Summary Bullets:

• SPIFs enable pre-integration of standalone third-party security products, eventually enabling enterprises to construct a customized, more effective enterprise security solution architecture.

• SPIFs are nascent, but they will have a growing impact on security product purchasing decisions. Leading-edge enterprises should begin researching SPIF ecosystems.

Enterprises have long been frustrated with the lack of interoperability among their enterprise security point products. The average large enterprise uses dozens of unique commercial security products and services, with few if any of them designed to work together.

Security product integration frameworks (SPIF) have the potential to change the game. SPIFs facilitate the sharing of security-related metadata, help standalone security products and services to interoperate effectively, and ultimately improve the efficacy of enterprises’ unique security architectures.

So what is a SPIF and how can it possibly deliver on such lofty ambitions? At its core, a SPIF is a fancy message bus system, typically augmented with authentication and access control, message encryption, subscription management and limited message store. Its centralized interconnection and messaging architecture enables security products to distribute data to other products and services and receive data from them. Third-party vendors add a SPIF’s pre-built messaging client code into their own products, customizing it as needed, and voila: enterprises using a SPIF can integrate products supporting that SPIF, often in a matter of minutes.

While a handful of vendors offer SPIF-like functionality, the two full-blown SPIFs at present are Cisco Systems’ pxGrid and Intel Security’s McAfee DXL. Until recently, each has been inextricably tied to its maker’s flagship enterprise security product (Cisco ISE and McAfee ePO, respectively). However, Intel Security disrupted the nascent SPIF market by making DXL open source, and removing dependencies on ePO and Threat Intelligence Exchange. That means enterprises can use DXL without purchasing and implementing a commercial product from Intel Security, and third-party security product vendors can support DXL at virtually no cost. OpenDXL mitigates pxGrid’s primary competitive advantage, openness and ease of use, but Intel Security has work to do to catch up to Cisco’s large and growing ecosystem of pxGrid-compliant products.

For enterprises, SPIFs have wide-ranging implications. In security, native multiproduct integration and best-of-breed point solutions have been mutually exclusive, but SPIFs will soon make it possible to buy a variety of pre-integrated third-party security products that share threat intelligence, orchestrate events and automate responses as a single, integrated ecosystem.

SPIFs have the potential to significantly increase security architecture efficiency, efficacy, and ROI, but achieving that potential won’t necessarily be easy. Enterprises must not only choose and commit to a SPIF, but also factor SPIF support into product purchasing decisions going forward. SPIFs will require an undetermined amount of care and feeding, potentially on the level of a SIEM, which would be significant. And both leading SPIFs must also foster community ecosystems, which today are lacking, to develop more integrations, message workflows, and best practices.

Despite these early challenges, SPIFs offer tantalizing promise for enterprises. Over time, an increasing number of enterprise security product purchasing decisions will be influenced by SPIFs. Leading-edge enterprises should begin researching SPIF ecosystems and mapping them against existing and planned product implementations, as well as a security organization’s desired capabilities. Thanks to SPIFs, it will soon be possible to construct a customized, pre-integrated enterprise security solution architecture that meets an organization’s unique information security requirements. That’s a spiffy prospect, indeed.