A fast-forward button for integration to a unified security architecture.
One of the reasons why the Mission Impossible premise has resonated across the generations is that all of us, at one time or another, are handed projects that seem to come with that label. Unfortunately, if you’re like me, you feel more like Wile. E. Coyote holding that bomb as it explodes, rather than the cool Tom Cruise or unflappable Peter Graves if you are an old-school fan.
It seems I am always searching for the magical fast-forward button or time machine that allows me to bend the laws of time and physics to defuse the bomb and save the day.
Impossible? Maybe not always. Consider the following scenario:
The architect for ALPHA, which is merging with another company, ZED, is trying to sort through and integrate ZED’s application software and data with ALPHA’s systems to create a unified security operations environment. In 60 days, the security infrastructure has to be 1) functional 2) compliant 3) reliable. And of course, the analysts won’t tolerate any visible change –such as slower performance, loss of features, and longer wait times for searches, reports, or visualizations.
Our hero has figured out which data and applications to keep and connect. In some cases systems will run side by side, before eventually replacing one system with another – some of Zed’s software is more modern and capable than ALPHA’s, and both companies have some existing (legacy) software that can’t be shut down anytime soon because of compliance or mission-critical functions. So our hero knows which assets he cares about. Now he has to make it all talk together. In 60 days.
One day, our hero, is blissfully sipping tea while researching integrations from his key vendors, looking for APIs and scripting options. Suddenly, the CISO comes in with an update from the board meeting: Accelerate the merger’s close by 30 days, because the timing is helping the competition disrupt deals. That means he has to get the integrations done in half the time. Our hero needs a fast forward button for the plan.
Now the bomb is ticking down. There’s no peace in the architect’s cube. The “to do” list of integrations looks way too long. Precious few of the commercial vendors offer the necessary integrations off the shelf, and he can’t believe how few publish APIs or scripting frameworks for self-service. Open source would help, but that code requires validation and testing. How the heck is he going to pull this off? 16 hour days?
Our scene advances as the CISO checks back in the next morning. While the architect was caffeinating for a long day of writing custom integrations, the manager was breakfasting with a CISO for a health care provider. That CISO was talking about the rollercoaster of the last few years, with one merger per year. But they had found a time machine. Last year, her team used OpenDXL to integrate the two companies’ applications and had great results. OpenDXL Python scripts connected all the apps to a common application framework. This approach made it easier to add apps and data sources as they matured their requirements, and also to insulate systems from direct dependencies. This abstraction gave them more flexibility to distribute and evolve the underlying systems as well. It was the best merger experience they’d had in 5 years, and the CISO felt ready to handle whatever the Board dealt out next with aplomb.
The architect was already googling for “OpenDXL”. Even if the story were only half true, it had to be worth a shot. On GitHub.com/opendxl lay a treasure trove of integration examples, free downloads, and test software for integrating applications. A link to mcafee.com/dxl showed that several of the company’s targeted applications and vendors were already integrated with DXL. Best of all, an architecture guide for best practices showed how to integrate applications through OpenDXL. The integration to do list was looking shorter and more realistic by the minute.
Fast forward. It’s 30 days later, and our hero has made it. Systems running, compliance audits passed, uptime goals met. Whew. And an unexpected benefit – because DXL has a real-time data exchange, several of the SecOps team’s tedious serial workflows had gotten FASTER. Maybe the fast forward button was stuck on. That was a technology glitch to get excited about. And when the CISO handed out a bonus check for meeting the date, the day got even better.
If you think about it, the best stories on Mission Impossible were always the ones where the tools to solve the case were already available. It was just a matter of knowing where to look. So what are you waiting for? The clock is ticking…