Symantec added new integrations with Amazon Web Services (AWS), Microsoft, IBM, and dozens of other companies and their security tools to its platform this week. The sophistication of cyber threats, the complexity of modern networks, and the cost of security led Symantec to build out its platform and embrace this federated approach.
Symantec said that 120 organizations now are members of the Technology Integration Partner Program — 30 more than at the time of the last update — and can access the Integrated Cyber Defense (IDC) platform. It also expanded the platform’s capabilities, created an “Innovation Playground” for startups, and updated its data loss protection product.
A dense array of disconnected products isn’t the best way to face down powerful and well-coordinated attacks in a decentralized and multi-cloud world. “During the last couple of years we saw this coming,” Symantec VP of business development Peter Doggart told SDxCentral. “We thought what is needed is a platform-oriented approach. The analogy is that [organizations] have been given a box of Lego pieces and have to figure out how to put them together without an instruction manual. I really feel sorry for them.”
United We Secure
Symantec launched its Integrated Cyber Defense platform in 2016 after buying Blue Coat Systems, one of the original cloud access security brokers (CASBs). Subsequently, it opened the APIs to other security organizations and began the Technology Integration Partner Program (TIPP) as a way to encourage integration with third-party vendors. Other new integration partners announced this week include Box, Oracle, ServiceNow, and Splunk. All told, the new partners are building more than 250 security products, all of which now will integrate with Symantec’s platform.
Industry experts agree that an integrated platform approach is pivotal. “[It is] very important as no one vendor can do this alone,” said Jon Ostik, senior principal analyst and fellow at Enterprise Strategy Group. “Large cybersecurity vendors like Symantec need to build an architecture based upon open published standards and interfaces so they can easily plug in third-party technologies. They also need to be proactive by recruiting the right partners and creating a dynamic and supportive ecosystem.”
There is also an element of common sense. Threats are so numerous that reliance on disconnected point products is sure to provide bad actors with ways to evade detection and cause damage. One way to deal with this is for the big vendors to acquire smaller ones, such as Symantec’s acquisition earlier this month of Luminate. The other is confederation. The two methods, of course, can be combined.
“For years, cybersecurity solutions have been delivered as standalone technologies with little interconnectivity,” said Forrester Principal Analyst Joseph Blankenship. “This created an environment where enterprises have solutions from multiple vendors deployed, which leads to high costs, administrative overhead, and little efficiency. Security portfolio vendors are acquiring and integrating technologies to make it easier for security teams to consume and administer those solutions — which is a good thing.”
IDC Exchange, Innovation Playground
ICD Exchange shares data — events, intelligence, and actions – within Symantec and with third parties. It is designed to create a more organized and coordinated view of security. This is key in a landscape in which multi-cloud deployments and other network complex network arrangements are leading to a proliferation of attack surfaces. “It allows us to have abstraction layer across all our products and services,” Doggart said. “Anyone can talk to Symantec. It’s the same language, the same syntax. It’s profoundly different than before, when the focus was point-to-point communications.”
ICD Manager enables shared management capabilities to provide end users with unified visibility into threats, policies, and incidents. The company also this week introduced Data Loss Prevention 15.5.
The Innovation Playground aims to encourage new ideas and bring them under the Symantec umbrella. It will provide Symantec APIs, products, and engineering resources, the company said. There also will be “customer innovation days.”
Both analysts see the approach as a way forward in the never-ending battle to secure cyberspace. “Consolidating and integrating technologies is not new,” Blankenship wrote. “It’s a little new to cybersecurity since this market has been dominated by standalone solutions that were designed for specific uses.”
Ostik suggests that Symantec’s approach will be replicated — and may the best federation win. “It is very important,” he said, “but since all large cybersecurity vendors will follow the same path, the key will be ongoing execution.”