-breed are golden principles in cybersecurity. When all else fails, follow the golden principles. […]
Ironically, these same network defenders have missed the point advocated by Geer’s monopoly paper. In it, the authors advocate several actions designed to limit the attack surface of the Microsoft operating system platform:
- Publish interface specifications to major functional components of its code, both Windows and Office.
- Foster development of alternative sources of functionality through an approach comparable to the highly successful “plug and play” technology for hardware components.
- Work with consortia of hardware and software vendors to define specifications and interfaces for future developments in a way similar to the Internet Society’s RFC process to define new protocols for the internet.
[…] you will find that adopting a security platform that integrates with other vendors is exactly the same solution.
Source: https://researchcenter.paloaltonetworks.com/2018/03/cso-security-platform-monopoly/
Rick’s conclusion is valuable and in my experience, a path only some vendors are taking this space.
Publishing open APIs and carefully documenting how to extend and integrate the software with other vendors should be the baseline and not a ‘gold standard’.
*Note that I don’t endorse Paloalto Networks, I just found this article informative and inline with my own beliefs.
