Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

Consolidate Vendors and Products for Better Security

Instead of deploying new point products, CISOs should consider sourcing technologies from vendors that develop products designed to work together as part of a platform. 

Organizations everywhere are evolving in new ways, whether it’s embracing remote work or developing new digital business initiatives. Although these changes can be crucial to business growth and employee retention, they often expand the attack surface, which leads to greater day-to-day operational complexity for Security Operations Center (SOC) teams.

At the same time the attack surface is increasing, threats are also on the upswing. Cyberattacks are becoming more sophisticated and organizations of all sizes across all industries are a target.  The growth of Crime-as-a-Service (CaaS), which has made it possible for non-technical criminals to purchase cyber tools and service has contributed to the increased volume of attacks. Now even the most skilled, well-staffed security teams are feeling the strain as they work to protect organizations against a wide variety of threats.

More Vendors Means More Complexity

As new types of attacks emerge, security teams often rush to protect their organization against the new threats. It’s not surprising that the first instinct is to adopt whatever “the best” security technology is to guard against the latest threat, whether the product comes from an existing or new vendor. However, adding new point products into your security toolbox is inefficient at best.

When security infrastructures are composed of a mish-mash of discrete products from different vendors, critical issues quickly emerge. For example, when products aren’t designed to work together, security gaps arise that make organizations prime targets for attacks. Information overload is another challenge for teams that have to manage too many point products. When each security tool generates its own alerts, it’s difficult to correlate the data and easy to miss essential indicators of cyberattacks. With each product operating independently, analysts find it more difficult to share information and effectively coordinate the team’s response to a potential incident.

Instead of deploying new point products, CISOs should consider sourcing technologies from vendors that develop products that are designed to work together as part of a platform. 

Build a Cybersecurity Platform to Consolidate Vendors

Consolidating vendors and products into a cybersecurity platform doesn’t happen overnight. The first step is to commit to building a platform over time and partnering with vendors that engineer their products with integration and automation in mind. Today, many organizations are dealing with more than 30 different cybersecurity and networking vendors. Ideally, organizations should look for ways to consolidate down to two or three integrated platforms instead of 30 siloed products. This process is a journey that can start by consolidating a platform around endpoint, cloud or network security. It can also starts by consolidation at the network or security operations center. The goal is to get down to only two or three platforms.​

​A Gartner survey indicated that 75% of large organizations are actively pursuing a vendor consolidation strategy into a cybersecurity platform for better, faster, more accurate security.​ Consolidating point products into a platform also can result in additional benefits in terms of cost savings and return on investment.

Today’s Threat Landscape Requires a New Approach to Security

Advertisement. Scroll to continue reading.

The way businesses operate has changed and security needs to keep up. Most security teams manage a collection of disparate security tools from various vendors, constantly worrying about establishing and sustaining connectivity and visibility across the enterprise to manage organizational risk. Adding another point product to your toolbox to protect against the latest headline-grabbing cybercrime group or threat won’t adequately protect your network.

Instead, business leaders need to take a refreshed and more holistic approach to their cybersecurity strategy by consolidating vendors and point products and building a platform of integrated solutions that serve to enhance their detection and response capabilities and introduce new efficiencies in daily security operations while better protecting the enterprise.

Written By

John Maddison is EVP of Products and CMO at Fortinet. He has more than 20 years of experience in the telecommunications, IT Infrastructure, and security industries. Previously he held positions as general manager data center division and senior vice president core technology at Trend Micro. Before that John was senior director of product management at Lucent Technologies. He has lived and worked in Europe, Asia, and the United States. John graduated with a bachelor of telecommunications engineering degree from Plymouth University, United Kingdom.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Security Infrastructure

Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less.

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

Audits

The PCI Security Standards Council (SSC), the organization that oversees the Payment Card Industry Data Security Standard (PCI DSS), this week announced the release...

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture

Artificial Intelligence

Artificial intelligence is more artificial than intelligent.