Articles

A CISO’s journey: Best-of-breed to an integrated stack

Pete has 32 years of Security, Network, and MSSP experience and has been a hands-on CISO for the last 17 years and recently joined Check Point as Field CISO of the Americas. Pete’s cloud security deployments and designs have been rated by Garter as #1 and #2 in the world and he literally “wrote the book” and contributed to secure cloud reference designs as published in Intel Press: “Building the Infrastructure for Cloud Security: A Solutions View.” 

How we got here

When we listen to the news, we are constantly bombarded with reports about the latest cyber security attack, data breach, ransomware and more. The knee-jerk reaction by some is to beef up security quickly by bringing on more security vendors, with the assumption that these products will improve the security posture of your organization.

However, do more security vendors and products really mean better security?

Here are some recent statistics on the number of security tools that organizations use: Forty-nine percent of organizations use between 6 and 40 “point” security products, while 27% of larger organizations use between 11 and 40 “point” security products.

To understand how we got here, let’s explore some of the factors that drive an organization to adopt what is known as a “best-of-breed” approach. And then, in part two of this series, I will discuss why using an integrated stack is a more cost-effective solution; and how it simultaneously improves staff morale and security.

Keeping up with the latest security risks: The “shiny new object”

As new digital technologies and applications change your IT environments, and new threats emerge to attack them, the risk profiles of organizations increase. Security teams are expected to keep organizations ahead of the threat curve. In the event of a security incident, teams are then tasked with preventing the incident from ever reoccurring. Thus, adding a new security tool to your IT stack seems like a quick and easy win. However, board members, other business executives, and external consultants will all show up with opinions and connections that could distract from fast cyber security implementation.

It also doesn’t help that trade shows and industry magazines advertise the ‘latest and greatest’ security solutions, potentially influencing executives. Global analyst firms may provide ratings for the best generic firewall or endpoint security product, but they don’t know the specific needs of your organization and what’s best for you.

Cyber security audits can drive purchases

Organizations often perform cyber security audits to assess compliance and to see if they have the proper security mechanisms in place. Audit failures typically come with a deadline to address and other financial motivations. This can prompt management to quickly fix audit-related issues by adding on new security tools and vendors.

Some IT projects compel purchase of a partner solution

Some project vendors specify security tools that are integrated and that must be selected. Large-scale projects often force you and your team to accept reduced security tool testing and decision time.  Getting you current stack integrated into the new project is often harder and more time consuming than just using a new tool that the vendor knows will work (or has an economic/partnership incentive to use). Thus, it’s often easiest for companies to tack on another security tool to quickly complete the project.

Small-scale projects usually have small budgets and short deadlines, which lead to the same outcome; security teams add another on yet another security vendor.

“We’ve always done it this way!”

Moving to a consolidated, integrated stack is not easy to achieve. There is always risk in changing security systems as they not only affect the technology, but also the people who use it. Security staff have received certifications and understand the nuances of their security tools. If there are no current, glaring security issues, then team members may object to undertaking such a massive change, saying “Things are just fine. Why do we need to change? We’ve always done it this way!” Changing security tools impacts security staff and takes them out of their comfort zones.

Growth and maturity should force evolution, but sometimes don’t

When businesses first launch, they may start with just a few security products before expanding their technology stack. Using point products, then, becomes tradition for the company. However, as businesses grow, this best-of-breed approach means that you have to spend effort and money to tie all of the point solutions together. In a fast growing company, it becomes difficult to deal with multiple consoles, different logging databases, different systems protecting cloud vs. data center facilities, and management of the purchase and renewal timing with different vendors. This brings up a number of complex problems related to purchasing, training, troubleshooting, and network and workload orchestration.

Technical debt forces your hand

The business made the best decision they could at the time when they selected applications, hosting platforms and locations and various other technologies.  However, technology and threats evolve over time; transformation, new management, market changes, acquisitions and other factors force security tools and supporting operations into different directions.  The evolution of technology (such as IoT devices and Cloud SaaS) necessitates new solutions that were never contemplated in the past.  There is a desire for consolidation and keeping your IT stack streamlined so that all of your security tools can quickly adapt to changes, but the reality of technical debt may prevent achievement of that goal.

Outsourcing cyber security to an MSSP compels selections

Defending your network requires a wide variety of solutions and applications, such as web application firewalls, cloud workload protection, anti-ransomware, mobile security, anti-phishing, IoT protection, DDoS protection, and more.  With so many security demands and requirements (and pile on the challenges of the current lack of experienced security staff), it is sometimes appropriate for companies to outsource their security to a Managed Security Service Provider (MSSP). Outsourcing your cyber security comes with the possibility of the third-party selecting the tools they are familiar with and the multi-tenant tools that they use, rather than managing the tools you are using.

I’m certain that you have encountered one or more of the above challenges as you’ve considered costs and inefficiencies inherent in your current tool selection. As you can see, there are a lot of reasons and rationalizations that are used to keep a sub-optimal suite of tools in place.

Did you like this piece? In part two of this series, I will discuss the benefits of what is known as the “Integrated Security Stack.” Lastly, to receive cyber security insights, analysis and resources in your inbox each week, sign up for our newsletter.

Back to top button