July 12, 2022 Willy Leichter
The evolution of cloud services has coincided with the development of advanced Application Programming Interfaces (APIs) that allow developers to link cloud computing services together, making its data and functionality available for other programs to use. Increasingly, these APIs are also being leveraged for security orchestration and automation, providing valuable data, and granular controls to organizations managing complex cloud apps, and cloud-based network infrastructure.
The better a cloud app connects and communicates, the easier it is for security teams to have the visibility, data, and controls they need.
Try the Free LogicHub MDR Jump Start for AWS
However, as APIs become more central to security, it’s disappointing to see how primitive the APIs remain for many legacy security tools. Many conventional security tools, such as firewalls, IPS, WAFs, and SIEMs, that are widely deployed today, were built with a perimeter mindset – “keep the bad guys out, and keep the good stuff in.”
This fortress mentality also meant that communication with other tools was secondary, and even considered a security liability. But in the 20+ years that many of these tools have existed the security world has dramatically changed.
Many of these legacy tools were designed to analyze a small slice of security, make decisions via hard-wired rules, and deliver information in the form of alerts. This assumed several things that over time have proved to be problematic:
It’s probably not fair to ask legacy tools to keep up with threats that weren’t imagined when they were designed. In fact, many of these tools see traffic and collect data that could provide valuable context to more sophisticated, modern analysis systems. But this would require that they communicate well and provide deep and granular APIs.
Clearly, APIs were not a priority when we had disparate islands of network security. Each tool just had to do its job, deliver alerts, get the occasional rule tune-up, save logs, and rely on an army of security analysts to pick of the pieces and figure out what’s going on.
But in today’s reality, where threats are rampant and security experts are hard to find, sharing data is critical and context is everything. To keep up with billions of events requires AI systems that can handle vast amounts of data, continuously learn what is good, bad, or suspicious, understand “normal” behavior by establishing baselines across millions of data points, and ultimately automate routine decision-making.
To do this requires more data – not less, and that’s where advanced APIs come in. For example, a modern threat will come in through multiple network channels, and cloud applications. Indications of phishing might show up not just in email, but in social platforms, financial apps, or even CRM systems. A newly discovered vulnerability might be critical for some unpatched systems, but not a concern for others, and all this critical information might be contained in your ITSM system – often not even in the security loop.
Osterman Research explores why organizations early to embrace MDR services report higher security posture across multiple dimensions in The Rush to MDR: Achieving the Promise of Elevated Security Posture.
Modern security tools, with the help of great APIs, can analyze all channels, find patterns across domains, consolidate the redundant noise, and take actions to block threats, file ITSM tickets, and alert stakeholders through any communication channel.
Ironically, the weak link in these scenarios are the limited APIs from legacy security stalwarts like firewalls and SIEMs. While they are in a prime position to see lots of security data, and more advanced cross-channel tools could find valuable clues and context, their APIs are often too primitive to deliver relevant data quickly.
The good news is that modern cloud APIs, from AWS, Azure, ServiceNow, Salesforce, and many other platforms are fueling this new approach to security, and inherently understand that sharing more data, more context, and more granular controls can dramatically improve security outcomes, and make these cloud applications more security than their legacy network counterparts.
You don’t necessarily need to get rid of legacy security tools, but when you evaluate them, look closely with their APIs and compare them to modern cloud APIs. If they don’t play well with others, it’s probably time to pull the plug.
The Definitive MDR Buyer’s Guide: Everything You Need to Know to Choose the Right Managed Detection and Response Service
LogicHub harnesses the power of AI and automation for superior detection and response at a fraction of the cost. From small teams with security challenges, to large teams automating SOCs, LogicHub makes advanced detection and response easy and effective for everyone.
August 2, 2022 Anthony Morris
The blue-team challenge Ask any person who has interacted with a security operations center (SOC)...
Learn MoreJuly 26, 2022 Willy Leichter
It can be difficult to understand the differences between the various managed detection and...
Learn MoreJuly 21, 2022 Willy Leichter
As the cyber threat landscape evolves, so does the role of the security operations center (SOC)...
Learn MoreJuly 19, 2022 Kumar Saurabh
As cyber threats evolve, organizations of all sizes need to ramp up their security efforts....
Learn MoreJuly 15, 2022 Tessa Mishoe
Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...
Learn MoreJuly 12, 2022 Willy Leichter
No cloud API is an island The evolution of cloud services has coincided with the development of...
Learn MoreJuly 6, 2022 Willy Leichter
LogicHub recently published a survey conducted by Osterman Research, looking at changing trends and...
Learn MoreJune 28, 2022 Willy Leichter
Cybersecurity professionals Colin Henderson and Ray Espinoza share their take on in-house versus...
Learn MoreJune 22, 2022 Willy Leichter
Security Information Event Management (SIEM) systems are an outdated technology. It’s no longer...
Learn MoreJune 15, 2022 Tessa Mishoe
Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...
Learn More© 2017-2022 LogicHub®
All Rights Reserved
Privacy Policy
Terms of Use
Sitemap
© 2017-2022 LogicHub®
All Rights Reserved
Privacy Policy
Terms of Use
Sitemap