Gathering intelligence is one thing, finding a place to store and distribute it is another.
NetCitadel, a startup that came out of stealth mode this week, unfurled a OneControl Security Orchestration Platform that provides a central repository for collecting data about security events across the enterprise.
According to NetCitadel CEO Mike Horn, most IT organizations can’t afford to set and deploy complex security information event management (SIEM) systems on their own. And even if they do, there are no processes in place for delivering actionable intelligence.
Horn says the OncControl Security Orchestration Platform is a virtual appliance that creates an event bus over which a common security event framework can be extended across both physical and virtual IT systems. That includes the deployment of any new systems on the corporate network that don’t comply with established security policies.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
Most importantly, Horn says that because that security intelligence is delivered as a service, the OneControl Security Orchestration Platform can be deployed on top of existing systems. In contrast, rival providers of security intelligence applications require IT organizations to either deploy expensive systems on premise, or upgrade their existing network infrastructure to access new analytics capabilities. The OneControl Security Orchestration Platform conversely makes uses of RESTful APIs to collect data from both existing and new systems across the enterprise, says Horn. Any solution that requires an organization to rip and replace existing systems simply won’t be accepted by IT organizations.
That information, adds Horn, is then used to not only identify potential threats, but also identify where the most risk is based on where business logic has been deployed.
Recognizing the importance of preventing all security threats from getting past the network perimeter, vendors are now rushing to provide security intelligence systems that automate the process of identifying potential threats. The assumption is that once those threats are identified, remediating those issues is a comparatively simple process.
It’s hard to imagine how IT organizations have coped this far without a comprehensive approach to security intelligence. As is often the case with all-things IT, an ounce of prevention is always worth several pounds of cure, so maybe the time has finally come to file security intelligence under the heading of better late than never.