How to Manage Your Third-party Security Integrations at Scale
Any given enterprise likely employs a half-dozen or more apps in its security operations ecosystem. As your organisation scales, so will its number of integrations.
Good Starting Places
At Metron, we’ve worked with and seen many companies manage their third-party integrations at scale. There’s no single way to handle it for every situation, but we’ve detailed a few examples of highly scalable approaches to maintaining 3rd party ecosystems below.
Hopefully, you’ll find some useful tips for scaling your own infrastructure in a way that's manageable within your organisation’s resources.
1. IBM Security App Exchange: A rich ecosystem established by IBM for third-party to build and publish App Exchanges. They have 100s of applications that can be deployed within any of IBM’s core products, such as QRadar, or IBM SOAR (Resilient).
IBM Security’s App Exchange process is thorough and robust enough to ensure all apps meet certain criteria before they can even be published. In general, it takes 4-6 weeks to get an IBM third-party app certified, but within this exchange are likely dozens of apps that can be integrated into your ecosystem without having to look far for them.
2. Splunkbase: Splunkbase is a powerhouse and highly scalable exchange. Splunkbase has automated a lot of its validation with some great in-house tools. If you’re not sure where to begin, this is a good place to dip your toes into the ocean that is security integrations and apps.
3. XSOAR Marketplace: This is a good example of the evolution of a robust security ecosystem. Demisto, previously acquired by Palo Alto Networks, is one of the leading emerging companies when it comes to great ways to manage integrations while leveraging Github. XSOAR has evolved to a more well-documented process and continues to play a pivotal role for all third-party partners.
4. ServiceNow Store: Even though this is not necessarily a pure-play cybersecurity company, ServiceNow’s influence within enterprises cannot be ignored. ServiceNow Security Operations (SecOps) is vital for many organisations. ServiceNow’s third-party app development model is a bit different from other companies. However, they have set the benchmark for maintaining a premium exchange for managing third-party enterprise integrations for all their clients.
In addition to these great resources listed above, we are also seeing the emergence of marketplaces with more features, making it easy for customers to tailor their experience. Among the many, the few that stand out (according to our experience): SentinelOne’s Singularity Marketplace, Microsoft Sentinel’s Connector Program, and Crowdstrike App Store.
While there are already plenty of options, we are expecting to see more evolved marketplaces as the security ecosystem grows.
In Conclusion
The benefits of integrations are hard to deny. The added productivity and long-term benefits can give your organisation the boost it needs to scale up and grow.
However, like all worthwhile endeavours, there are also challenges that must be addressed. Fortunately, in this case, there are ways to alleviate these growing pains and see beyond the immediate issues your organisation might be facing with its automation and integration needs.
Considering expanding your integrations, upgrading existing cybersecurity operations, or designing custom playbooks? Metron is a development partner with over 200 security platforms and has extensive experience in the security automation space. If you are considering any custom security exchange that helps you scale your business, please send a note to connect@metronlabs.com.
Prashant Koirala is the managing partner at Metron Labs. He is currently enjoying his gravel bike and loves MTBiking when he is in Nepal.