Few organisations rely on a single app, software, or workflow to manage their day-to-day operations as well as its long term growth. Your organisation most likely benefits from anywhere from a half-dozen to close to a hundred different apps, depending on your size and industry.
Relying on multiple platforms certainly benefits your operations, if not acting as an outright necessity. However, the more your organisation scales, the more complex it becomes and often difficult to manage.
Integrations between one app and another provide the valuable service of connecting your platforms, sharing your data, and making your employees more effective at their posts.
COVID has been a major driver in accelerating the growing number of security applications in the past two years. According to Crunchbase – last year (2021) saw an unprecedented $21.8 billion in venture capital poured into cybersecurity companies globally.
Integration is therefore one of the bedrocks of cybersecurity and the cornerstone of the cybersecurity ecosystem.
As the area of surface attack grows, applications focused on specific use cases will grow too. On average, small organisations are using on average between 15 and 20 tools, medium-sized businesses are using 50 to 60, and large organisations or enterprises are using over 130 tools.
While there are certainly benefits, it is best to remember that there are some challenges as well. Below, we share some details on both facets (of which we are fairly familiar, as we built and support over 100 security applications and platforms).
The Benefits of Integration
As more and more tools are added to the enterprise war chest, it is essential to make sure they are also well connected. We have seen security integration outages impacting companies in all kinds of severe manners. Whenever there is an integration outage, it impacts connected applications as well and, thanks to a domino effect, it can eventually impact customers to the point of entering a crisis zone.
It’s worth noting that the integration outage could have happened over a regular cycle of releases such as API deprecation, or even a version upgrade. However, managing it proactively would save a lot of customer support time and also increase customer satisfaction.
It is therefore key for emerging new companies to be connected to larger “Influencer '' applications. As we know some applications have a larger influence in the pecking order of applications. Therefore, it is essential to ensure your security application is integrated.
From experience, we’ve seen how every “influencer” has a well-run technical alliances program to build a richer security ecosystem. It certainly influences an end customer's buying criteria and process.
Time Saving and Better Productivity for SOC Analysts
The most obvious benefit of integrations is that they affect the way your Security Operations Centre (SOC) analysts spend their days and productivity.
Firstly, your analysts save valuable time performing tasks during their shifts and are not overburdened with alert fatigueness. Integration reduces the bandwidth they would have spent performing tasks manually which are more easily automated - especially given the modern tools with machine learning capabilities. Think about it, how many routine aspects (such as the mind-numbing flood of false positive security alerts due to lack of analytics and filtering tools, misaligned integrations,and other mundane tasks) that have to be completed are time-heavy but require a low skill threshold? Plus, integrations also cut out the time to look up forgotten credentials, to log into various platforms, become familiar with other dashboards, and the like.
The second aspect of time-saving is that it frees up your analysts to focus on key security issues. By reallocating resources from time-consuming (and often very routine) work, they can expend their energy on mission critical activities. This ultimately leads to more connected and more secure enterprise (along with happier end customers).
Third, by automating mundane processes through your integrations, your company helps shield itself from repeat human errors. A joint study from Stanford University Professor Jeff Hancock and security firm Tessian revealed that nine in 10 (88%) data breach incidents are caused by human error. Even when errors arise, integrations often also allow for easy troubleshooting, plugging apps directly into your logs for faster recovery and assessment of issues when they arise.
Long Term Savings and Scalability Benefits
The cost for integrations might seem off-putting right out of the box. If you do it in house, there's the labour cost of diverting your employees to a demanding task, as well as often the need to upskill them, provide the necessary research, and so forth. Even when contracting third-party experts, the listed price often seems like a heavy investment.
However, it's best to remember that integrations are not solutions for the short-term. While they do address the immediate problems often found in your day-to-day operations, integrations are designed to go the distance, to grow with your company, and continue to adapt to its needs as time goes on. With this in mind, integrations not only immediately improve productivity, but they carry that benefit forward, making it the new normal in your workflows.
Integrations also give your organisation's application portfolio a strong foundation for future integrations. Rather than slowly accumulating a growing list of platforms, each one having to be managed separately or through manual intervention, your organisation will have an effective and well-layered base upon which additional integrations can be built, to scale, and when needed.
Challenges of Maintaining Integrations
Maintaining version changes and API upgrades is a big one. In agile product management, updates are expected weekly, monthly, or even continuously. On average, we see at least 1 or 2 version changes that may require a little bit of fine tuning for each integration. A proactive approach and planned routine updates can alleviate certain issues.
Cost to Build and Support
As we mentioned previously, the costs of building and supporting integrations can seem daunting at first - especially if your organisation has never undertaken this kind of work before. With a typically pricey initial buy-in for custom-integration work, it might seem difficult to justify the cost to benefits ratio in the immediate quarter.
However, as we discussed earlier, integrations need to be priced according to their long term value. When you calculate the cost of the manual labour and other routine work that goes into the work that your integration can handle automatically, the benefits for the cost structure of integrations only grow over time.
Skills and Development Requirements
The second challenge, which can often appear more daunting than the cost-point, would be the skills required by your team to develop and roll out an integration in the first place. There are thousands of security platforms and tools. Familiarity with both platforms and their APIs is a must, as well as being fluent in the relevant programming languages to get the two platforms talking to one another. Worse, the available documentation for your apps may be sub-par and incomplete, requiring your team to book lengthy calls with tech support or perform their own research into the matter.
Fortunately, challenges such as this can be offloaded by working with a third-party specialist provider. In many industries, there are fellow organisations devoted to application support, integration, and automation, whose staff are already familiar with the issues your team would be likely to face and tackle. In cases such as these, outsourcing can be a viable means of circumventing this challenge.
In our next post, we will be taking a look at approaches by companies to manage third-party integrations at scale and various models of Security App Exchanges.
Considering expanding your integrations, upgrading existing cybersecurity operations, or designing custom playbooks? Metron is a development partner with over 100 security platforms and has extensive experience in the security automation space. If you are considering any custom security exchange that helps you scale your business, please send a note to firstname.lastname@example.org.
Prashant Koirala is a managing partner at Metron Labs. He enjoys the outdoors and yoga. He is currently loving his gravel bike, and tries to go mountain biking whenever he is in Nepal.
Alexander Nachaj is the managing editor for content at Metron Labs. In his free time, he enjoys reading, writing fiction, and going hiking.