Solving the Security Patchwork Problem
Hackers today make it their job to understand your security technologies and how to exploit the gaps between them. And that’s the problem – there are a lot of gaps.
In our own discussions with IT security pros, it isn’t unusual to find organizations that have deployed a patchwork of 40 to 60+ different security tools. Typically, organizations see a security problem that needs solving… and then buy a box. Slowly but surely they continue to add to this mixed bag of security tools that don’t—and can’t—work together. Not all of these tools will perform tasks that are complimentary to each other. Most (if not all) of these tools will not be able to share threat intelligence, security events, or indicators of compromise amongst them. With so many tools performing overlapping functions or not communicating with each other, this introduces complexity—complexity in management of all these tools and complexity in how your security team deciphers data from all these tools to make good security decisions. As Marty Roesch said at this year’s RSA, “complexity is the enemy of security.”
Naturally, this creates a lot of gaps in defense. And the trend continues: each new type of cyberattack spurs a new security tool to defend against it, and security spending continues to rise. Research by Gartner finds that worldwide spending on information security will reach nearly $77 billion by the end of the year, climbing eight percent for the last two years in a row. Meanwhile, respondents to the 2015 CISO Survey by Citi Research, a division of Citigroup Global Markets Inc., say they are willing to increase the number of security vendors in areas like network security, vulnerability scanning, and SIEM.
Fragmented offerings across multiple vendors create headaches in three key areas:
- Overall performance – Most organizations have deployed security technologies across some combination of networks, endpoints, web and email gateways, virtual systems, mobile devices, and the cloud. But there is limited communication, if any, between components. Users have to manually correlate information and piece together clues to identify a potential advanced threat.
- Time to detection – Because of this lack of communication between technologies, there’s a lag in finding threats. Based on current research in the 2016 Cisco Annual Security Report, the current industry standard for time to detection is 100 – 200 days. That’s far too long. By the time a breach is discovered, valuable assets have been compromised and a significant volume of data has been exfiltrated.
- Cost – Doing integration in-house, managing multiple technologies, and manually correlating and analyzing data drive technology and talent costs up. In fact, CISOs in the Citi survey complain of the global talent shortage resulting in “salary wars” for trained and experienced IT security personnel—if they can even find them.
But what if these security technologies could work together and share information? What if you could get better communication and integration to know what devices, operating systems, and applications are running on the network; how they are configured; who is using the devices and systems; what they are doing; and how data is moving across the environment. With this visibility you can add context based on local and global threat intelligence for faster time to detection. From there, you can apply controls using analysis and automation for a more systematic response to threats. Integration and automation also reduce operating expenses and make this approach to security much easier to manage with existing staff. Cisco Advanced Malware Protection (AMP) provides this.
Cisco AMP is an integrated system that provides protection across all attack vectors. It’s not a collection of stand-alone point products. AMP is a technology that spans a multitude of attack vectors, from endpoint to network, NGIPS, firewall, email, web, servers, and mobile devices. AMP capabilities are available at the endpoint, integrated into the Cisco ASA firewall, the Cisco Firepower NGIPS, Cisco ESA, Cisco WSA, Cisco CWS… the list goes on. Each deployment can communicate and share information between them. Furthermore, built into every AMP deployment is the power of Threat Grid sandboxing, providing static and dynamic analysis of unknown files to help security teams uncover the stealthiest of threats.
With one technology that is devoted to finding advanced threats and implemented across the Cisco security architecture, communicating and sharing information, organizations can avoid the gaps that a patchwork of disparate security products from multiple vendors inevitably creates.
Learn more about AMP here or watch this video to see how the Cisco IT Security Group uses the power of AMP’s integrated approach to increase their security effectiveness.