Insight and analysis on the information technology space from industry thought leaders.

Cybersecurity Must Be About Solution Interoperability as Much as Solution Capability

Here's why interoperability is imperative in defending against modern threats.

Aimei Wei, Stellar Cyber

December 13, 2023

5 Min Read
person typing on keyboard with lock
Alamy

As much as we wish there could be one, there is no one perfect cybersecurity solution that can flawlessly detect and prevent all kinds of attacks. Most products serve their intended purpose and take care of one element of cyber defense, such as threat intelligence or email security.

These products may not put an end to all cybercriminal activity, but they are effective tools in building a dependable security posture. When they work together, they can provide adequate protection that covers the full spectrum of threats affecting modern organizations. As cyber threats continue to evolve, the ability to integrate different products will prove crucial to mitigating those threats.

Interoperability: The Key to Cybersecurity

James Andrew Lewis and William Crumpler, cybersecurity experts at the Center for Strategic and International Studies, explain that modern cybersecurity solutions are not as effective as they should be, partly because of their lack of interoperability. Organizations generally use dozens of cybersecurity software products from an average of 10 vendors, but often these products cannot be smoothly combined and integrated.

There are many powerful security products available nowadays, but none of them can address all threats without some drawbacks. These products are not necessarily lacking in capabilities (in fact, many provide more  functions than organizations can use), but these products do not work together to bolster each other and provide a better overall outcome. As a result, security teams struggle to manually correlate data from multiple products, allowing attackers to discreetly spot and exploit vulnerabilities via multi-layered attacks.

Related:Getting Into Cybersecurity: A Guide for IT Security Careers

If we want to maximize the outcomes of different security solutions, we need to ensure that multiple products from multiple vendors can work together to solve complex challenges. Rather than being bound to products from a single vendor, organizations should be able to bring the best options together under a platform that ensures seamless integration and optimized interoperation.

Enabling This Synergistic Approach

Extended Detection and Response, or XDR, is one technology  that enables different security products to operate together. XDR integrates Endpoint Detection and Response (EDR), Network Detection and Response (NDR), and other solutions into a consolidated and unified platform for analysis, detection, and remediation. XDR collects data from these security tools for unified analysis and easy access. It then normalizes and correlates data to bolster threat detection accuracy and minimize or even eliminate false positives. It thereby supports proactive threat hunting, broader forensic investigations, and efficient incident response.

Related:How to Deal With Cybersecurity Budget Cuts

XDR vendors develop their products as "captive" solutions. If the vendor claims its solutions support integration, this is usually limited to other products from the same vendor or with the leading solutions offered by popular vendors. These solutions are not complete collections of every needed security tool; and even if a "complete" cybersecurity solution existed, organizations often hesitate to abandon their existing cybersecurity products, given all the expenditure and training they have already invested. Moreover, one vendor's EDR solution may be very effective, while its SIEM or NTA solution isn't as desirable.

However, an upgraded version of XDR, called Open XDR, expands the integration to all available security-related data from all third-party and open-source solutions, and that delivers more comprehensive interoperability and better protection.

Skepticism and Controversy

Solutions that integrate different cybersecurity products allow organizations to maximize the benefits of the different security tools at their disposal. They deliver better threat detection accuracy and faster responses. The benefits of this approach seem obvious — however, many remain skeptical for at least two reasons:

First, there is a perception that vendors overpromise and overhype their products. Many security vendors take advantage of the lack of clear and established definitions for cybersecurity terms. For example, some vendors promise the ability to integrate multiple security solutions, but on closer look their products are limited to consolidating their own products, which  undermines the basic premise of Open XDR.  In addition, some vendors promise fast and easy deployment and "out-of-the-box" or "configuration-less" operation, only for organizations to discover serious issues in the actual deployment, integration, and operation.

Secondly, cybersecurity technology evolves very rapidly. Every year, new attacks, solutions, and buzzwords emerge. This leads some organizations to think that adopting a product like Open XDR would be short-sighted given that it may be supplanted by some other technology a year or two later.

To gain the attention and trust of prospective users, XDR vendors and their solutions must demonstrate credibility by making only honest claims, and by having a track record of effectiveness and efficiency. When it comes to the concern of evolving protection to address rapid advancements in attack techniques, buyers should be sure an XDR solution is based on real technology that can adapt in response to the changing threat landscape.

Two Equal Priorities

Using strong, substantial security tools is a priority, but security teams are not taking full advantage of these tools if there is no cohesive strategy that takes into account how they interact with and support each other.

Again, most reputable security products have enough features and functions. The challenge is to take full advantage of these capabilities by integrating the best products while considering cost, usability, effectiveness, and efficiency. This cohesive approach has obvious logistical advantages for often-swamped security teams, and, it means that cybercriminals are less likely to be able to exploit chinks in the organization's cybersecurity armor.

Any sports coach can tell you that a dozen incredible players are worth nothing if they cannot play as a team. Your cybersecurity infrastructure is a crucial team, up against formidable opponents, and no matter how strong its different components are, they need to be working together to win.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like