Beyond the API: Why Technical Partnerships Matter in Cybersecurity - Part 1

It's an age-old debate: When building a cybersecurity strategy, should you start with best-in-breed tools for each security need and kludge them together into a patchwork defense? Or should you look for an all-encompassing solution, one that may not address every need well but unifies protection and makes workflows easier to manage?

Fortunately, there's a third way. If vendors work together and integrate their technology in strategically meaningful ways, you don't have to compromise. You get the simplicity of a single-vendor approach without giving up the capabilities and features you need to keep your organization secure.

There's no silver bullet in cybersecurity, and no single vendor is an island. That's why we invest so much time and resources into our technical partnerships. And it's why technical integrations and ecosystem partners should be a key consideration in your cybersecurity strategy.

Here are just a few of the benefits you get through our technical integrations and partnerships:

  • Lower risk. Close partnerships result in better threat detection and faster response. When your tools can share intelligence and analyze threats cooperatively, each solution enriches the others for a more complete view of the threat.
  • Faster investigation. Well-deployed integrations can automate many of the manual tasks involved in following up on and verifying alerts. This not only speeds up the investigation process but frees up your security team to focus on the things people do best.
  • Adaptive controls. Your users' risk profiles are always changing—they face new threats, get better or worse at spotting phishing emails, gain new access privileges, etc. Deep technical integrations let your tools talk to one another and dynamically apply new policies and added security layers as needed.
  • Holistic views of threats, users and data. Context is critical to detecting and verifying threats. The more closely integrated your tools are, the better you can correlate data around attacks, user activity, and data for a more complete picture of your threat environment.

APIs aren't partnerships

You might be tempted to think that formal partnership and integrations are superfluous in today's cybersecurity market. After all, most security vendors have well-documented application programming interfaces (APIs). These software "hooks" let outside developers tap into specific features of the tool without working directly with the company that designed it.

By themselves, APIs are limited, and that's by design. They open up a narrow subset of features, often simple data-ingestion and management functions. While these tie-ins can be useful, they offer a tightly defined range of benefits.

APIs also usually means more work. When you're using an API, the onus for configuring and testing your integration (or your integration vendor), trying to connect two tools whose APIs weren't purposely designed to work together can be arduous. And the effort often requires workarounds that defeat the purpose of integrating them.

Even when a vendor offers an API, as most do, deeper technical integrations offer much more value.

Take our partnership with CrowdStrike. We integrate Proofpoint Targeted Attack Protection (TAP) with CrowdStrike Falcon for two-way intel sharing.

In deployments that use both tools, incoming email attachments trigger both solutions' actions, if Falcon knows the file to be malicious. TAP automatically blocks it before it reaches users' inbox. Simultaneously, if TAP determines the file is malicious in its analysis, Falcon automatically adds it to its intel database of known bad files. This multilayered defense and shared threat intel give our customers expanded insight into email threats.

Another example is our partnerships with access-management and identity-governance vendors. Our insight into your Very Attacked People™ enables you to automatically adjust security controls and access privileges based on a users' risk at any given moment. For instance, a user-facing an unusually high volume of malicious email may need to be re-authenticated because of the increased risk of account compromise. Or you may want to reduce access to someone who has failed a phishing simulation until the user has completed a security-awareness training module based on that threat.

Working with a select group of best-in-breed vendors allows us to build technical integrations that are more focused and strategic. In other words, our goal isn't to list a bunch of integrations based on both companies having APIs. We build deep integrations that make sense for you, our customer.

In the second and final part of this blog post, I will be discussing a few of the integrations we offer.

Subscribe to the Proofpoint Blog