Hi there.

Would you look at that - already the end of the year (and what a year)!!

There’s been plenty of highlights in the world of integrations and automation over these past 12 months, along with key developments that could shape your third-party integrations roadmap for 2025.

Some of the notable ones include:

• We've seen a surge in platformization, with major players like Palo Alto Networks leading the way in consolidating security solutions under one umbrella.

• At the same time, is XDR becoming "SIEM'ilar," as many EDR providers launch their own SIEM solutions.

• Additionally, the adoption of security lake integrations, such as Amazon Security Lake has grown rapidly, and OCSF's inclusion in the Linux Foundation is expected to drive greater standardization in cybersecurity data.

These shifts point to exciting changes and opportunities in integration and automation that we expect to continue gathering steam in the coming year.

But that’s not all that happened this year. Let’s jump right into the rest of it!

Cybersecurity Highlights of 2024: A Year of Collaboration and Innovation

The cybersecurity landscape in 2024 has been marked by significant technological advancements, strategic partnerships, and a growing emphasis on collaborative approaches to security challenges. Here’s a recap:

• Security Lake: In our inaugural newsletter back in March, we questioned whether 2024 would be the breakout year for security lakes—and so far, it looks like we were right. Demand for security lake integrations has surged with platforms like Amazon Security Lake and Singularity Data Lake (with AI-based open-source platforms like AI SIEM) leading the way. A standout development has been AWS's introduction of zero-ETL integration between Amazon OpenSearch Service and Amazon Security Lake, enabling in-place querying and analysis of security data without the need for complex data pipelines.

• OCSF continues to rise: Also in our inaugural edition, we also highlighted the growing adoption of OCSF which has continued to gain traction throughout the year. The list of companies adopting OCSF continues to grow with several leading players embracing it — Amazon, Hunters, SentinelOne, and many more.  We attended OCSF sessions at RSA and BlackHat and were impressed by the approach taken by the Query.ai team, led by their CTO, Jeremy Fisher — more coverage in MI-One#3.  OCSF released 1.3.0 and every release is a major step toward bringing new features and enhancements. A significant milestone this year is OCSF's inclusion in the Linux Foundation. This move is expected to drive more adoption and standardized integrations across the industry. Among the vendors we've spoken to, OCSF is increasingly becoming important for their 2025 roadmaps, with many planning to integrate its standardized framework into their cybersecurity operations​.

• Platformization: The best of breed vs platformization is an ongoing debate in the industry and platformization may have taken an edge this year. We covered platformization very early on, with Palo Alto Networks putting a stake in the ground. Palo Alto Networks seems to be on a great path to execute the strategy. Industry leaders are increasingly adopting this strategy, with consolidation shaping the space. Vendors like CrowdStrike are also making strides, acquiring Adaptive Shield and Flow Security, while also launching NG-SIEM and low-code automation application Fusion. Similarly, SentinelOne’s acquisition of PingSafe strengthens its cloud security, and the launch of Purple AI and the release of the (with Data Lake) highlights its push for a more inclusive platform. Platformization is proving to be a win-win for enterprises who want to consolidate vendors, and vendors offering broader solutions at competitive prices. However, a key challenge for building integration remains—accessing NFR licenses across multiple product lines within the same company. A unified NFR for an entire portfolio could be a game-changer. Here’s to cheering for NFR platformization!

• In our June edition, we discussed whether XDR is "eating" SIEM or simply becoming SIEM'ilar essentially merging the roles of threat detection, management, and response. Several major EDR providers are now launching their own SIEM solutions, blurring the lines between these technologies. From an integration standpoint, we are seeing more robust frameworks for data ingestion and remediation, enabling better coordination between systems to enhance security operations​.

  
  

• In our August edition, we discussed Gartner’s 2024 Security Operations Hype Cycle, which shows SOAR's decline. Meanwhile, no-code and low-code platforms like Tines and Torq are gaining popularity for their ease of use. Despite challenges for standalone SOAR platforms, demand for SOAR features is rising due to cost pressures and growing automation needs. SOAR capabilities are increasingly embedded in broader platforms, such as Palo Alto Networks' Cortex XSOAR (after acquiring Demisto), Google Chronicle’s SOAR through its Siemplify acquisition, and ServiceNow SecOps, which plays a critical role in integrating security operations and automating workflows at scale.

  
  

• This was a big year for Cloud Security, with Wiz raising $1B early in the year, followed by Google’s shock acquisition announcement. Wiz then acquired Dazz, a leader in ASPM, doubling down in the space. Cloud Security integration is now a top focus for security companies, with easier-to-build integrations if only an NFR license can be obtained with relative ease.

Major Security Application and Version Updates

Before you head out for the holidays, don’t forget to update your platforms to their latest versions! A bunch of platforms have released new versions this year, so make sure you have upgraded them too:

• Palo Alto Networks continues to enhance its capabilities with exciting new features across its portfolio.

  • The IoT platform, PAN-OS 11.0.2, released in November 2024, introduces key improvements. For more details, PAN IoT release notes.

  • Palo Alto Networks – Cortex XSIAM 2.4 offers enhanced AI-based anomaly detection for faster threat identification, improved incident automation capabilities with new playbook templates, and expanded integration support for third-party data sources.

  • Palo Alto Networks – Cortex XSOAR 8.8 was released in September 2024 and included a bunch of feature enhancements including optimized performance for automated playbooks and incident handling and enhanced custom dashboard capabilities for improved visualization.

  • With the latest version update of Palo Alto Networks – Prisma Cloud (24.7.3), released on 17th December,  Palo Alto now offers improved identification of cloud-native threats with advanced machine learning models.

• Elasticsearch Version 8.17 is now available with new features like Elasticsearch logsdb index mode for reduced storage, Elastic Rerank for improved search relevance, and full-text search for ES|QL for faster and easier log searches. You can read in detail about this in their blog.

• ServiceNow’s Xanadu was released in September 2024 with the plans for the release of Yakahoma in early 2025. This release enhances IT Service Management with AI-powered features like Now Assist for ITSM, improving incident resolution and agent productivity.

• Splunk Enterprise Security 7.3.2 was released on June 11, 2024. This enhancement expanded the threat detection framework and offered UI refinements for security investigation workflows.

• JIRA had a bunch of releases this year for their platforms too:

  • Atlassian Jira (On-Prem) 10.3.x was released on 5th December. It provides performance and security enhancements, including faster issue searches and improved LDAP user management.

  • Atlassian Forge (Cloud)’s recent update was released on the 17th of December. The version offers improved permissions management for Forge apps, enhanced Custom UI integration capabilities, bug fixes, and much more.

• The suite of Microsoft had a few releases this year a couple of which are mentioned below:

  • Microsoft Sentinel had their latest version released earlier this year in August. This version offers enhanced automation for incident response along with new connectors for third-party tools.

  • Microsoft Defender for Endpoint had its latest version released in July 2024 (10.8760). It offers enhanced threat intelligence and detection accuracy, as well as improved device performance monitoring.