Page 215 - Cyber Defense eMagazine RSAC Special Edition 2025
P. 215

natural  consequence  of  market  competition  where  each  vendor  wants  to  sell  their  branded  suite  of
            solutions.

            Unfortunately, this proprietary approach leads to massive difficulties when SOC analysts and service
            providers try to integrate multiple third-party tools into their security stack. Most medium enterprise SOCs
            use over 50 security tools, and getting them to work together is extremely difficult. Every hour spent
            troubleshooting, integrating, and engineering workarounds for existing security solutions is time SOC
            analysts are not focused on detections and response.



            Build a Community of Competitors?

            There are two primary forces keeping cybersecurity vendors from forming a truly cooperative community.
            First, vendors need to make money to stay in business, and that puts their individual interests in direct
            opposition to all competitors in their space. Second, many vendors sell solutions whose effectiveness
            partially relies on keeping their operational details a secret. These factors alone make building an open
            community among private cybersecurity organizations highly unlikely.

            Instead,  we  should  accept  that  the  competitive  nature  of  business  is  not  going  to  change.  Nor  are
            cybersecurity vendors going to publicly divulge their lucrative secrets for the sake of doing a good deed.
            In  fact,  doing  so  would  be  like  asking  a  bank  to  post  the  blueprint  of  their  vault  online.  Yes,  other
            businesses might gain security knowledge from studying the vault design, but bank robbers would too.

            The  downstream  effect  of  this  necessary  secrecy  are  SOCs  filled  with  dozens of  opaque  solutions,
            requiring large teams of experts to manage. Ironically, many zero trust environments consist of security
            analysts  absolutely  trusting  countless  black-box  vendor  solutions.  While  vendor-trust  is  common  for
            businesses,  we  regularly  see  stories  of  attackers  compromising  organizations  who  use  the  most
            esteemed security vendors in our market. Last year, we also saw an honest mistake from a large vendor
            cause the largest IT outage in history. These lessons should remind us that there is a stark difference
            between securing your organization, and trusting someone else to do so.

            The market forces driving secrecy and competition among cybersecurity vendors force many businesses
            to trust tools they cannot fully audit. However, this does not mean we cannot reap the benefits of fostering
            a  cybersecurity  community  in  other  ways.  There  are  resources  available  today  that  help  third-party
            security solutions work transparently and cooperatively, even when their patent holders will not.



            Community Built by Cloud, APIs, and Automation

            The key to realizing the benefits of a cybersecurity community relies upon adopting a vendor-neutral
            cloud platform for centralizing security resources. Such a platform frees your organization from being
            locked into vendor-specific solutions while also creating a space to integrate your existing security stack.
            Rather than asking your SOC to wrangle countless third-party tools, you create a cloud-based control
            center for centralized management of all security resources.








                                                                                                            215
   210   211   212   213   214   215   216   217   218   219   220