The idea of a security platform is not new. Neither are the issues related to security and vendor sprawl inside an organization. The original idea behind the Next-Gen Firewall was to blend several products into a single platform to reduce IT overhead and simplify wiring closets that had been overrun with security devices. And it worked. NGFW solutions quickly became the cornerstone for security implementations in virtually every organization in the world.
There were still challenges, however. Interoperability was one. For many of these solutions, the various technologies — usually some combination of a firewall, IPS, VPN, web filtering, AV, and sandbox solution —didn’t really work together as a single seamless solution. Many components used different operating systems and even had separate management consoles. Another issue was the quality of the solutions embedded in the platform. A security vendor that built an NGFW platform may have had a top-notch firewall to use as an anchor solution, but then filled in the security roster with a second-rate IPS or web filtering solution. Debates raged about the value of an NGFW platform and a best-of-breed security approach.
Today, digital innovation has forced a complete upheaval of the traditional network. Multi-cloud environments, data centers comprised of both physical and virtual infrastructures, distributed branch offices, mobile workers, and home offices have fragmented the traditional perimeter and broken the traditional security model of placing an NGFW solution at the network edge to watch traffic moving back and forth across the border. Each new network environment now comes with its unique requirements and challenges, and as a result, security solutions have begun to pop up like mushrooms across the network. This has created a level of complexity in terms of deployment, optimization, and management that has overwhelmed most IT teams. It’s a problem that the traditional security platform approach is unable to address.
According to a recent IBM survey, an enterprise now has an average of 45 security tools deployed inside their organization. And worse, each incident they need to respond to requires coordination across 19 different tools. Unfortunately, these tools are not natively designed for this sort of interoperability. Organizations are once again struggling with vendor and solution sprawl, are forced to hand-correlate threat intelligence, and are hamstrung in their ability to implement any sort of automation to simplify the process. It’s part of the reason why dwell time for security breaches is now measured in months, and why the cost of a security breach is now north of $8.6 million per data breach in the US, according to IBM.
The Need for a New Security Platform
What’s needed is a new approach to the security platform. One that weaves all of the critical security functionality organizations needed into a unified solution that can protect the entire network and enable any user on any device to securely access any data or application no matter where it is located. But to make it work in today’s distributed network environments, we need to solve the problems of the first iteration of this approach. And for that to happen, an effective security platform needs to be built around three critical concepts: it must be broad, integrated, and automated.
A Platform that can be Deployed Anywhere
For a security platform to be effective, it needs to be deployed consistently and easily at every edge, whether for traditional or highly distributed data centers, public cloud environments, or branch offices and retail locations. And because of the growth in IoT devices, home offices, and off-network mobile users, it needs to extend to those places as well. It needs to run natively in every cloud environment, exist in every possible form factor, and be deployable in any environment.
This broad approach ensures that it can provide the same, consistent protections whether securing a small operation with a handful of locations, a complex environment like a healthcare system with hospitals, clinics, and doctors’ offices, a high speed transactional environment like a trading floor or gaming environment, a pharmaceutical or aeronautics company using massive elephant flows for modeling and 3-D rendering, or a large multinational company with locations spanning multiple geographical regions.
Every Component Needs to Work Together
Unlike the security platforms of the past, an effective solution needs to include tools designed to function as a single, integrated system. This means that the security solutions that are part of that platform should either run on a common operating system, leverage open APIs, or be built using common standards. An open system also means that tools from different vendors can be utilized while still maintaining interoperability, enabling organizations to use tools that have been tested and validated to provide the best solution possible.
In today’s highly dynamic environments, integration needs to go beyond just the security elements of a platform. Security and networking also need to function as a unified solution, a concept known as security-driven networking. That way, when the network adapts to changes in the environment by adjusting connections or scaling resources, security can automatically respond as part of a fully integrated system.
And the whole thing needs to be wrapped in a common management and orchestration system designed to extend visibility and control across the entire distributed network. This includes correlating threat intelligence gathered from any security device anywhere, centralizing configurations, ensuring consistent policy enforcement, and coordinating a unified response to detected threats.
A Platform Exists to Support Automation
Attacks can happen in the blink of an eye. Given the sophistication and speed of today’s attacks, defenders do not have the time or resources to correlate threat information or dig through mountains of log files from different solutions to detect a problem. This requires automation. But such automation is impossible if security solutions are designed to operate in isolation.
When tools are able to function as a unified solution, things like machine learning and AI can enable an organization to detect, investigate, and respond to threats at digital speeds. Even advanced management systems, ranging from XDR to SIEM to SOAR systems for NOCs and SOCs, are all enhanced when the individual devices they are monitoring and managing are designed to work together.
Today’s Networks Require a New Approach Security
The challenges organizations face today cannot be resolved using the same systems and strategies we have used before. Security needs to adapt just as completely as the networks they need to protect. A security platform was a good idea when it was introduced over two decades ago, and it is still a great idea. However, the concept needs to adapt and be updated like everything else.
Today’s security platform needs to span the entire network, and adapt as the environment it is protecting expands and evolves. That requires having a platform designed around the three critical components of broad deployment and implementation, full integration between security and networking elements, and support for advanced automation built around machine learning an AI.