Chapter 3. Connecting Best-of-Breed Security Applications

As explained in Chapters 1 and 2, consolidating data in a modern security data lake eliminates data silos and accelerates time to value for all types of cybersecurity initiatives, from identification and protection to detection, response, and recovery. These cloud-built solutions allow security teams to apply powerful analytics to log data and other security-relevant information, all maintained as a single source of truth. This consolidated, single source of truth improves visibility into all relevant data, leading to higher-fidelity insights and better security outcomes.

However, while cloud data platforms support cost-effective analytics at a massive scale, they don’t include all the security integrations, interfaces, and content that security teams need. To complete the stack, cloud data platform providers work with third-party software vendors that specialize in solving security use cases. These security applications typically include out-of-the-box connectors, purpose-built interfaces, and detections that are frequently updated as the landscape evolves. Your chosen cloud data platform should easily integrate with these connected applications so you can quickly add their capabilities to your security data lake. These solutions will empower your security team to transition from the siloed solutions of the past as you perform deep investigations and quickly resolve security incidents.

Today’s purpose-built solutions, ...