Security Dilemmas
Security is on everyone’s mind these days. In the past, security was something that sparked interest when it was featured on the cover of the WSJ. Or when you first built a network and bought a firewall—and those considerations typically centered upon detection through an IDS and maybe an SEIM. Occasionally there was a compliance requirement that warranted a security discussion. But those days are long gone. Unfortunately, security problems make the front page of the WSJ—and every other news source—almost every day. So what do you do now? What do you buy, how do you decide what is enough, and who do you buy it from? Then comes the real dilemma: how do you manage the new product(s)? Are they integrated, or have they created an island?
Today’s environment requires defense in depth, which we all know. But as our environments become more converged and virtualized, the traditional defense mechanisms are not enough. This is evident from the sheer volume of breaches as well the reviews of the attacks. The challenge is to provide the traditional perimeter defenses as well as interior defenses. Also you need to be able to react during the attack, and perform the appropriate forensics after the attack to know precisely what happened, what must be reported, and what you can do in the future.
Most innovative solutions are coming from small vendors that present a myriad of issues to consider. How will you integrate the tool(s) into your existing defense systems? Will it require custom code for integration, or will it sit on an island all by itself? With one or two tools, it may be manageable. But this approach is not sustainable as more needs arise.
So what is an IT manager to do? I have been an advocate for years of implementing best in breed solutions, and I am still a big believer in this. However, we may have reached a point where this is no longer the best course of action. It was generally manageable to handle one or two vendors—and in the case of security, maybe three or four vendors. However, we have seen in recent breaches that this strategy fails to cover all of the bases. It leaves the enterprise vulnerable because attacks are not immediately noticed. In short, the tools are not coordinated in their efforts and protection.
This is the dilemma at hand: buy the best of breed and implement piecemeal, or accept a lower level of protection that is well coordinated. The larger security and networking vendors realize this challenge, and are aggressively trying to build and buy best of breed solutions within their own offerings. But this is an on-going effort. I wish I had the magic answer here for you. My recommendation is to perform your own risk assessment and determine your best course. Invest in skilled security personnel to help be the glue for these innovative technologies—applying proven process to detect and react in a timely manner when the unfortunate does occur. And do your best to keep your organization out of those daily headlines.
@mmelvinCTOePLus, @ePlus
Well said Mark. Looking forward to meeting soon.
Mark, I hear this all the time from the CIOs and CISO's that we work with. Here at Intel Security, we are big believers of the integrated security model, and with 8 out of our 12 top products in the right hand corner of Gartner's MQ, these certainly can be classified as "best of breed". I would be happy to facilitate a high level discussion for you regarding our next generation security connected framework if you are interested in hearing more about it.