For years, IT security vendors and the data security community at large have been promoting the concept of layered...
security. This is the approach where you create overlapping layers of security tools, so intruders must defeat multiple checkpoints before any network can be successfully compromised.
While layered security is indeed a sound strategy, the sheer number of security tools deployed within the enterprise today is creating so much noise that many alerts go unchecked. That's why many security administrators are looking to unified security management products and orchestration to help reduce the number of security layers, consolidate management and eliminate gaps. The goal is to lower overall data security costs.
As reported by Gartner, worldwide spending on IT security products increased nearly 8% in 2016, compared to 2015. The next five years are expected to see similar spending growth. This growth in security spending reflects how seriously enterprises are taking data security.
Too many security tools, too many alerts
But IT managers have to make sure the security tools being purchased are being properly implemented -- and that alerts are being vigorously pursued. Unfortunately, many tools are being ignored by security administrators because there are just too many for them to handle. According to an informal study conducted by Cisco in 2016, it isn't unusual to find organizations with a patchwork of 40 to 60 or more security tools.
Unless you have an IT security team that can legitimately handle the management, support and investigation efforts needed to run dozens of security apps, perhaps it's time to start considering alternatives to this growing problem.
One option is to re-evaluate your portfolio of siloed security tools to consolidate them into a handful of products that work in a unified manner. Locally diagnosed threats -- as well as analytics from global cyber threat intelligence organizations -- can be shared among many security tools to rapidly and automatically mitigate threats. Additionally, since unified security management tools can now be configured to communicate with one another, it significantly increases the speed of retrospective security analysis. Retrospective security is used to identify how and when a breach occurred, and what devices or data were affected.
Tying disparate security applications into a cohesive whole
Unified security management architectures also provide advanced orchestration capabilities to push policy from a centralized location onto multiple security devices. This can be done both on premises and throughout private and hybrid cloud deployments. Instead of hopping from one security application to the next to update security profiles and policies, changes can largely be pushed out from a centralized security platform.
The same holds true for monitoring and alerting. The goal of a unified security management architecture is to shrink the panes of glass used for security monitoring to the point where tools and alerts don't get ignored or neglected. Some tools also have the capability to reduce the overall number of alerts by consolidating multiple alerts into a single alerting event.
There's absolutely no doubt that many of the security tools you have deployed today aren't going to play nice with others in a unified way. After all, the previous layered architecture of overlapping siloed devices didn't call for this type of interoperability. So, while it's likely impossible to move to a unified security architecture overnight, it might be time to consider a multiyear roadmap to eventually migrate to one.
Sharing threat information
Be sure to identify which security applications you have deployed can cooperate with others by sharing threat information. Then, make sure any new applications possess unified architecture capabilities. This certainly would be easier using a single-vendor approach, but it's not an absolute necessity. Most data security providers are warming up to the fact that cross-vendor interoperation and unification is becoming a necessity. Therefore, vendors are shipping their tools and services with API hooks to connect to complementary tools.
Reducing the overall number of security applications to a more manageable number isn't only beneficial from a threat protection and prevention standpoint. It can also be great on your budget. That's because of the large number of security applications most enterprises deploy. They find it difficult to gauge whether their infrastructures have any security gaps, so they wind up installing too many security tools.
But by using a unified security management architecture, IT security administrators can see an end-to-end security framework, as opposed to a whole lot of individual tools. And that visibility allows them to stop throwing tools at security gaps that may or may not exist.
Demystifying security management
Reducing the deluge of alerts
Creating a security portfolio