Three of my four children are of school-going age. When they arrive home in the afternoon, the youngest usually makes a dash for the games console, the middle one is tired to the point of being miserable, and the eldest announces herself loudly, wanting to share every detail from her day with anyone who will lend an ear. The only thing they all seem to have in common is that they are hungry and want dinner.
While I’m the type of parent who makes the children fish-finger sandwiches and declares them fed, my wife prefers to serve a lavish five-course meal. In the past, she would often customize meals to meet each child’s individual taste and preference. After a while, I had to put a stop to it.
“This isn’t a restaurant!” I declared one afternoon. “We can’t make three or four different meals every night. When I was young, I didn’t have a choice. I had to eat what I was given, or else sleep hungry!”
While cooking only one meal doesn’t make all the children happy all the time, no one goes hungry, and it tremendously simplifies both food shopping and dinner time.
IT security purchasing mistake
How does all of that relate to cybersecurity, you might ask? Well, unfortunately, we see many enterprises consistently fall into a similar trap as parents when it comes to their IT security purchasing strategies.
Each business unit, division and purchasing code is like a different child with unique preferences. One area demands host IDS, another wants net flow analysis, while yet another needs threat intelligence. It’s a jumble of requests, and in an attempt to appease everyone, companies can quickly find themselves layering tools upon tools in their environment with little or no integration. This creates not only an expensive situation but also one in which discrete technologies operating in silos end up offering little security overall.
It’s not the case that many breaches are caused by companies lacking the funds to purchase, install and run products. Rather, it’s that they lack a well-defined and integrated security strategy. In other words, a well-funded organization does not necessarily equal a well-secured organization.
Security technologies operating in silos are destined to fail.
Security technologies operating in silos are destined to fail. Every product and tool generates its own sea of noise that over-burdened analysts need to sift through – making it easy for them to miss alerts. This approach also hinders the overall security management process because a disjointed environment makes it difficult to extract or apply any meaningful threat intelligence and makes it nearly impossible to gain full visibility or undertake any form of orchestration.
3 tips for an integrated, security technology strategy
Below are three tips that can help companies develop and implement an integrated, security technology strategy despite ever-present challenges, such as disparate business units with varying priorities.
1. Define security objectives
With so many security technologies to choose from, it’s easy to be swayed into making a purchase by a compelling feature and then find a problem for it to solve. But having a security strategy that covers fundamental needs will help define what objectives your company is trying to achieve.
Taking input from risk appetite and threat models, and then combining all of this information, can put purchases into perspective. If the technology you are considering doesn’t align with your security strategy, then it is not worth buying – no matter how dazzling its features sound.
2. Make use of security technology you have
By looking around and getting creative, you may be surprised at how much existing technology can be leveraged to meet previously defined objectives. Ripping out and throwing away an established technology can be a painful process. Instead, look for ways that existing technology can be integrated into a larger workflow. This can often be easier and cheaper than buying a new product.
3. Pre-integration is better than post
The latest and greatest point technology may be the best thing since sliced bread, but it comes with the hidden cost of having to integrate its data into your existing infrastructure. Buying from vendors that have integrated multiple capabilities into one balanced offering can result in faster deployment, easier operation and greater return on investment.
Having a plan and sticking to it by trying to gain more value from existing products, or choosing integrated products with a broad range of features, may not sound like a recipe that will keep every division and business unit completely happy all the time. However, just like a well-balanced meal provides all necessary nutrients, a strategic approach will help companies achieve comprehensive security that is sufficient for their needs and, more importantly, will keep them protected.