Happy π Day (03/14) and welcome to the inaugural edition of MI-One, your exclusive monthly peek into the inner world of security system integrations and automation.

Why MI-One?

We built the name by combining (Metron) (Integrations) and “One” - standing in for ecosystem unity.

A little about us:

Here at Metron, we've been in the game, building solutions for 200+ leading security platforms for years. We're not just talking shop; we're right there in the trenches, getting our hands dirty while digging up the latest insights that we can share.

Under the Lens: Recent Developments

A couple of recent trends and predictions for cybersecurity for the coming year.

2024 - The Year of Security Data Lake? Security Data Lakes are rapidly emerging as an influential force in cybersecurity. Data Lake has a scalable architecture and seems to be a more suited approach to log processing compared to similar applications. Will this be the year we see a widespread adoption? Time will tell but the signs are promising. We’ve already delivered a few Security Data Lake/Lakehouse integrations and are consistently seeing more. To get in-depth understanding, go through our guide on how AWS Security Lake is architected to ingest data from multiple sources.

OCSF is on the rise: As the Open Cybersecurity Schema Framework (OCSF) gains traction, security companies are increasingly embracing its standardized approach to data representation and sharing. Adoption has expanded to include more than 145 organizations and 435 individual contributors — an 8x increase between 2022 and 2023.

ServiceGraph Connectors are making strides with Operational Technology: Service Graph Connector integration with the OT Security application automates critical data from: sensor appliances, OT assets, and network connections using the ServiceNow Common Service Data Model (CSDM). The other popular integrations for ServiceNow include Vulnerability Response and SecOps.

Palo Alto ups the ante in cybersecurity with advanced Cortex platform upgrades: Palo Alto Networks recently announced Platformization, a strategy to consolidate their product offering into a single, unified platform. One of the major SOC platforms, Cortex, released important updates to enhance your existing Cortex integration. Their latest advancements and versions in their platforms include:

1. Cortex XSIAM 2.1: Improved visibility, security, and platform usability. Highlights: drill-down dashboards, user risk analysis with OS/location data, and BYOK (Bring Your Own Key) encryption.

2. Cortex XDR 3.9 & Agent 8.3: New threat protection: on-write malware blocking and pre-boot attack detection.

3. Cortex XSOAR 8.5: Enhanced user experience, SOC efficiency, and collaboration. Highlights: multi-tenant incident investigation, secure custom Docker images, and new content packs.

4. Cortex Xpanse 2.4: Leverage MITRE ATT&CK framework to gain deeper insights into vulnerabilities, enabling more effective prioritization and remediation. Enhanced incident response through improved capabilities and increased visibility into user activity.

Insights: From Our Integration Factory

We’ve been busy since the start of the year (is anyone ever honestly not busy?). Here are a couple of the most recent integrations our team recently rolled out:

Amazon Security Lake + OCSF + XDR: OCSF is a universal translator for security tools, making it easier than ever to share data between different platforms. Companies like AWS, IBM, and Splunk are jumping on board, using OCSF to ensure their tools better communicate with one another. Download this Amazon Security Lake Case Study.

Cortex XSIAM + Breach and Attack Simulation (BAS): Cortex XSIAM and BAS tools are like Batman and Robin for your security, offering a one-two punch against cyber threats.

Before you go…

We’re honestly really excited to be rolling out these newsletters - so excited in fact, that we realized that we couldn’t wait to share a sneak peek of what’s coming your way in future installments:

• Snapshots of the top industry news you might have missed.

• Details of the latest integrations our team has rolled out and why you may want to consider them for your organization.

• Conference news and event updates for the industry.

• For more content, you can also explore our Hub vault.

And with that, cheers to seamless integrations and boundless possibilities. Until our next integration rendezvous, stay connected, and never be afraid to innovate!

If any of these caught your eye, don’t hesitate to reach out to us for more details at connect@metronlabs.com.