MI-One Issue #9 - Novembris Edition

In this newsletter, we focus on developments with SOAR, upcoming industry events, and security application updates.

Anmol Jain

8 min read
MI-One Issue #9 - Novembris Edition

Hello there,


November is here, and with it comes the crisp autumn air and the anticipation of Thanksgiving. As we settle into the quieter months, it’s a perfect time to reflect on the year gone by and plan for the future.


But while we're enjoying the festivities, the digital world remains as dynamic and challenging as ever. Cyber threats continue to evolve, and staying informed about the latest vulnerabilities and attacks is crucial - especially as the holiday season keeps many of us away from the workplace.


In this edition of MI-One, we'll be taking a closer look into the latest trends in security integration and automation, noting how emerging technologies like AI and machine learning are shaping the future of cybersecurity, along with the role of third-party integrations in securing complex IT environments.


So, let’s dive in!

Under the Lens: Recent Developments in the Industry

This section covers the recent updates in the security integration and automation ecosystem — overall industry trends, announcements, and how they may impact your security and IT Ops platforms’ third-party integrations — improving automation and interoperability.  Some of the recent highlights that stood out for us include:

  • Automation, including Hyperautomation, continues to be a strategic focus for CISOs and security leaders as they drive efficiency and scalability in security operations. Hence SOAR solutions remain strong and relevant in the cybersecurity landscape, and continue to evolve with more desirable emerging features. GigaOm published their SOAR report outlining the latest trends and innovations. The report indicates a continued preference for standalone and vendor-agnostic solutions, even though most SIEM and XDR providers now offer integrated SOAR features. This highlights the demand for flexibility and the ability to integrate tools from multiple vendors to suit specific security requirements.


    The GigaOm report also suggests specific recommendations for Developing Partner Ecosystems, i.e., third-party integrations are the key to maximizing SOAR platform effectiveness. A few key insights stand out based on our hands-on experience in the trenches.

    • Integrating with LLMs like GPT4, OpenAI’s GPT4, or Anthropic’s Claud,  SOAR tools can enhance user interactions with natural language commands.

    • Integrating with security data lakes like Amazon Security Lake to enrich investigations, and identify correlations.

    • DevSecOps and security-as-code to enable analysts to manage and configure systems using code repositories, version control, and automated deployment.

  • Speaking of SOAR platforms, ServiceNow Security Incident Response is emerging as a major challenger, with strong third-party integration capabilities that are becoming essential for security vendors. Its orchestration tools streamline IT and security operations, making it a key platform in the evolving cybersecurity ecosystem. ServiceNow continues to expand its footprint in the industrial sector through strategic acquisitions and partnerships. The recent acquisition of Mission Secure and the ongoing collaboration with Siemens are prime examples of this strategy in the OT security space. For a deeper technical perspective on how OT platforms integrate with IT systems like ServiceNow's CMDB and Vulnerability Response, feel free to refer to one of our blogs — OT Platform’s Journey with ServiceNow: A Technical Deep Dive. This post explores the key considerations for seamless OT and IT integrations with ServiceNow platforms, helping organizations optimize both security and efficiency.

  • Consolidation continues to be a major theme for this year — Sophos' recent announcement to acquire SecureWorks and the merger between Trustwave and Cybereason. The mergers and acquisitions involving Secureworks and Sophos, as well as Cybereason and Trustwave, signal a strategic shift towards creating more comprehensive and integrated cybersecurity solutions. It will enhance their integrated cybersecurity offerings by expanding MDR, EDR, and XDR capabilities. These integrations will lead to increased automation, better API support for third-party tools, and more seamless connectivity across platforms.

  • Palo Alto Networks Prisma Cloud has enhanced its integration with Google Cloud Marketplace to streamline cloud security management. This integration allows seamless purchasing, unified billing, and faster deployment of Palo Alto’s solutions, simplifying adoption for enterprises. Prisma Cloud’s updates include tools like AppDNA, which provides structured, application-centric visibility, and Infinity Graph, offering deep contextual analysis of risks across misconfigurations, vulnerabilities, and exposure paths. These advancements ensure robust security workflows from code to cloud, while the integration with Google Cloud enhances scalability and operational efficiency for customers.

Are you looking to build out your integration roadmap with security or IT Ops platform? Ping us at  connect@metronlabs.com to start the conversation.

Highlights from Industry Events

October was a busy month for most folks —juggling back-to-back conferences in Vegas, fueled by coffee and security talks. Still not sure if we learned more new security acronyms or how to navigate the Vegas maze just to get to the next meeting. A few ones we covered:

  • Highlights from SentinelOne OneCon 2024  OneCon 2024 highlighted SentinelOne's vision for a future where security is integrated, automated, and intelligent. Key highlights — Enhancements to the Singularity Platform and demonstrate its integration of endpoint, cloud, and IoT security, focusing on a unified approach across the attack surface. Singularity Hyperautomation and Singularity AI SIEM’s automation capabilities were emphasized. In addition, Purple AI and the Ultraviolet Family of Security Models received significant updates. Purple AI introduced advanced automation for alert triage, investigation, and hunting, reducing manual workload in SOCs.

  • Highlights from Oktane 2024 — Okta has unveiled a new industry standard, IPSIE (Interoperability Profile for Secure Identity in the Enterprise), aimed at enhancing the security of SaaS products. This standard could help streamline development and integration across products, enabling organizations to focus on critical security tasks. IPSIE offers organizations real-time visibility and action capabilities, such as Universal Logout, with reduced effort. This enhances response times, minimizes security risks, and simplifies identity security management across platforms like Google, Office 365, Slack, and Atlassian.

Security Application and Version Updates


Stay ahead of the curve with the latest application and version updates.  In this section, we highlight key updates, new features, and critical bug fixes that are shaping the cybersecurity landscape and may have an impact on your third-party integration.

  • The latest release of Palo Alto Network’s Cortex XDR — Cortex XDR 3.12 and Cortex XDR Agent 8.6; brings significant enhancements to security posture and incident response capabilities. Features and enhancement — Export/Import Configuration, Advanced Analytics, Improved XDR Collectors, Streamlined Email Ingestion, and Powerful XQL Capabilities. For a more detailed understanding of the modifications and enhancements of these features, you can refer to the official documentation by Palo Alto Networks.


  • Secureworks Taegis XDR continues to evolve with exciting new features and enhancements. Recent updates (Secureworks Taegis  XDR v3.6.5), released on 8th November 2024. Key enhancements include:

    • Expanded Third-Party Integrations: Support for a wide range of data sources such as Honey (Scadafence), Skyhigh Secure Web Gateway, and Sophos XG Firewall, enabling broader security coverage and improved interoperability with other security solutions.

    • Automation and Playbooks: Updated GraphQL APIs for creating custom playbooks and connectors, allowing security teams to streamline workflows and integrate tailored automation into their processes.

    • Improved Endpoint Management: Updates to the Taegis Endpoint Agent bring reduced system impact, enhanced telemetry, and seamless auto-updates for Windows, macOS, and Linux environments.


    These developments underscore Secureworks’ emphasis on delivering a cohesive, and integrated security ecosystem. For more detailed information, please refer to the official Taegis XDR release notes.


Before you go…

Well, it’s a wrap on most of the conferences for the year. We've got one last one coming up:

  • AWS re:Invent, Las Vegas, 2-6 December


Looking forward to seeing you in Las Vegas if you can make it! After that, it’s onward to the New Year.

Unlock the full potential of AWS for your cybersecurity needs with Metron’s tailored integrations. Ready to enhance your AWS ecosystem? Let’s connect at connect@metronlabs.com.

What to Expect at AWS re:Invent 2024


At AWS re:Invent 2024, several sessions will focus on automation, integration, and security applications. A few that we expect to be key highlights of the conference include:

  • Security Insights and Innovation with AWS: AWS CISO Chris Betz will share his insights into how security innovations and generative AI can drive secure innovation. The session aims to highlight strategies to integrate and automate security processes.

  • SEC219  Uncovering sophisticated cloud threats with Amazon GuardDuty: Learn how GuardDuty enhances security automation through threat detection and automated responses, helping streamline security operations.

  • SEC343  Identify a prioritization strategy for security response & remediation: This session discusses automating response and remediation using AWS Security Hub, which integrates with other tools for more efficient security management.

  • SEC401 – Inspect and secure your application with generative AI: Explore how generative AI and Amazon Inspector help automate application security assessments.

  • SEC314 – Accelerate your DevOps pipeline and remain secure with policy as code: This session focuses on integrating security policies into CI/CD pipelines, ensuring automated compliance and risk management.


Metron specializes in building robust and scalable AWS integrations for diverse cybersecurity platforms, including AWS Security Lake + OT, Amazon GuardDuty + SIEM, Amazon Security Lake + IoT, Amazon CloudWatch + CNAPP, AWS Network Firewall + CAASM, and more.

As Thanksgiving approaches, we’re beyond grateful for our customers and ecosystem partners—your trust lets us build connected security ecosystems that keep the bad actors on their toes. Huge thanks to our team of champions — working hard in the trenches to make security smarter, faster, and more seamless. Together, we’re doing our part, one integration at a time!

Read more

Metron Security Blogs

We build, manage, and maintain integrations for leading digital security companies and teams of all shapes and sizes.

Home

Top Integrations

Popular Blogs

Case Studies

© 2024 Metron Security. All Rights Reserved.