MI-One Issue #10 - Decembris Edition

Hi there.

Would you look at that - already the end of the year (and what a year)!!?

There’s been plenty of highlights in the world of integrations and automation over these past 12 months, along with key developments that could shape your third-party integrations roadmap for 2025.

Some of the notable ones include:

• We've seen a surge in platformization, with major players like Palo Alto Networks leading the way in consolidating security solutions under one umbrella.?

• At the same time, is XDR becoming "SIEM'ilar," as many EDR providers launch their own SIEM solutions.?
• Additionally, the adoption of security lake integrations, such as Amazon Security Lake has grown rapidly, and OCSF's inclusion in the Linux Foundation is expected to drive greater standardization in cybersecurity data.?

These shifts point to exciting changes and opportunities in integration and automation that we expect to continue gathering steam in the coming year.?

But that’s not all that happened this year. Let’s jump right into the rest of it!

From Growth to Recognition: Metron’s Key Achievements in 2024

This year has been transformative for Metron, marked by growth, achievements, and a drive to continue being a customer-centric company serving the security ecosystem.?

We expanded our breadth of platform expertise, earned prestigious recognition from industry leaders, and made significant strides in delivering value to our customers and partners. We hope that these successes reflect the hard work of our growing team and our commitment to keeping up with the industry.?

Key highlights from this year:

1. Delivered hundreds of integrations, including connectors and parsers, and expanded support to over 300 security and IT Ops platforms.
2. Doubled our team size, enhancing innovation and scalability, and won the Supplier Excellence Award - R&D award from Palo Alto Networks, confirming our industry leadership.
3. Launched the Integration Exchange with hundreds of pre-built integrations.?
4. Broadened our partner ecosystem by partnering with leading security companies, including HPE Aruba and Google SecOps. We will continue to build these partnerships in the coming year.

Looking ahead to 2025, we plan to deepen integrations with leading security platforms, enhance security workflow automation, make the Integration Exchange generally available with more pre-built connectors, and stay aligned with the industry’s rapid pace to drive further innovation.

As shared in the HPE Podcast, the founders of Metron Security, Prashant Koirala and Parag Patwardhan, can take you through Metron’s evolution, highlighting the progress we’ve made and the plans ahead. With a year full of growth, innovation, and strategic partnerships, we’re more energized than ever to continue serving the ecosystem.?

Cybersecurity Highlights of 2024: A Year of Collaboration and Innovation

The cybersecurity landscape in 2024 has been marked by significant technological advancements, strategic partnerships, and a growing emphasis on collaborative approaches to security challenges. Here’s a recap:

• Security Lake: In our inaugural newsletter back in March, we questioned whether 2024 would be the breakout year for security lakes—and so far, it looks like we were right. Demand for security lake integrations has surged with platforms like Amazon Security Lake and Singularity Data Lake (with? AI-based open-source platforms like AI SIEM) leading the way. A standout development has been AWS's introduction of zero-ETL integration between Amazon OpenSearch Service and Amazon Security Lake, enabling in-place querying and analysis of security data without the need for complex data pipelines.?
• OCSF continues to rise: Also in our inaugural edition, we also highlighted the growing adoption of OCSF which has continued to gain traction throughout the year. The list of companies adopting OCSF continues to grow with several leading players embracing it — Amazon, Hunters, SentinelOne, and many more.? We attended OCSF sessions at RSA and BlackHat and were impressed by the approach taken by the Query.ai team, led by their CTO, Jeremy Fisher — more coverage in MI-One#3.? OCSF released 1.3.0 and every release is a major step toward bringing new features and enhancements. A significant milestone this year is OCSF's inclusion in the Linux Foundation. This move is expected to drive more adoption and standardized integrations across the industry. Among the vendors we've spoken to, OCSF is increasingly becoming important for their 2025 roadmaps, with many planning to integrate its standardized framework into their cybersecurity operations.?
• Platformization: The best of breed vs platformization is an ongoing debate in the industry and platformization may have taken an edge this year. We covered platformization very early on, with Palo Alto Networks putting a stake in the ground. Palo Alto Networks seems to be on a great path to execute the strategy. Industry leaders are increasingly adopting this strategy, with consolidation shaping the space. Vendors like CrowdStrike are also making strides, acquiring Adaptive Shield and Flow Security, while also launching NG-SIEM and low-code automation application Fusion. Similarly, SentinelOne’s acquisition of PingSafe strengthens its cloud security, and the launch of Purple AI and the release of the Singularity Platform (with Data Lake) highlights its push for a more inclusive platform. Platformization is proving to be a win-win for enterprises who want to consolidate vendors, and vendors offering broader solutions at competitive prices. However, a key challenge for building integration remains—accessing NFR licenses across multiple product lines within the same company. A unified NFR for an entire portfolio could be a game-changer. Here’s to cheering for NFR platformization!
• In our June edition, we discussed whether XDR is "eating" SIEM or simply becoming SIEM'ilar essentially merging the roles of threat detection, management, and response. Several major EDR providers are now launching their own SIEM solutions, blurring the lines between these technologies. From an integration standpoint, we are seeing more robust frameworks for data ingestion and remediation, enabling better coordination between systems to enhance security operations.?
• In our August edition, we discussed Gartner’s 2024 Security Operations Hype Cycle, which shows SOAR's decline. Meanwhile, no-code and low-code platforms like Tines and Torq are gaining popularity for their ease of use. Despite challenges for standalone SOAR platforms, demand for SOAR features is rising due to cost pressures and growing automation needs. SOAR capabilities are increasingly embedded in broader platforms, such as Palo Alto Networks' Cortex XSOAR (after acquiring Demisto), Google Chronicle’s SOAR through its Siemplify acquisition, and ServiceNow SecOps, which plays a critical role in integrating security operations and automating workflows at scale.
• This was a big year for Cloud Security, with Wiz raising $1B early in the year, followed by Google’s shock acquisition announcement. Wiz then acquired Dazz, a leader in ASPM, doubling down in the space. Cloud Security integration is now a top focus for security companies, with easier-to-build integrations if only an NFR license can be obtained with relative ease.

A Merry Toast to Partnerships, Ecosystems, and Integrations!

Integrations and collaboration power the ecosystem. Here are some standout sound bites and insights from industry leaders that inspired us and grabbed our attention.

1. We are all on the same side — Nikesh Arora, CEO of Palo Alto Networks, conveyed this sentiment to George Kurtz, CEO of CrowdStrike, highlighting that even amidst fierce competition, it's essential to unite against common threats during CrowdStrike outage. Ecosystem wins!

2. More integrations mean greater advantages, particularly in security and AI — Ashutosh Kulkarni, CEO of Elastic,? highlights Elastic’s AI Partnership Ecosystem.

3. Open ecosystems — A call for more collaboration and adoption from all sides. Great words from Sanjay Beri, CEO of Netskope. ?

In our August edition, we highlighted Kyle Alpash, Senior Editor at CRN, who focused on how security leadership is prioritizing integrations after RSA 2024 — A ‘Mindset Shift’ In Cybersecurity Industry As Vendors Prioritize Integrations. As we look ahead to 2025, we believe there will be a growing demand to build a more connected ecosystem and foster greater collaboration.

Finally, working as a vendor to build integrations, we’ve found that acquiring Not-For-Resale (NFR) licenses and getting a development tenant for building integrations remains one of the biggest bottlenecks in the industry. We hope for more collaboration to streamline this process. After all, collaboration is key to fighting adversaries and keeping the bad actors at bay — and that’s what may put an integrated smile on your customers’ faces.

Major Security Application and Version Updates

Before you head out for the holidays, don’t forget to update your platforms to their latest versions! A bunch of platforms have released new versions this year, so make sure you have upgraded them too:?

Palo Alto Networks continues to enhance its capabilities with exciting new features across its portfolio.

• The IoT platform, PAN-OS 11.0.2, released in November 2024, introduces key improvements. For more details, PAN IoT release notes.
• Palo Alto Networks – Cortex XSIAM 2.4 offers enhanced AI-based anomaly detection for faster threat identification, improved incident automation capabilities with new playbook templates, and expanded integration support for third-party data sources.
• Palo Alto Networks – Cortex XSOAR 8.8 was released in September 2024 and included a bunch of feature enhancements including optimized performance for automated playbooks and incident handling and enhanced custom dashboard capabilities for improved visualization.
• With the latest version update of Palo Alto Networks – Prisma Cloud (24.7.3), released on 17th December,? Palo Alto now offers improved identification of cloud-native threats with advanced machine learning models.

Elasticsearch Version 8.17 is now available with new features like Elasticsearch logsdb index mode for reduced storage, Elastic Rerank for improved search relevance, and full-text search for ES|QL for faster and easier log searches. You can read in detail about this in their blog.

ServiceNow’s Xanadu was released in September 2024 with the plans for the release of Yakahoma in early 2025. This release enhances IT Service Management with AI-powered features like Now Assist for ITSM, improving incident resolution and agent productivity.?

Splunk Enterprise Security 7.3.2 was released on June 11, 2024. This enhancement expanded the threat detection framework and offered UI refinements for security investigation workflows.

JIRA had a bunch of releases this year for their platforms too:

• Atlassian Jira (On-Prem) 10.3.x was released on 5th December. It provides performance and security enhancements, including faster issue searches and improved LDAP user management.
• Atlassian Forge (Cloud)’s recent update was released on the 17th of December. The version offers improved permissions management for Forge apps, enhanced Custom UI integration capabilities, bug fixes, and much more.

The suite of Microsoft had a few releases this year a couple of which are mentioned below:

• Microsoft Sentinel had their latest version released earlier this year in August. This version offers enhanced automation for incident response along with new connectors for third-party tools.
• Microsoft Defender for Endpoint had its latest version released in July 2024 (10.8760). It offers enhanced threat intelligence and detection accuracy, as well as improved device performance monitoring.

Top Integrations We’ve Built Over the Year

• AWS AppFabric + CNAPP: The integration of a CNAPP platform with AWS AppFabric offers a solution to enhance security management and threat detection. This integration allows organizations to establish a unified security environment that streamlines operations and bolsters overall security posture.
• Armis + CAASM: This integration aims to streamline the ingestion of critical IoT data. The integration focuses on transferring the users' and devices' data points from Armis to CAASM.
• Amazon Security Lake + OT Security: This integration allows you to transfer security data from the OT security platform to AWS Security Lake. By leveraging the OT platform's REST API and AWS Security Lake's data ingestion capabilities, organizations can analyze and correlate security data from IT and OT environments.
• Microsoft Defender XDR + XSOAR + IoT: This integration aims to enhance device context, improve risk assessment, and streamline security operations. This also helps in enriching device context and risk assessment by fetching and mapping device data from Defender XDR to XSOAR, then populating the IoT platform with critical attributes and risk scores.
• Google SecOps + CPS Protection Platform: This integration automates the import process of security alerts, triggers appropriate security responses, and provides a centralized view of the network's security posture within the Google SecOps portal.
• Google SecOps + EDR: This integration between Google SecOps and an EDR provides a solution for threat detection, prevention, and response
• Microsoft Entra ID + XSOAR + IoT: Entra ID (formerly Azure AD) manages IT infrastructure, including user access and device authentication. The XSOAR platform acts as the bridge between Entra ID and the IoT platform. It facilitates the seamless flow of device data from Entra ID to the IoT devices.
• ServiceNow Service Graph Connectors + IoT: Integrating an IoT platform and ServiceNow Service Graph Connectors provides a solution for managing and optimizing Internet of Things (IoT) devices and services within a ServiceNow environment.

Before you go…

As 2024 has been a year of growth, here’s to building a more secure, innovative future together in 2025. Thank you for being part of our journey!

We look forward to connecting with you in 2025, whether that be at upcoming conferences or elsewhere. Either way, we’ll keep sharing insights as they come our way and always have our eyes open for new opportunities to collaborate.

P.S. If any of these caught your eye, don’t hesitate to contact us for more details at [email protected].