Cyber threats today are more sophisticated than ever. They are specifically engineered to avoid traditional detection methods while silently siphoning data and assets from an organization or, even worse, disrupting the business. In fact, according to a 2015 study from the Ponemon Institute, the annual average cost of cybercrime in the United States is $15.4 million per company.
As we witness the rapidly diminishing effectiveness of defense-in-depth approaches against increasingly sophisticated cyber attacks, organizations need, and are calling for, security solutions that are designed in a way that enable a more agile and dynamic security posture to be built.
One common misconception around solution design in the industry is that having an application program interface (API)-driven approach to cybersecurity is a choice or an option. But, in reality, it’s a necessity. It’s the foundation for enabling organizations to build the security posture they require today, and it offers the flexibility for enhancement to protect against attack techniques of the future. With the speed, breadth and sheer number of attacks organizations face, customers need a “one-stop-shop approach” to cybersecurity. Solutions that have integrated a rich set of APIs are better suited to align with organizations’ orchestration needs with minimal friction or impact to the end user.
Why an API-first Approach is Critical
There are two major benefits to implementing a security platform with an API-first approach. First, it enables the organization to achieve greater compatibility and interoperability with solutions across the enterprise. It is no longer realistic to expect IT admins to reconfigure their entire platform every time a new feature is added or integration needs to take place. With the fast-moving and ever-changing cyber security landscape we operate in, the solution must be able to move as fast as the threat, meaning that there’s no room for downtime to integrate or update. By implementing a cybersecurity platform with an API-first approach, organizations avoid the complexity, time investment, and unwarranted costs associated with integration or feature updates, and can integrate new solutions or features without disrupting the entire system.
Another major benefit gained from an API-driven approach is automation – and, in turn, time savings. When it comes to threat detection and response, the speed with which organizations can evaluate a threat, query its system, and correlate threat intelligence is critical. An API-driven platform enables an organization to automate its security operation workflow, integrating best-of-breed solutions and features to ensure that its IT team is efficiently and effectively responding to potential threats rather than dealing with piecemeal solutions that aren’t able to communicate effectively.
For example, if a new threat emerges that attacks through a method against which an enterprise doesn’t currently protect, a security platform with an API-first approach can integrate data such as threat intelligence, endpoint details, or other security information with other solutions within the enterprise. This integration allows the organization to defend itself within hours, rather than days. This type of flexibility and speed can mean better data correlations, more actionable intelligence and, in the end, a stronger security architecture protecting an organization’s data and assets.
These benefits, compatibility, interoperability, and automation all equate to better threat detection and response capabilities across the enterprise to stop breaches.
The Cloud Advantage
The growing need for an API-driven platform to stay ahead in today’s cyber landscape goes hand-in-hand with having a cloud-native model for delivering endpoint security. This enables organizations to leverage the power of the cloud for crowdsourced threat detection, community immunity through shared threat intelligence, and unprecedented scalability.
When APIs are powered by a cloud-native platform, they are able to harness these same benefits – integrations can be done faster, with minimal downtime, and the platform is able to access a breadth of data sources. In turn, these benefits help an organization prevent, detect, and stop attackers more efficiently – keeping data more secure than ever.
With attacks mutating and moving at an unprecedented pace, organizations need cybersecurity platforms that can move as fast as, and even faster, than the attackers. With API-driven solutions that enable seamless integrations, organizations can ensure that their security architecture includes the best-in-breed capabilities specifically selected and integrated for their needs. Coupled with a cloud-native model, organizations can ensure that their enterprise and its data are protected against the threats they face today, by a security architecture that can evolve for threats that may develop in the future.
Amol Kulkarni is the vice president of engineering at CrowdStrike, where he oversees the company’s engineering organization and customer-facing technology infrastructure. He has extensive experience building large-scale big data enterprise cloud platforms, consumer cloud services, and enterprise products.
Subscribe to Data Informed for the latest information and news on big data and analytics for the enterprise, plus get instant access to more than 20 eBooks.