Special Report: Siloed security tools stretch infosec teams thin
Fragmented security tools act more as a hindrance than a solution
Since the late 1990s, enterprise security infrastructure grew organically as CISOs added new security products to counteract growing threats. To combat spyware, viruses, and worms, antivirus software appeared on desktops. Firewalls and IDS/IPS were deployed to protect networks and detect network-based threats. Email and web gateways were added as countermeasures to spam, phishing attacks, and malicious URLs. Sandboxes were deployed to execute and detect malicious files, etc.
The result, a patchwork of fragmented security tools that are expensive to manage and act more as a hindrance than a solution to effective threat detection. Today, almost two-thirds of large enterprises have at least 25 cybersecurity products in use.
But in an increasingly sophisticated threat landscape, a fragmented environment no longer works. Integrated platforms are now seen as the most effective solution to this sprawl.
According to a recent study, ‘The Shift Toward Cybersecurity Technology Platforms’ by ESG, 81% of C-Level executives report limited threat detection due to an environment of multiple independent tools.
ESG research indicates that many organisations have had enough. As an alternative to point tools, CISOs are embracing tightly coupled security technology platforms offering advanced threat protection, central management, and coverage across endpoints, networks, and clouds.
According to the survey, 92% of organisations are in one way or another, trying to consolidate the number of cybersecurity vendors they do business with.
Vendors are responding to this trend, with Symantec being at the heart of the shift.
Symantec has embarked on a strategy to pursuing the shift to an integrated approach to replace a disjointed point-based environment.
“Organisations have adopted point products from so many vendors and now they are lost. Equally worse, they cannot monitor the products it because they are isolated and siloed,” says Sunil Varkey, CTO at Symantec Emerging Region.
Symantec Integrated Cyber Defence (ICD) unifies cloud and on-premises security and provides protection across endpoints, networks, applications, and clouds.
Symantec launched the Integrated Cyber Defence (ICD), a platform that unifies cloud and on-premises security and provides protection across endpoints, networks, applications, and clouds.
“Symantec is now focusing, based on current threats, on a ‘platform’ solution. Because what we have understood is that point solutions by so many different vendors are not working, especially with the acute shortage of cybersecurity resources. It is just too difficult to manage a dispersed environment,” says Verkay.
There are four control points within the Integrated Cyber Defence (ICD).
The first one is endpoint security, whereas a single agent architecture delivers multi-layered security across all possible endpoints - desktop, server, mobile, and IoT - protecting enterprise and mobile workforces regardless of OS, device, or network security approach.
Second is web and network security, based on the idea that cloud and on-premises network security solutions, based on an advanced proxy architecture, provide superior defence against advanced threats, protect critical business information, and help ensure secure and compliant use of the cloud and web.
The third is focused on email security, whereas multiple layers of protection (including threat isolation) protect against ransomware, spear phishing and business email compromise, together with analytics to identify targeted attacks, protecting email against user error and data leakage.
The final piece of the Symantec ICD story is cloud app security. The company offers products that secure cloud access, cloud infrastructure and cloud applications, providing visibility, data security, and threat protection to safeguard users, information and workloads across public and private clouds.
“Digital transformation is happening very fast. The most effective approach to safeguard it through a controlled data platform,” says Varkey. “Symantec has thus focused on these key four termination points,” he adds.
The Symantec integrated platform rests on a foundation of five key components.
The first one is threat intelligence where Symantec, which maintains a vast threat intelligence network, applies deep security research, expert analysis, and artificial intelligence to monitor and synthesize 9 trillion rows of telemetry daily, helping discover and block numerous targeted attacks and cybercrime incidents.
Symantec is also applying artificial intelligence and machine learning to analyse massive amounts of control point data and sift through Symantec's entire telemetry set to identify potential threats and accelerate response and remediation.
The company’s APIs and ICD Exchange simplifies integrations with ICD, providing enhanced protection, investigation, and remediation across Symantec endpoints, networks, email, cloud applications, and third-party products.
The ICD Manager provides shared management capabilities to provide customers with unified visibility into threats, policies and incidents, helping them to reduce incident response times from days to minutes.
Finally is built-in automation which simplifies investigation, accelerates response times and minimises damages from attacks, while reducing manual processes and cost of security operations.
Symantec also wants to bring in the larger ecosystem.
Earlier this year, Symantec launched Integrated Cyber Defence Exchange, (ICDx) a free software solution that simplifies integrations between Symantec products and a range of partner products.
By standardising the interfaces between Symantec’s range of enterprise security products and an ecosystem of technology partners, Symantec can provide customers with a single point of integration that only requires configurations within a single console in order to centralise, normalise, archive, filter and forward events from all supported Symantec products.
It also provides partners with a single interface to leverage event data and response actions available in Symantec products for the endpoint, email, network, and cloud security.
“Even if you are not using our products fully, we are open to integrating with other technologies. Ultimately, you benefit from a consolidated policy approach,” says Varkey.