In September, Micro Focus held its Cyber Security Summit in Washington D.C. where customers and security professionals met to discuss today’s threats and how to address them. This was a great way to highlight our expanded security portfolio, with the second day focusing on the individual product tracks. Customers had the choice to follow one of these five product tracks: ArcSight security operations, Fortify application security, Identity & Access IAM, Voltage data security and ZENworks endpoint management.
While it was great to meet with our ArcSight customers face to face, we talk to our customers and potential customers year-round, and we have found that most organizations employ a variety of different security tools and point solutions, each with different strengths and capabilities. Now, using multiple tools has its advantages, however, it can also have its drawbacks. If the tools aren't properly integrated, they can create workflow problems that hinder, rather than enhance, security. Without a unified way to manage tools, security analysts will find themselves hopping from tool to tool, in the so-called “swivel chair” approach, which will result in a loss of visibility, speed, and efficiency.
That’s why I wanted to share with you a highlight from the ArcSight track, which was a presentation by Marius Iversen, a platform engineer for a major telecommunications company located in the Netherlands. He discussed the need for his organization to abstract event data related to their customers into a custom web driven portal. In order to accomplish this, they use APIs (Application Programming Interfaces) extensively, which allowed them to present visualizations based on data pulled from many different security tools into a single customer dashboard.
Even though applications like ArcSight are natively multitenant, there are also security advantages to having them access data through a custom portal, verses giving them direct access to the tools themselves. As he states it “ArcSight is generally integrated into the core of your network where you don’t want customers having access. We resolved this by using APIs because we can control what data comes out and what information should be presented to customers.”
Marius shared with us some of the ways he efficiently develops, tests and documents APIs with tools such as Slate and Postman. As a major contributor to the ArcSight community, he hopes to share much of the work he’s done back to the community so keep an eye on his posts.
Also, check out our new whitepaper, Security Tool Integrations through APIs—A SecOps Best Practice You Can’t Ignore, on the basic use of APIs, a great way for any SecOps team to achieve the optimal level of tool integration.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.