The Need for a Unified Security Platform in the New World

Cloud computing is widely adopted (Public cloud, Private cloud, or Hybrid cloud). Organizations are finding themselves using multiple public clouds (e.g., AWS, Azure, IBM Cloud) alongside private clouds to build innovative products or services that move their business forward. As a result of Public cloud adoption, cybersecurity is a concern. Organizations are concern about how to navigate securely in the new world of hybrid, multiple cloud environments.

What are the security challenges for a hybrid, multiple cloud environment? 

When organizations build workloads across multiple environments, this widens the attack surface and increases the risk for cybersecurity attacks. As a result of the increased vulnerabilities and threats, businesses seek security solutions to improve threat detection & visibility across hybrid, numerous Cloud environments and pull security insights.

Point solutions are no longer addressing the security needs of businesses.

The security industry has responded to security needs by offering many “point solution” security tools (e.g., Firewall, IPS, log aggregators, etc.), but specific tools and processes only address particular security needs. Due to digital transformation, point solutions individually don’t provide a holistic view of the security landscape. These things managed separately would have varying relevance of the broader security story.

For a long time, organizations have operated in a point solution approach to Security. Over time, the deployment of those security tools has become fragmented, disjointed, and amplified since the emergence of hybrid, multi-cloud environments.

On average, a cybersecurity team uses 25 to 50 various security tools from 10 different vendors to protect their environment. The result is that too much security data is generating. Security analysts don’t have a holistic view of the emergence of hybrid, multiple cloud-native environments. Also, combine that with the shortage of cyber skills in the market; they can’t keep the pace of learning too many tools. Organizations are seeking a vendor consolidation strategy to embrace a new approach to Security.

Threat Management & detection tools and processes are lagging.

Enterprise security tools such as a Security Incident and Event Manager (SIEM) and the use of data lakes are effective but still produce a remaining security gap for threat management teams. Regardless if you have a SIEM in place or not, businesses will continue to push and invest in new places to store generated cyber data across hybrid, multiple cloud environments.

The challenge is getting all the threat intelligence into one engine is a big problem to maintain visibility. For example, a cybersecurity team must spend a lot of time, money, and effort configuring many log sources and integrating point security solutions and forcibly send security data to a SIEM or data lake.

Maintaining one SIEM or even multiple SIEMs still has much relevance, but it adds complexity and becomes expensive to keep in some environments. The deployment of an open platform architecture focused on cybersecurity will address the SIEM gap and increase visibility.

Organizations need an open security platform for a hybrid, multiple cloud environment.

An organization’s threat management teams need a connected security architecture strategy to manage Security from one unified console, “single plane of glass,” to drive a broader security story. Organizations can address this issue by adopting an open security platform that sits on top and integrating with their existing security tools. The open architecture creates “Security as a Platform” that offers integrated applications, services, and an environment for DevOps. The deployment can be on-premises or cloud infrastructure. Connecting all the fragmented security tools and processes enables organizations to have a holistic view and respond to threats faster with less complexity.

Security vendors are offering open security platforms in the market.

IBM, Microsoft, Splunk, Palo Alto, and CISCO are security vendors that provide security platforms in the market. Each vendor gives capabilities for organizations to quickly integrate their security tools to generate deeper insights into threats, orchestrate actions and automate responses.

The following diagram illustrates a high-level overview of IBM Cloud Pak for Security:

Core benefits using an open security platform:

Reduce the complexity of data migration:  It allows a security analyst to connect all security data while leaving log sources in their original location without the complexity and the expense of continuous data migration into a SIEM or multiple SIEMs. The significant benefit for organizations is lowering the cost of integrating point solution technologies.

Flexible deployment on any platform infrastructure: Organizations can run the open security platform anywhere. It can run on-premises or in the Hybrid, multiple cloud environment. As a result from running anywhere, it helps with the skills gap, offloading some of the operational overhead.

Security Orchestration, Automation, and Response:  Organizations can increase the speed to respond to security threats and address risk. Security analysts can extend their team’s capabilities with threat hunting, case management capabilities, and incident handling (e.g., orchestrate across security use cases using automation tools, workflows, run books, etc.).

Open Framework: Organizations can integrate security platforms on open standards with a unified interface. Open standards allow security analytics to connect disparate data sources quickly. Security analysts can use connectors that use an industry-standard protocol (STIX) to configure and translate each data source connection. Open Cybersecurity Alliance (OCA) is working on collaborative efforts that allow open integration with existing security tools and data sources.

An open security platform architecture will provide an opportunity for organizations to increase their security visibility throughout the IT landscape without the ongoing complexity of integration of tools and data migration. The new approach will also allow businesses to grow and expand their security operations through digital transformation and beyond.