CyberJAGO Thoughts & Opinions

JAGO

Sharing a Pragmatic View of Cybersecurity

Open Cybersecurity Architecture: Finally Say Goodbye to 1-1 Product Integrations

Technology offerings are constantly proliferating, and it is time the industry makes a bigger push for an open standard architecture. Without a truly interoperable fabric, we do not have the flexibility we need to choose, reuse, expand and swap the components that are at the core of our jobs.

As technology and threats are constantly changing, having this kind of flexible foundation would make our lives easier. First, the interoperability of all these solutions will not require special implementations or customization, as is currently the rule. Following this new model, we reduce integration complexity and implementation timelines, thus, lowering the overall cost of the solution.

Second, we will not be stuck with components that have outlived their usefulness or do not work as originally advertised. Today, if we need to add or replace things to the systems we have built, to adapt to an evolving landscape, the level of effort is remarkably high. We cannot simply plug in a new component. As a result, we find ourselves unable to evolve and transform.

The idea is to look for a fabric that will take care of the communications between all the different components we have in our cyber security program, whether it is threat intelligence, sending commands or whatever. Whichever communication we choose, should be standard in a way that we are able to take advantage of our products.

Today’s implementations require that we integrate to each component; in other words, a 1-1 relationship. If we want to integrate a single component with ten other components, we must integrate with each of those ten. This creates a quadratic or exponential number of integrations that we must implement and maintain. When we need to replace one of the components, we are disrupting the whole ecosystem. This is time consuming, tedious work that has a negative impact on the business.

Open architecture takes that out of the equation. We create a one-to-many integration framework eliminating the worry about integrating each component. It has built efficiencies into our system when we add or change components. This is vitally important because it streamlines implementation. The incentive to look for things that best fit into our environment shoots up because the effort to transform is minimal while the improvement dramatic.

Think about it as a communication box. The products plugged into that communication box get information that is flowing in all directions. Since it is a common box, we can send a message through it. It is up to the other products to decide whether they use that messaging. Most significantly, we save time. We start building efficiencies. Things that used to take months can take a day. This is a real benefit, not only from a financial standpoint, but also from a security standpoint. Now one can get things implemented and in production much faster. We will be more secure as a result.

There are vendors who are already using standardized open architecture technologies, but they are taking advantage of it on an exceedingly small scale. The problem is not that we lack the technology at our disposal, but that vendors are not adopting it at a higher rate. We need to push in that direction.

Such a push would benefit automation campaigns. Right now, if we decide to block a suspicious action, we do it manually. Systems today are intelligent enough that we can build algorithms with high confidence to detect something bad coming in and notify us to stop it. We can slash our decision-making time. The faster we can stop an incipient attack, the better we can contain it and mitigate its effect.

Automation has not come into its own because it is difficult to implement. There are different matters that we must consider. There is not enough confidence to allow machines to make decisions. Open architecture will help a great deal to focus on what needs to be determined at the human level versus the machine level, simplifying and freeing things up.

Finally, we should look at how we are using technology products to the fullest. When we implement, we only use a small percentage of the capabilities of the products we purchase, largely because there are so many different things and moving parts. With an open architecture, our ecosystem will operate at a much higher efficacy level than before.

Our landscape is much more complex than it was 25 years ago. Motivations are different from what they were before. We, therefore, need to make things simpler to be able to react and stop attacks much faster.

While vendors often claim to be using open standards and APIs, when it comes time to implement these products, they do not necessarily perform at the intended level.

It is for CISOs and community leaders to push vendors for open systems that truly adopt open standards. We need to be clear that we do not want to corner ourselves into a niche-type architecture. We need agility. We need to have the ability to pivot quickly because the cyber landscape is getting increasingly sophisticated at an exponential rate.

And as far as the vendors are concerned, their magic will remain intact by adopting an open foundation.

We need to standardize to simplify things, free ourselves and attain nimbleness because we are up against the wall here and graver things are coming at us every day.

CyberJago

I am a senior executive with over 25 years in the information and cyber security space with a passionate focus on technology, strategy, market share expansion, sales growth, and merger & acquisitions. Formerly the Mexico Chief Information Security Officer for a top 20 Global Bank, I love to tinker and seek solutions to the challenges of technology, regulatory compliance, and Cyber risk.