Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE

Don’t have a “swivel chair” approach to Security Operations

charles.clawson Respected Contributor.
Respected Contributor.
1 0 1,471

In September, Micro Focus held its Cyber Security Summit in Washington D.C. where customers and security professionals met to discuss today’s threats and how to address them. This was a great way to highlight our expanded security portfolio, with the second day focusing on the individual product tracks. Customers had the choice to follow one of these five product tracks: ArcSight security operations, Fortify application security, Identity & Access IAM, Voltage data security and ZENworks endpoint management.

swivel chair2.jpgWhile it was great to meet with our ArcSight customers face to face, we talk to our customers and potential customers year-round, and we have found that most organizations employ a variety of different security tools and point solutions, each with different strengths and capabilities. Now, using multiple tools has its advantages, however, it can also have its drawbacks. If the tools aren't properly integrated, they can create workflow problems that hinder, rather than enhance, security. Without a unified way to manage tools, security analysts will find themselves hopping from tool to tool, in the so-called “swivel chair” approach, which will result in a loss of visibility, speed, and efficiency. 

That’s why I wanted to share with you a highlight from the ArcSight track, which was a presentation by Marius Iversen, a platform engineer for a major telecommunications company located in the Netherlands.  He discussed the need for his organization to abstract event data related to their customers into a custom web driven portal.  In order to accomplish this, they use APIs (Application Programming Interfaces) extensively, which allowed them to present visualizations based on data pulled from many different security tools into a single customer dashboard. 

Even though applications like ArcSight are natively multitenant, there are also security advantages to having them access data through a custom portal, verses giving them direct access to the tools themselves. As he states it “ArcSight is generally integrated into the core of your network where you don’t want customers having access. We resolved this by using APIs because we can control what data comes out and what information should be presented to customers.” 

Marius shared with us some of the ways he efficiently develops, tests and documents APIs with tools such as Slate and Postman.  As a major contributor to the ArcSight community, he hopes to share much of the work he’s done back to the community so keep an eye on his posts. 

Also, check out our new whitepaper, Security Tool Integrations through APIs—A SecOps Best Practice You Can’t Ignore, on the basic use of APIs,  a great way for any SecOps team to achieve the optimal level of tool integration.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.