Last month, we started a series on the blog to explore Security Automation & Orchestration as a new technology. Comments are enabled for the series as we are hoping to see participation from the community.
In that first post, we shared a list of key characteristics for Security Automation & Orchestration. Being “Vendor Agnostic” was one of the characteristics, and the focus for today’s post.
By its nature, automation and orchestration requires integration with security products and services that investigate, contain, correct and remediate threats; this is how it serves as “connective tissue”. The integration challenge is daunting based on number of vendors in the market alone.
“I have categorized 1,440 IT security vendors in 35 countries.”
– Richard Stiennon, IT-Harvest, 2016
Even when the list is narrowed to focus only on the most widely deployed vendors, there are cases when coverage for security products and services may fall short of what’s required for effective automation and orchestration. For example, integration can sometimes present a conflict of interest to companies that offer a suite of security solutions. One can image how a vendor that provides an automation & orchestration platform as well as other security products may not offer the same depth of support for products from competitors (e.g. a sandboxing vendor that also offers security automation & orchestration may not support all sandboxing vendors consistently).
When evaluating automation and orchestration, there are advantages to choosing vendors who are technology agnostic or free from constraints that may limit their ability to offer equal support for security products and services regardless of the source. This ensures a broad range of use cases can be created to address the heterogeneous technology environments common in most organizations.
We’ll continue to elaborate on each of the key characteristics and solicit input from the community. For now, we’d like to hear your thoughts on the importance of being vendor agnostic.
- Do you agree that it is important?
- Are there limitations in what can be automated or orchestrated across vendors that offer competing solutions?
- When thinking about automation, what other benefits would you associate with products that are vendor agnostic?
VP, Products & Marketing
Phantom, which was recognized as the most innovative company at the 2016 RSA Conference, automates and orchestrates key stages of security operations from prevention to triage and resolution; delivering dramatic increases in productivity and effectiveness. Ranging from simple automation to fully autonomous response, Phantom lets you choose the best balance that fits your organization’s needs while increasing security and accelerating security operations. Focused on closing the security gap by enabling enterprise security operations to be smarter, faster and stronger; Phantom provides the flexibility to connect in-house and third-party systems into one consolidated, integrated and extensible platform. Phantom was founded by enterprise security veterans Oliver Friedrichs and Sourabh Satish who have helped propel companies like Symantec, Sourcefire, Cisco and others to success. For more information visit: www.phantom.us.