The Concept of Universal Integration
CNN recently reported that cell phones in Europe will soon benefit from a universal charger format. That means that regardless of the cell phone vendor you purchase, there will be one standard connector that will work for all of them. Unfortunately, here in the United States, we have no such regulations and the concept of universal connectors and communication eludes many common technologies.
Consider security technology. Integration between many vendors uses proprietary APIs, standard flat file formats from organizations like NIST, and other technologies borrowed from network management solutions such as SNMP and Syslog. There are very few, if any, real time integration protocols for security solutions that allow them to integrate and perform heterogeneous functions like network management solutions. Security solutions end up generating critical data and it is left to SIEM vendors to correlate the results. This is why third party integrations for security vendors create unique business opportunities before security information event managers even see the unprocessed results, and a strong technology integration partner program is imperative such that your security data in not an island and can be escalated to the appropriate departments.
Consider the concept of generic, universal integration. If a security solution can communicate with other tools using the most common formats like SNMP, Syslog, the Windows Event Log, and provide an open database schema, the concept of universal third-party integration is possible. Any other vendor able to accept these common formats can parse security data and provide additional correlation and business value. The larger question is how does this actually help my business. Consider the following integrations from eEye:
Big Fix – Provides vulnerability and configuration data from BigFix Agents and Retina scans in a single dashboard and reporting for all IP addressable devices
Agiliance – Provides complete GRC information for devices including Retina identified vulnerabilities and the ability to initiate patch management
RedSeal – Identification of security risks from discovered Retina vulnerabilities and native mapping technologies built into RedSeal in a single pane of glass view
ForeScout – Retina vulnerability results assist in critical NAC decisions for device access
Each of these solutions provide additional business value based on detailed integration and universal communication. Solutions with closed cloud architectures, or minimal export and API capabilities, provide only point solutions to a business’s vulnerability management needs. The concept of universal access and standards based communication is not new. Technology has adopted this concept down to cell phone chargers and verticals like network management and security benefit from their widespread adoption. The question really becomes: do your security solutions use these standards, are they certified on the most important ones, and do they ultimately partner with the leading vendors in the industry for technology integrations that can really impact your business and make you more secure? eEye does.