No cloud API is an island

The evolution of cloud services has coincided with the development of advanced Application Programming Interfaces (APIs) that allow developers to link cloud computing services together, making its data and functionality available for other programs to use. Increasingly, these APIs are also being leveraged for security orchestration and automation, providing valuable data, and granular controls to organizations managing complex cloud apps, and cloud-based network infrastructure.

The better a cloud app connects and communicates, the easier it is for security teams to have the visibility, data, and controls they need.

Try the Free LogicHub MDR Jump Start for AWS

A perimeter mindset is too simplistic

However, as APIs become more central to security, it’s disappointing to see how primitive the APIs remain for many legacy security tools. Many conventional security tools, such as firewalls, IPS, WAFs, and SIEMs, that are widely deployed today, were built with a perimeter mindset – “keep the bad guys out, and keep the good stuff in.”

This fortress mentality also meant that communication with other tools was secondary, and even considered a security liability. But in the 20+ years that many of these tools have existed the security world has dramatically changed.

What legacy security tools get wrong

Many of these legacy tools were designed to analyze a small slice of security, make decisions via hard-wired rules, and deliver information in the form of alerts. This assumed several things that over time have proved to be problematic:

  • The security tool knows best.Surely a good firewall, with the right rules can make good enough decisions on what’s good or bad. Nope – not even close.
  • They know the context of what’s going on.Like a mall cop, these tools watch the traffic, and try to guess what people are doing and why. Sorry, Paul Blart – profiling doesn’t work.
  • They can keep up with the volume of threats.Actually, they can… if you turn off detection. But if you want to really detect and respond, you’re out of luck.

It’s probably not fair to ask legacy tools to keep up with threats that weren’t imagined when they were designed. In fact, many of these tools see traffic and collect data that could provide valuable context to more sophisticated, modern analysis systems. But this would require that they communicate well and provide deep and granular APIs.

Clearly, APIs were not a priority when we had disparate islands of network security. Each tool just had to do its job, deliver alerts, get the occasional rule tune-up, save logs, and rely on an army of security analysts to pick of the pieces and figure out what’s going on.

More (contextualized) data is required

But in today’s reality, where threats are rampant and security experts are hard to find, sharing data is critical and context is everything. To keep up with billions of events requires AI systems that can handle vast amounts of data, continuously learn what is good, bad, or suspicious, understand “normal” behavior by establishing baselines across millions of data points, and ultimately automate routine decision-making.

To do this requires more data – not less, and that’s where advanced APIs come in. For example, a modern threat will come in through multiple network channels, and cloud applications. Indications of phishing might show up not just in email, but in social platforms, financial apps, or even CRM systems. A newly discovered vulnerability might be critical for some unpatched systems, but not a concern for others, and all this critical information might be contained in your ITSM system – often not even in the security loop.

Osterman Research explores why organizations early to embrace MDR services report higher security posture across multiple dimensions in The Rush to MDR: Achieving the Promise of Elevated Security Posture.

Identifying weak links in the legacy security chain

Modern security tools, with the help of great APIs, can analyze all channels, find patterns across domains, consolidate the redundant noise, and take actions to block threats, file ITSM tickets, and alert stakeholders through any communication channel.

Ironically, the weak link in these scenarios are the limited APIs from legacy security stalwarts like firewalls and SIEMs. While they are in a prime position to see lots of security data, and more advanced cross-channel tools could find valuable clues and context, their APIs are often too primitive to deliver relevant data quickly.

The good news is that modern cloud APIs, from AWS, Azure, ServiceNow, Salesforce, and many other platforms are fueling this new approach to security, and inherently understand that sharing more data, more context, and more granular controls can dramatically improve security outcomes, and make these cloud applications more security than their legacy network counterparts.

You don’t necessarily need to get rid of legacy security tools, but when you evaluate them, look closely with their APIs and compare them to modern cloud APIs. If they don’t play well with others, it’s probably time to pull the plug.

The Definitive MDR Buyer’s Guide: Everything You Need to Know to Choose the Right Managed Detection and Response Service

LogicHub harnesses the power of AI and automation for superior detection and response at a fraction of the cost. From small teams with security challenges, to large teams automating SOCs, LogicHub makes advanced detection and response easy and effective for everyone.

Blog

Related Posts

September 13, 2022 Kumar Saurabh

Why No Code Solutions Are a Double-Edged Sword

Most out-of-the-box security automation is based on a simple logic — essentially, if “this”...

Learn More

August 16, 2022 Willy Leichter

Understanding MDR, XDR, EDR and TDR

A program with proper threat detection and response (TDR) has two key pillars: understanding the...

Learn More

August 9, 2022 Willy Leichter

Intuition vs. Automation: What Man and Machine Bring to Data Security

Cybersecurity experts Colin Henderson and Ray Espinoza share their take on the automation-driven...

Learn More

August 2, 2022 Anthony Morris

Using AI/ML to Create Better Security Detections

The blue-team challenge Ask any person who has interacted with a security operations center (SOC)...

Learn More

July 26, 2022 Willy Leichter

How to Select the Right MDR Service

It can be difficult to understand the differences between the various managed detection and...

Learn More

July 21, 2022 Willy Leichter

The Evolving Role of the SOC Analyst

As the cyber threat landscape evolves, so does the role of the security operations center (SOC)...

Learn More

July 19, 2022 Kumar Saurabh

Life, Liberty, and the Pursuit of Security

As cyber threats evolve, organizations of all sizes need to ramp up their security efforts....

Learn More

July 15, 2022 Tessa Mishoe

LogicHub Security RoundUp: July 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More

July 12, 2022 Willy Leichter

Security Tools Need to Get with the API Program

No cloud API is an island The evolution of cloud services has coincided with the development of...

Learn More

July 6, 2022 Willy Leichter

Why the Rush to MDR?

LogicHub recently published a survey conducted by Osterman Research, looking at changing trends and...

Learn More