MI-One: Issue #3 Maia Edition
Hello there.
Welcome to the 3rd edition of MI-One, your exclusive monthly peek into the inner world of security system integrations and automation from Metron. (In case you missed out on the previous one, don’t worry! You can browse through our April / Aperire edition here).
Here we are in May. Did you know the month gets its name from the Old English word Maius, which comes from the Greek name for the goddess Maia?
For those who haven't been reading their classics lately, she was a mythological figure associated with growth and increase - two things that are easily associated with spring.
Of course, growth and increase are also things that come to mind quite often when discussing our industry. Since we are just back from the RSA Conference, we will share a few things that are shaping the 3rd party integration space, mainly in cloud security options, new connectors, and even ways of parsing and storing our data.?
Special Announcement and RSA Recap
1. Metron Security partnered with HPE to build 3rd integrations and automation for HPE partners and customers. We are now part of the HPE Aruba Networking 360 Security Exchange. You can read more about it in our blog — Metron’s Partnership with HPE.?
2. Like every year, RSA remains one of the most anticipated events, setting the tone for the direction the security industry will take. Here are a few of our takes from this year’s conference:?
i) Integrations: Best of Breed vs Platform approach is a perennial discussion in our space. The best way forward for maximizing the potential of consolidated tools for customers, we would argue, is by building integrations. In this regard, many vendors would seem to agree too — while AI took center stage for most of the show, we could not help but notice how many booths were increasingly allocating monitor space to show off their breadth of available integrations.
About integrations, Kyle Alspach, Senior Editor at CRN summed things up very well in his article, A ‘Mindset Shift’ In Cybersecurity Industry As Vendors Prioritize Integrations.
Our favorite quote of the event is also about integrations and comes from Proofpoint’s CEO Sumit Dhawan, “Major cybersecurity vendors are now doing integrations to deliver the best customer value — which is different than doing integrations for convenience, for adding capabilities into your product — a shift in the industry that I'm seeing.”?
ii) Cloud: Wiz’s $1B raise at a $12B valuation was a validation that Cloud Security is poised for meteoric growth. A $1 billion bet on consolidating cloud security is certainly driving integrations to improve visibility, detection, and response in the cloud environment, which is more challenging. Within cloud security, we can foresee a convergence of Continuous Threat Exposure Management (CTEM) and Application Security Posture Management (ASPM), and Dazz seems to be in the leader category at the moment.??
iii) OCSF: We attended the OCSF breakfast and it's evident that the community is thriving, with an increasing number of stakeholders, vendors, and customers coming together to address data interoperability challenges.
The discussion there was led by Paul Agbabian, Co-chair of OCSF and VP of Engineering at Splunk. We particularly enjoyed Keith Gilbert, Co-Chair at OCSF, taking on the roadmap — update on OCSF v1.1 to v1.2 with 28 new event classes, 3 additional profiles: Network Proxy, Load Balancer, and Data Classification, and continued expansion of coverage. We also enjoyed listening to Troy Wilkinson, CISO of Interpublic Group (IPG), give his perspective on why he is driving OCSF within IPG and actively advocating vendors for adopting a common schema to ensure seamless data interoperability across platforms. This again drives the point that customer-driven adoption is always critical.
Also, Michelle Abraham, IDC’s Analyst, shared her insightful OCSF survey validating that OCSF adoption is expected to continue to increase over time. We also heard from Matt Eberhart, CEO, and Jeremy Fisher, founders of Query.ai describing how OCSF has been a critical component of their federated search.
Hot off the press: Palo Alto Networks + IBM QRadar
On May 15th, Palo Alto Networks and IBM announced a partnership to deliver AI-powered outcomes to customers. In a nutshell, IBM will facilitate migrating their QRadar SaaS clients to the industry-leading Cortex XSIAM SOC platform. Palo Alto Networks will incorporate IBM’s watsonx large language models (LLMs) in Cortex XSIAM, leveraging IBM’s decades of expertise with Watson.
We are excited about this development, as this means our customers can lean on our experience with multiple product lines across both Palo Alto Networks and IBM Security.
Under the Lens: Recent Developments in the Industry
Back in April, we were able to shine a spotlight on how many large enterprises were pushing towards “unified platforms” - combined stacks of their in-house tools and apps.?
This time around, we want to highlight a couple of major developments that took place in the cloud.
Our Thoughts: 2024 is shaping up to be a major year for developments in the cloud. As more centralized tools adapt and expand their cloud functionality and/or adopt standardized frameworks, such as OCSF, this actively encourages streamlining essential workflows and processes through integration.
What's new in the industry?
Here is the latest update breakdown.
Palo Alto Networks Prisma Cloud 24.5.1 update
Released in May 2024, offers the following security and management enhancements:
Enhanced Security Visibility:
Amazon Security Lake Integration: Gain a more comprehensive view of cloud security issues by integrating with Amazon Security Lake. This lets your analysts leverage a broader context for better decision-making.
Streamlined Login Experience:
Universal Authentication Support: Log in seamlessly using any available authentication option (excluding IdP-initiated SAML SSO).
Clearer SSO Options: OIDC SSO login receives a clearer designation, and Palo Alto Networks SSO login is now supported.
Advanced Vulnerability Assessment:
"Running On/With" Configuration Integration: Achieve more precise vulnerability assessments with the inclusion of "Running On/With" configurations. This ensures vulnerabilities are only flagged if they impact your specific environment.
Expanded Runtime Security Features:
Google Registry Scanning: Scan Google Container Registry (GCR) and Google Artifact Registry (GAR) during GCP cloud account onboarding.
System Load Management: Manage system load associated with TAS applications and Defender using the new REFRESH_INTERVAL_SECONDS environment variable.
领英推荐
OS-Aware Go Package Evaluation: Vulnerability assessments in Go packages are now OS-specific, ensuring only relevant vulnerabilities are reported for your systems.
Kubernetes cri-o Container Blocking: Block Kubernetes cri-o containers based on your defined vulnerability and compliance rules.
Java 17 & 21 Support for Serverless Defender: Users can deploy Serverless Defender on the latest Java runtimes for enhanced protection.
Improved Cloud Account Management:
Account Import Status Filter: Easily manage locally created, manually imported, and auto-imported cloud accounts with the new filter on the Cloud Accounts page.
You can read in-depth on Prisma Cloud’s latest feature enhancements here.
Trend Micro Cloud One?
Latest updates as of May 2024:
New Rules and Standards:
Account Permissions:
Template Scanner Improvements:
Other Updates:
Microsoft Defender for Cloud
May 2024 updates offer:
Enhanced Cloud Security:
Streamlined Management:
Simplified Policy Management: Benefit from an updated security policy management experience in Defender for Cloud, enabling consistent policy management across clouds and offering new features like a unified interface and regulatory compliance management.
Threat Protection Advancements:
Early Access for AI Workloads: Participate in the limited public preview of threat protection specifically designed for AI workloads in Azure. This provides contextual insights and integrates with Responsible AI and Microsoft Threat Intelligence.
Insights: From Our Integration Factory
We’ve been busy since the start of the year (is anyone ever honestly not busy?). Here are a couple of the most recent integrations our team recently rolled out:
1. CAASM + Trend Micro Cloud One: CAASM integrates with Trend Micro Cloud One. This integration enhances organizational cloud security posture through:
i) Unified Asset View: Here, CAASM centralizes asset data from Trend Micro Cloud One, giving you a complete picture of your cloud environment.
ii) Deeper Security Analysis: CAASM combines Trend Micro Cloud One data with its own asset management capabilities, enabling more comprehensive security analysis.
iii) Improved Threat Detection: And finally, consolidated data lets you identify potential threats across your cloud infrastructure more efficiently.
2. Amazon GuardDuty + CNAPP: Integrating GuardDuty with a CNAPP provides broader cloud security. GuardDuty's external threat detection complements the CNAPP's focus, offering a unified view and richer threat context for better incident response.
3. IBM QRadar + CSPM: Our team has recently integrated the QRadar Suite with a Cloud Security Posture Management (CSPM) platform. This innovative integration streamlines security management by consolidating tools and automating tasks. IBM encourages building all new integrations using Universal Cloud Rest API? Protocol since it allows end users to configure data ingestion from REST APIs using a simple XML workflow file. The advantage of taking this approach is that the ingest code resides within QRadar and has been battle-tested, while integrations can focus on the API calls required to fetch events.
Before you go…
As we move into Summer, the conference season keeps on going! One of the upcoming events in our calendar includes:
We’re always happy to spare a few minutes catching up or chatting about all things integration and automation. So don’t be shy - we’ll even buy you a coffee!
Also, Metron is hiring! If you are looking to advance your cybersecurity career in a developer-centric environment, don’t hesitate to apply.
P.S. If any of these caught your eye, don’t hesitate to reach out to us for more details at [email protected].