A Palo Alto Networks and Aruba Networks partnership to integrate security products reflects a growing trend towards security industry co-operation and threat information sharing, the firms' local heads have confirmed.
The partnership involves the sharing of application programming interfaces (APIs) that allow the companies' threat-analytics and mobile device security tools to share security alerts and information on a regular basis.
This approach allows the two companies to leverage their respective strengths – in traffic analysis and mobile device security – to build a more complete profile of the traffic generated by mobile devices connecting to the network.
“There are new security risks for a lot of organisations now,” Armando Dacal, A/NZ regional director with Palo Alto Networks told CSO Australia, “with the advent of mobility and BYOD, and being able to determine who the actual user is. Even if they are authorised and get onto a network, there are questions about how secure is their device, what applications are they accessing, when and where from, and what data they are producing.”
An ongoing engineering-level integration partnership between the two companies has linked Palo Alto's technology to Aruba's APIs, allowing the Palo Alto platform to gain detailed information about mobile devices on the network, both in terms of their security and user profiles and the data they are accessing.
This approach, said Aruba Networks A/NZ managing director Steve Coad, allows the Aruba platform to help the Palo Alto tools better focus their anomaly-detection technologies.
“One of the challenges with mobile security is that a lot of the breaches are coming from authorised users,” he explained. “As the device logs onto the WiFi network we can learn a lot about it through user profiling – where the device is located, who the user is – and we can feed that back up to the Palo Alto tools.”
A growing number of security vendors are looking at ways to facilitate the flow of security data between platforms that are often being implemented as functional silos with poor sharing of data.
With new security threats emerging on a regular basis – and with increasing success – industry efforts like Structured Threat Information eXpression (STUX) and Trusted Automated eXchange of Indicator Information (TAXII) are emerging as ways of smoothly moving data between platforms.
This sort of portability will be crucial in unifying public and private-sector efforts to improve security responses – and is likely to become more common as security vendors look to expand their capabilities horizontally as well as vertically.
“It's incredibly important for the enterprise to understand who the user is, and make sure the device is safe when it comes onto the network,” Dacal said. “This is a major attack vector and it's where the criminals are focusing.”
Better co-ordination between security platforms will become even more important as new types of mobile device come online, as with the emerging Internet of Things (IoT) model.
“We're at the cusp of incorporating devices beyond mobility,” Dacal said. “The inter connectivity and ability to see across all these different devices, to create a policy and mitigate any threat, is critical. As we head towards greater connectivity between devices, visibility and control are going to be key.”