The problem with too many security options

In News

John Maddison, EVP of products and solutions, Fortinet, says that  the challenge of securing our networks is accelerating, primarily in direct response to digital transformation efforts that are expanding the attack surface.

Cybercriminals are all too eager to exploit new attack vectors and take advantage of new limitations in our visibility and span of control. The problem is that too many of our security solutions not only operate in relative isolation—meaning that they don’t do a very good job of sharing threat intelligence with other security tools—they also still tend to be perimeter-based, which is ironic given that the industry has been touting borderless networks for quite some time. Part of the problem is that even as the border is eroding, we still tend to think of our networks in traditional terms, with an assumption that the data center sits at the core, the network is reasonably static, and that all other elements — mobile users and devices, branch offices, and multi-cloud environments — branch off from that central network in a hub and spoke design.

Today, however, data is highly distributed, and the perimeter is not only disappearing, it is being replaced with a sophisticated, meshed network of networks made up of components that are not only virtual, but are frequently temporary.

Security Solutions Are Growing at About the Same Rate as Cyber Threats

So it is not unexpected that security entrepreneurs would see this new threat landscape as the ideal time to introduce new products into the market. But for organizations looking to expand or upgrade their security, there is literally too much information to consume. The recent RSA conference was a perfect encapsulation of the problem. Over 30,000 attendees interfaced with over 400 security vendors, each of which was promoting their security widget as a critical lynchpin in any security architecture.

But without universal performance standards and no governing body to review and verify the claims made in marketing materials and on spec sheets, consumers are forced to base critical decisions on information that could come, quite literally, from anywhere—with nothing but vendors’ assurances to back them up. For those of you new to this, imagine self-diagnosing all your medical decisions based on pharmaceutical advertising—with no FDA, no standards for the claims being made, and no way to verify the benefits and risks—and you will have an idea of what most CISOs and their teams must contend with when selecting digital security vendors and services.

Unfortunately, such decisions are not only very expensive, they also have a significant influence on a wide range of current important future security decisions and positions, such as critical and sensitive data being increasingly distributed and constantly in motion.

Sorting Through Hype

To help organizations struggling not only with the expanding threat landscape, but the growing solutions landscape as well, here are a few strategies for cutting through all of the hype:

  1. Leverage third-party testing. Data sheets from vendors can be notoriously unreliable. Everything from the packet size of the test traffic, the rate and volume of connections being made, the
    Comments

You may also read!

du acknowledged as the Best MSSP in the Middle East

du, from Emirates Integrated Telecommunications Company (EITC), presented the Managed Security Service Provider, “Visionary of the Year” Award by

Read More...

Forcepoint recognizes its partners in the region

Leading cybersecurity firm, Forcepoint recognized its key channel partner during its partner event held recently in Dubai, which was

Read More...

Tenable research discovers download hijack vulnerability in Slack

Tenable Inc, the Cyber Exposure company, announced that its research team has discovered a vulnerability in the Slack Desktop

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu