Integrating your security stack via API on a cloud platform greatly simplifies tool use, management, and
            coordination. Those of you familiar with IT operations will recognize this approach as infrastructure-as-a-
            service. For cybersecurity, the equivalent of adopting AWS/GCP to manage infrastructure is found in the
            SecOps Cloud Platform (SCP). Instead of hiring several analysts to monitor dozens of solutions and
            manage their infrastructure, you retain a few experts to operate a SCP.

            An SCP normalizes data, allowing security tools, services, and telemetry sources to communicate using
            a  common  language.  Communications  happen  via  API,  which  fosters  rapid  information  sharing
            throughout the platform and simplifies automation. For example, if you receive an O365 alert indicating
            a suspicious login you could have a script immediately disable the account pending further review. Once
            your security stack is integrated on a common cloud platform you have extreme control over its behavior
            and operation.


            Cloud consolidation does not provide visibility into precisely how private vendors make detections with
            their  black-box  solutions.  However,  you  will  have  full  visibility  into  how  your  security  stack  handles
            information from all sources and control over how it responds to detections. This informative birds-eye
            view can help you discover redundancies, lapses in coverage, and areas of exposure.

            Adopting  an  SCP  frees  your  team  from  the  drudgery  of  maintaining  cumbersome  infrastructure.  It
            consolidates security solutions from the hands of competitive vendors and turns them into cooperative
            resources focused on a common task. In other words, a SecOps Cloud Platform transforms security
            resources into a true cybersecurity community and reliably delivers the benefits we gain from working
            together.




            About the Author

            Maxime  Lamothe  is  the  Founder  and  CEO  of  LimaCharlie.  He  is  an
            accomplished computer scientist and information security specialist. As part
            of the Canadian Intelligence apparatus, Maxime worked in positions ranging
            from development of cyber defense technologies through Counter Computer
            Network Exploitation and Counter Intelligence. Maxime led the creation of
            an  advanced  cyber  security  program  for  the  Canadian  government  and
            received several Director’s awards for his service.
            After leaving the government, Maxime provided direct help to private and
            public  organizations  in  matters  of  cyber  defense  and  spent  some  time
            working with CrowdStrike. For the past few years Maxime has also been providing analysis and guidance
            to  major  Canadian  media  organizations.  Maxime  was  a  founding  member  of  Google  X’s  Chronicle
            Security. He left in 2018 to found LimaCharlie.

            Maxime can be reached online at LinkedIn https://www.linkedin.com/in/maximelb/ and at our company
            website www.limacharlie.io.









                                                                                                            216