Fortinet’s vision of a Security Fabric for seamless native integration between core security controls demonstrates their comprehensive approach and development programme that other security vendors will inevitably try to copy.
As strategic consultants, focused on business risk and profitability, we are aware that no organisation, whether government or large enterprise, has unlimited funds to spend on security technology. Organisations that are least likely to be compromised and those that identify attacks more quickly, have a simple, integrated approach to core security infrastructure and put their effort into the same areas as the attackers i.e. on the advanced, bespoke and attack controls to protect their business.
ROI vs Complex integration of ‘best of breed’?
We are technology and vendor agnostic and will always recommend the best solution set to clients, however the idea that organisations must spend time and money integrating technologies from different vendors doesn’t really make any sense from a ROI perspective. Frequent examples include integrating a client’s firewalls with their wireless system before the firewall knows who the WiFi users are, or having firewalls from one vendor and an endpoint solution from another where the firewall has no idea whether the endpoint is trusted or secured, offer attackers an easy route to impersonate users and subvert perimeter controls.
In our assurance and major incident remediation work we see clients with a huge range of technologies, some good, some very bad. We see clients with a mix of many different ‘best of breed’ vendors all loosely knitted together with many gaps and overlaps, but the difference is clear when compared to clients with a portfolio of integrated products. The Fortinet security fabric is unique in being the only vendor with a single pane of glass portfolio of core security controls which is why it is a good option for many.
We are frequently called upon to integrate security technologies from different vendors – it can be done and we are perhaps one of only a few that can actually provide full-spectrum security whilst supporting any-vendor any-device. From a budgetary perspective most organisations can’t just rip-out and replace, but having your entire security architecture in-tune is invaluable for security as well as being easier and more cost-effective to achieve when building from the ground up. For those that want to extend their existing set up to an already fully integrated Advanced Threat Protection platform, Infosec Partners offers a solution that can be scaled up according to requirement and can be run as an on-demand, security as a service model that not only can be billed as OPEX but also enables instant on and elastic sizing of the platform.
Efforts better spent
Risk management, cyber culture, advanced protective controls, monitoring and incident response. Protecting an organisation requires effort and precious funding, which needn’t be wasted on integrating core controls when fully integrated solutions are already available.
We have all seen that for business to be well protected they must invest in advanced protective controls focused on deception technology, platform isolation and forensic analytics, these coupled with the expert resource capability in both monitoring and incident response is where the complexity and correlation efforts are best spent to identify the next wave of blended attack vectors.
If the effort and expert resource is best spent in advanced technology, then organisations that appear better protected today are those that employ a single vendor security portfolio for established controls, rather than those spending huge effort and resources deploying and maintaining the integration of many vendors’ technologies.
Standard controls such as next generation firewalls, wireless infrastructure, breach detection systems, endpoint protection, web application firewalls and SIEM monitoring tools should all be treated as baseline, mandatory IT controls that should all work together seamlessly, almost as basic firewalls and antivirus software have been for the past 30 years.
It’s impossible for most organisations to separate ROI from security. But with the recent development of concepts such as the Security Fabric, the effort and resources invested in integrating standard controls from multiple vendors may simply be better spent on activities to deliver a more comprehensive defence against advanced attacks.