MI-One Issue #7 - Septembris Edition

Dive into the latest edition of MI-One - your exclusive glance into the security integration and automation sector.

👋 Hello there.

Here we are in the 9th month of the year as it rapidly winds its way down towards Autumn in the Northern Hemisphere.

Curious fact: September derives its name from the Latin word meaning “seven.” That’s not because they couldn’t count, but because they began their year in March (and not January).

Third-party integrations are critical for security products, but they also introduce significant risks. According to Astrix Security, "93% of companies report a cybersecurity breach in the past year related to weaknesses in their digital supply chain," underlining the risks associated with third-party integrations. The architecture and approach to building secure integrations are vital in mitigating security risks while enhancing customer satisfaction.

Hence, we fulfill our role as an ecosystem contributor. In this issue, we will share key observations from the frontlines and explore how they are shaping the third-party security integration ecosystem.

Let’s begin!

(and P.S. in case you missed our August edition, you can find the full text here.)

Introducing the Metron Exchange

Having issues sharing data across multiple platforms? Looking to empower your teams to strengthen your overall security posture across the entire ecosystem?

Good news! We're excited to announce the launch of Metron Integration Exchange, a platform designed to help organizations share and manage data across their security tools seamlessly.

With Metron Integration Exchange, you’ll be able to:

Detect threats faster: By seamlessly sharing data between multiple security tools, you can rapidly and proactively identify potential threats.
Respond effectively: You can initiate timely and targeted responses to security incidents with real-time data access.
Strengthen your security posture: By consolidating and centralizing data, you can gain a comprehensive view of your security landscape and identify vulnerabilities.

Metron Integration Exchange offers robust data handling, customizable integrations, and enhanced security measures to ensure the protection of your sensitive information.

Learn more here.

Under the Lens: Recent Developments in the Industry

Mastercard has announced that it will acquire Recorded Future. The acquisition is valued at $2.65 billion and is expected to close in the first quarter of 2025. Recorded Future is the world’s largest threat intelligence company, and undoubtedly, a leader in this space. Although Mastercard has acquired security companies in the past, this is by far the largest acquisition.

This acquisition is a major step for Mastercard, and it will be interesting to see if Mastercard leverages RecordedFuture as a platform to acquire additional vendors. From a third-party integration standpoint, we expect little immediate change, though there may be expanded integrations with systems and tools across the payments ecosystem.

In Gartner's Emerging Tech: SaaS Ecosystem Security Products Transform SaaS Security report SaaS ecosystem security highlights the impact of the SaaS ecosystem on overall enterprise security.

Among the key factors discussed, the focus on the breadth and depth of integrations stood out to us. Tier-1 players like Microsoft 365, Salesforce, and Google Workspace have comprehensive coverage, while Tier-2 providers, such as GitHub and HubSpot, which cater to specific departments like engineering and marketing, show mixed integration capabilities. Emerging applications, on the other hand, have very limited coverage. Both Tier-2 and Tier-3 providers need to prioritize expanding the breadth and depth of their third-party integrations. A few recommendations we agree with include:
- Identity and Access Management: Integrating IAM solutions like Auth0, Keeper Security, and Okta with SaaS applications can help ensure that only authorized users have access to sensitive data.
- Data Loss Prevention: Integrating DLP solutions like Zscaler and Trellix can prevent sensitive data from being exfiltrated from SaaS applications.
- Threat Detection and Response: Integrating threat detection and response solutions including EDR and XDR tools like SentinelineOne, CrowdStrike Falcon and Cortex XDR can help identify and mitigate security threats in real-time.

Source: Gartner Report — Emerging Tech: SaaS Ecosystem Security Products Transform SaaS Security report

Microsoft's recent announcement regarding mandatory multi-factor authentication (MFA) for Azure sign-ins is a significant development with implications for organizations across various industries. If you’re feeling caught off guard by the changes, our team of experts can help simplify the process of integrating and automating MFA within your Azure environment.
- Centralized Management: Microsoft Entra ID can be used to manage MFA policies across various Azure services centrally, simplifying administration and reducing the risk of human error.
- Enhanced Security Posture: By requiring MFA, Microsoft is strengthening the security of Azure environments, protecting against unauthorized access and data breaches.
- Improved Compliance: MFA can help organizations comply with industry regulations and standards that require strong authentication measures.
- Integration with Existing Systems: MFA can be integrated with existing identity and access management (IAM) systems, providing a more unified approach to security and reducing complexity.
Cloud Detection and Response (CDR) is rapidly becoming one of the fastest-growing categories, driven by increasing demand for integration with cloud-based tools. Gartner predicts that by 2025, 95% of new application workloads will be deployed on cloud-native platforms. CDR offers tailored visibility, monitoring, and automated response capabilities specifically for cloud environments. Unlike EDR, NDR, and XDR—which focus on endpoints, networks, and broader security ecosystems—CDR is designed to address the distinct challenges and vulnerabilities of cloud-based infrastructure.

As you start planning your CDR integration roadmap, we’ve put together a few use cases that we believe could be especially helpful for your planning.
- SIEM Integration: CDR can seamlessly integrate SIEM solutions providing centralized logging, correlation, and analysis of security events, and offering a comprehensive view of the organization's security posture. For example: Wiz + IBM QRadar.
- EDR Integration: CDR can complement EDR solutions by providing additional context and visibility into cloud-based threats. For example: ZScaler + Cybereason.
- NDR Integration: CDR can be integrated with NDR solutions to monitor network traffic and identify suspicious activities, allowing organizations to detect and respond to network-based attacks. For example: ExtraHop + SentinelOne.
- IAM Integration: By integrating CDR solutions with IAM systems, organizations can identify unauthorized access attempts and enforce access controls. This helps prevent unauthorized access to sensitive data and resources. For example: Palo Alto Prisma Cloud + Okta Workforce Identity.
- Threat Intelligence Integration: CDR can integrate with threat intelligence feeds to stay informed about emerging threats and tailor its detection and response capabilities accordingly, allowing organizations to address potential risks proactively. For example: Flashpoint + SentinelOne.

Applications and Version Updates

ServiceNow's Xanadu was released on 10 September 2024 and it brings a range of new features and enhancements, some of which are mentioned below:
- AI-Powered Innovations
  - Optimized AI Platform: Xanadu further optimizes the platform for speed and scale, enabling organizations to leverage AI more effectively.
  - Enhanced AI-Ready Services: New features and improvements in IT Operations Management, Service Delivery, and other areas allow for more efficient and intelligent processes.
- Improved User Experience
  - Enhanced UI Builder and Workspaces: Experience a more intuitive and streamlined interface for building custom applications and managing workspaces.
  - Streamlined Email Experience: Enjoy improved draft management, auto-loading of recent drafts, and support for international characters in email addresses within Workspaces.
- Enhanced Functionality
  - New Schedule Engine Enhancements: Benefit from improved shift support, resolution of rotation gaps, and better handling of holiday schedules and extra shifts.
  - Other Feature Improvements: Xanadu includes various other enhancements across different products and applications to improve overall functionality and efficiency.
- You can go through the official ServiceNow Xanadu release notes to get more detailed information on this release.
Cybereason 23.2 introduces several significant improvements to enhance threat detection, response capabilities, and overall platform performance:
- Enhanced Threat Detection
  - Improved NGAV (Next-Generation Antivirus) Accuracy: The platform now reports file metadata to Cybereason headquarters for analysis, leading to more accurate anti-malware detection and reduced false positives.
  - Expanded File Search: The File Search feature is now available for macOS sensors, providing comprehensive file-based threat-hunting capabilities.
  - Variant Payload Prevention: This feature is now in early availability for Linux machines, offering enhanced protection against polymorphic and metamorphic threats.
- Improved Threat Response
  - Enhanced MalOp Management: The MalOps management screen now includes new filters and sorting options for easier navigation and analysis.
  - Machine Isolation Enhancements: Machine isolation now supports IPv6 addresses and offers improved performance.
  - Quarantine Enhancements: The Quarantined files screen allows you to unquarantine multiple files at once, improving efficiency.
- Platform Enhancements
  - Sensor Updates: The Endpoint Management Channel feature with an Authenticated URL ensures faster and more scalable content delivery to sensors.
  - Performance Improvements: The platform has undergone various performance optimizations, including improved sensor upgrade processes and reduced data collection overhead.
  - User Experience: The Sensor Actions screen provides a centralized view of sensor operations, and the system tray icon on macOS sensors offers enhanced visibility.
- Other updates in Cybereason 23.2 include:
  - OS Support: Expanded support for various operating systems, including CentOS 9, Oracle Linux 9, RHEL 9, Ubuntu 23, Fedora Linux 35-39, Debian 12, and macOS Mojave (10.4).
  - Integration Enhancements: Improved integration with third-party tools and services.
  - Security Enhancements: Strengthened security features, such as sensor tampering protection and enhanced data collection capabilities.
- For a complete list of features and changes in Cybereason 23.2, please refer to the official release notes.

Insights: From Our Integration Factory

CAASM + Trend Micro Vision One: Integrating Trend Micro Vision One with a CAASM platform enables organizations to gain comprehensive visibility, automate incident response, prioritize risks effectively, and demonstrate compliance with security regulations. This combination enhances overall cybersecurity posture and protects critical assets.
XDR + MS Office 365: Integrating MS Office 365 with an XDR solution offers an enhanced cybersecurity posture. By combining the strengths of both platforms, you can gain comprehensive visibility into your Office 365 environments, allowing you to detect and respond to threats more effectively, and prioritize your team’s risk mitigation efforts. XDR solutions can also leverage MS Office 365's advanced threat protection, data loss prevention, and other capabilities to identify and address potential threats. Additionally, the XDR can provide automated incident response workflows, reducing the time to detect and contain threats.
IoT + ServiceNow Service Graph Connectors: Integrating an IoT platform and ServiceNow Service Graph Connectors provides a solution for managing and optimizing Internet of Things (IoT) devices and services within a ServiceNow environment. This integration offers several key benefits:
- Centralized Management: The IoT platform provides a unified platform for managing IoT devices, sensors, and data streams, while ServiceNow Service Graph Connectors enable seamless integration of IoT data into existing workflows and processes.
- Enhanced Visibility: By combining the strengths of both platforms, organizations can gain deeper insights into the performance, health, and utilization of their IoT devices and services.
- Automated Incident Response: ServiceNow's incident management capabilities can be leveraged to automatically detect and respond to IoT-related issues, reducing downtime and improving operational efficiency.
EDR + Google SecOps: This integration between Google SecOps and an EDR provides a solution for threat detection, prevention, and response. This combination offers:
- Enhanced Threat Detection: By combining the strengths of the EDR’s capabilities with Google's cloud security expertise, organizations can more effectively identify and mitigate advanced threats.
- Streamlined Incident Response: The integration enables seamless collaboration between security teams, accelerating incident response and minimizing downtime.
- Improved Visibility: You can gain a more complete view of their security posture by correlating data from both platforms and identifying potential vulnerabilities and risks.