Having recently engaged with a number of large vendors around our end-user compute estate, it made me think about the pros and cons of using a vendor full security stack as opposed to buying ‘best of breed’ from a variety of vendors. Obviously there is the stategy of security the data, forget about the endpoint, but for certain industries, this isn’t always the best fit.
Over the last few years a lot of the larger tech vendor have been focusing a lot of time, effort and $$$ on the development of their security offerings. Some vendors you would expect who have traditionally sat in the network space: Cisco, PaloAlto & Fortinet, vendors that sat in the virtualisation space such as VMware and then some of the monolithic vendors such as Microsoft – everyone wants a piece of the security pie. Why? The answer is simple – its worth billions of dollars…. literally.
Worldwide spending on information security products and services will reach more than $114 billion in 2018, an increase of 12.4 percent from last year, according to the latest forecast from Gartner, Inc. In 2019, the market is forecast to grow 8.7 percent to $124 billion.Gartner ( https://www.gartner.com/en/newsroom/press-releases/2018-08-15-gartner-forecasts-worldwide-information-security-spending-to-exceed-124-billion-in-2019 )
Having read the above statement from Gartner, I sat in awe at the money the businesses were investing in their security stack. To try and put that into context, that is within $5m of Microsoft’s annual revenue across all of their various products and services in 2019, more than twice what Audi revenue looked like worldwide in 2018 and almost as much as my wife spent on hangbags last year.
What I’m trying to get across is that is a hell of a lot of cash. Businesses are doing it for 2 main reasons from what I can see. First off is regulatory compliance, whether it be GDPR for the securing of personal data, PCI DSS for secure payment processing or the various other standards – the reputational damage, not to mention the fines are severe enough for businesses to ensure their ship is secure. Secondly, (and this is up for debate) is the increased activity, certainly in the media for the number of ‘hacks’ or malware, or ransomware that hitting some of the larger businesses. You only need to look at the likes of the NHS or Maersk a few years back, right the way up to the last couple of months, when it was made public that MGM had been caught out.
“Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts”MGM Resorts spokesman
Board executives around the world are buying into technology, to use the data they store on their customers to give that competitive advantage, but as many have spoken about – their biggest fear is how to govern and secure that data. If you look on the UK job market nowadays, you’ll see how much demand their are for skilled workers in cyber security and how salaries are increasing at an incredible rate.
The interesting part for me though, isn’t the fact that businesses are hiring more IT security staff, I think that is brilliant – we need more skilled IT staff in the UK. It’s not that businesses are spending huge money on security software to stay compliant, or to stop them being the next front page news. What I’m interested in is the strategy businesses adopt – do they put trust in a vendor who sells the ‘full package’ – often a cheaper and fully integrated solution, or do they go out and a best best-of-breed from a number of different vendors knowing that there will be significant work to ensure that all the systems integrate?
Typically the decision will come down to cold, hard cash – which is the cheapest? But when the cost of a data breach is so high, is that approach the right one?
Lets use Microsoft as a great example of a business who offer an end-to-end stack for securing your endpoints and cloud environment. Microsoft Defender Advanced Threat Protection (ATP) is a Gartner leader, and when tied with their other security products such as O365 ATP and Microsoft Cloud App Security (CASB) is a strong stack indeed, but compare it against the other products in the market.
You could have Defender ATP, traditionally would compete with the likes of McAfee or Symantec – but nowadays you’ve got products such as Crowdstrike disrupting the industry or CarbonBlack which VMware recently aquired. Also, if you want ATP, you need the M365 E5 licensing, which will need some very deep pockets and it doesn’t yet have full functionality away from Windows 10. The other products are far from perfect though, and some would say lack maturity, but their differing approach to endpoint security is certainly making some of the established name take notice.
In the CASB world, Cloud App Security is another Gartner leader, but has competition from McAfee’s MVision (a recently aquired product previously known as SkyHigh) or the very well-established Netskope. It can’t be beaten if you have the full product range but without the conditional access and Azure Information Protection, it isn’t quite as good as the Magic Quadrant makes it look.
I think a lot of it depends on how much of the Microsoft stack you’re committed to and if you’re running full Microsoft, i.e. Azure AD with all the bells and whistles, then you’ll struggle to protect your endpoints better with anything else. If though, you’ve got a mixed estate of devices, you’re not wholey in the full Microsoft stack, maybe you use Slack, or Okta for your conditional access, or your workloads don’t live in Azure, and you maybe prefer Google’s GSuite than Office 365 – then look for products that are strong individually and integrate well.
Crowdstrike for example announced their integration with AWS’ Security Hub (https://www.crowdstrike.com/blog/tech-center/crowdstrike-aws-security-hub/) and Okta and Proofpoint recently teamed up to provide enhanced protection for users being attacked via email (https://www.okta.com/partners/proofpoint/). Many businesses are bringing their data into a centralised console and then wrapping some AI and automation around it to respond quicker to threats.
The other side of that coin though, is that training your team in 3, 4 or 5 different products can be particurly challenging, especially if you have a small team. Products such as Splunk have a steep learning curve, as does a majority of the CASB products, it isn’t a matter of turning them on and immediately seeing protection.
Let me know your thoughts about how your business is going about their approach to security. Do you prefer a multi-vendored approach, and if so do you struggle with integrations, or are you using a single vendor for your security?