Stop exposing your organisation!
In Hans Christian Andersen’s famous story “The Emperor’s New Clothes” first published in 1837, an emperor is promised a new suit of clothes that swindlers say is invisible to those who are unfit for their positions. Foolishly the Emperor doesn’t realise until it’s too late that he’s been swindled and that his ministers, officers and cavaliers – worried about keeping their positions – all reported back to him how wonderful the material was, advising him to have it made into clothes that he could wear in a grand procession. Nearly 200 years later, the same story is being re-enacted in organisations everywhere. Simply replace ‘suit of clothes’ with ‘security suite’ and it’s easy to see the dangers that boards and business leaders face every day. If you take a good look at your security strategy, can you see an effective security fabric or are you leaving your organisation exposed?
1. Compliant does not mean secure
Regulators are increasingly putting pressure on organisations to step up their cybersecurity, but whilst compliance is a great start it doesn’t mean that an organisation has an optimised security approach. Using the Payment Card Industry’s Data Security Standard (PCI DSS) as an example, retail giant Target’s infamous security breach saw over 70 million credit and debit card numbers stolen in late 2013 even though they were validated as PCI compliant just two months before the breach.
What organisations continue to learn is that both security and compliance are critical. Without a smart, thorough and active security program, coupled with a solid compliance plan, you’re at significant risk of being breached resulting in damage to reputation and brand, expensive fines, increased audits and increasingly seen law-suits and job losses for the board members and directors responsible.
2. ‘Best of Breed’ does not necessarily mean having the best security
Whilst reports by industry analysts, such as the series of Magic Quadrants by Gartner, provide a useful way to compare security technologies, organisations cannot simply base it’s security strategy around using these point solutions. Large enterprises in particular are drawn to having a mix of many different ‘best of breed’ vendors all loosely knitted together with many gaps and overlaps.
As perhaps one of only a few that can actually provide full-spectrum security whilst supporting any-vendor any-device, Infosec Partners often get called into integrate various security technologies. However from both a Security and Return-on-investment perspective, the difference is clear when comparing to organisations using a portfolio of integrated products. Fortinet’s security fabric is unique in being the only vendor with a single pane of glass portfolio of core security controls which is why it is a good option for many.
3. Security expertise is at a premium
It’s a well known fact that there is a Cybersecurity skills gap. At the start of this year (2016) the number of security jobs openings left unfilled in the US alone was 209,000. Many organisations lack security expertise and many IT service providers have the same problem in building and offering security services of a high enough quality.
If you depend on a managed security services provider (MSSP) to provide say managed firewall services, take a look at exactly what they are offering. If you chose your service provider because they quoted the lowest price, chances are that you’re not getting very much actual security for your money. We’ve seen examples of even the bigger ISPs and global professional services companies simply deploying vanilla configurations to clients, instead of moulding solutions to each client’s requirements. It’s also worth noting that managed security services are often provided by resellers who simply sell on the services by the vendor, and lack expertise and experience in security beyond the the products that they sell.
Security is not a point solution but a process. Do you have a clear understanding of your security strategy based on risk assessments and gap analysis? Do you know what your risk appetite is when applied to your ‘crown jewels’, critical systems and sensitive data? When viewed in these terms, it’s clear that a point solution oriented approach is wrong and working with a proven and trusted cybersecurity agency like Infosec Partners makes a lot of sense.
4. Your security approach needs to be full spectrum
Risk management, cyber culture, advanced protective controls, monitoring and incident response. Protecting an organisation requires effort and precious funding, which needn’t be wasted on integrating core controls when fully integrated solutions are already available. But most organisations can’t just rip-out and replace, even if having your entire security architecture in-tune is invaluable for security as well as being easier and more cost-effective to achieve when building from the ground up.
For those that want to extend their existing set up to an already fully integrated Advanced Threat Protection platform, Infosec Partners offers a solution that can be scaled up according to requirement and can be run through Opex.
Standard core controls such as next generation firewalls, wireless infrastructure, breach detection systems, endpoint protection, web application firewalls and SIEM monitoring tools should all be treated as baseline, mandatory IT controls that should all work together seamlessly, almost as basic firewalls and antivirus software have been for the past 30 years.
It’s impossible for most organisations to separate ROI from security. But with the recent development of concepts such as the Fortinet Security Fabric, the effort and resources invested in integrating standard controls from multiple vendors may simply be better spent on activities to deliver a more comprehensive defence against advanced attacks.
Security Fabric tailored by experts
Fortinet named Infosec Partners as their first ever Partner of Excellence UK and one of the first in the world. This accolade was awarded in recognition of Infosec Partners’ expert capability in implementing, supporting the entire portfolio of Fortinet solutions, and the ability to integrate Fortinet solutions with solutions from any other security vendor. But it’s our ability to provide full-spectrum cybersecurity expertise (from risk and strategy, to certification and incident management) which helps us ensure that your Security Fabric implementation, fits your organisation perfectly.
Contact Infosec Partners today for more information on the Security Fabric and for your free consultation, by completing the adjacent form or call us to speak with one of our trusted advisors immediately