Security Tech: It’s Not What You Buy, It’s How You DeployGood information security depends on a holistic strategy, not on an elite lineup of discretely moving parts.
It’s a great time to be selling security software, but a much harder time to be a CISO. Enterprise security spending has exploded in the race to protect against increasingly advanced and complex cyber threats. Much of that money is spent on modern information security tools – advanced threat detection, sandboxes, intrusion prevention systems, threat intelligence feeds, and more. The spending is growing at such a rate that Gartner predicts we will eclipse the $100 billion mark by 2018, with other industry analysts suggesting $170 billion in annual spending by 2020.
Unfortunately, buying more security software does not equal “more security.” It is not simply a matter of turning on the latest technology and walking away, problem solved. Instead, the larger challenge for security practitioners is not in what to purchase, it’s how to deploy security tools. So much emphasis has been put on product, emerging technologies, and the elusive promise of big data analytics, that there is little discussion about how to architect a secure network.
There are many different ways for deployments to fail—some are conceptual while others are matters of execution. Many organizations look at security tools and initiatives as one-off solutions, without considering the ramification of how they intersect with other initiatives, or whether or not they make sense as part of the larger security architecture. Especially in layered security models, projects that aren’t clearly defined from the outset can fall flat once they are deployed.
For example, let’s consider an organization that is deploying a multi-factor authentication program alongside a network segmentation project. And, for the sake of discussion, the deployment team decides to finish the multi-factor authentication project first. Once it is installed and working, the team pivots to the network segmentation project, but they neglected to account for the location of the multi-factor authentication machine and block its access to the network. Now, they can’t login and fix it because it’s blocked. It sounds silly, but this happens.
Another critical issue organizations must address when deploying new security tools and initiatives is ensuring fast access to data while maintaining optimal performance of various security applications on the network. A common approach to security today is to keep tools separate, with each tool competing for data and bandwidth on the network and lacking visibility into the security workflow as a whole. To ensure a maximum performance – and return on investment – network and data center architectures must be designed in a way that supplies consistent access to relevant data and traffic to security tools, while at the same time avoiding sopping network bandwidth and facilitates security workflows.
With that in mind, here are four steps security leaders can take to improve their information security based deployments.
- Have a 360 strategy: It can’t be overstated how critical it is to have a conceptual view of your security deployment. Without a single, overarching guide that everyone in the organization can draw from, different project teams are bound to step on each other’s toes.
- Clearly define your initiatives. Given the urgency created by the data breach epidemic, many security initiatives are happening in tandem. But, security systems are not all discrete, there are interdependencies that need to be accounted for. By ensuring initiatives, metrics and goals are clearly defined at the start, problems will be avoided later.
- Recognize how tools interact. In the same way that we don’t want project teams getting tangled up, we need to understand how different security tools interact, how they get their data, and how they perform on the network. The overall workflow orchestration should be considered
- Consider what each addition adds to the whole. There has been a rush to buy the “next-generation” of a security technology to fight off the rising tide of malware. But good information security depends on a holistic strategy, not on an elite lineup of discretely moving parts. Every addition to the security architecture should be considered from the standpoint of what it adds to overall security.
It’s understandable that security practitioners want to move fast; they are surely feeling the pressure from all sides on the data breach issue. But complex problems do not often have simple solutions, and in this case that is especially true. When leaders arm security teams with clear ideas of what needs to be done, well-defined plans, and a more deployment-focused thought process, projects can thrive – and that is what will lead to better overall security.
Simon Gibson is a Fellow Security Architect at Gigamon. He provides direction and roadmaps for the product that secures applications that secure the Internet.
Simon has been working on Internet infrastructure for nearly 20 years from small ISP's, to developing streaming ... View Full Bio