I am constantly bombarded with technologies, ads, and well meaning emails that tell me that if I just "use this product" or "invest more in my Cybersecurity through this partnership", it will be the silver bullet to solving all my cybersecurity concerns. And the fact is, that's simply not true. There is no "silver bullet" product that will solve your security needs. The truth is straightforward - Security is a Process not a product. And the first understanding I ask is that it is important to realize it is more than likely vendor agnostic.
Veterans in the space will tell you that there has always been a strong drive by various IT Security vendors to have "comprehensive" packages that cover all of the various technologies that might be required by an organization. Packages that include a suite of products such as:
The difficulty isn't that it is a bad idea to use a vendor for as many solutions as make sense, it totally makes sense to bundle strong technologies that work well together. It is that some of these technologies... don't.
An important fact is that most of these "comprehensive" packages are the result of a Cybersecurity vendor acquiring various competitors and complementing products to be able to sell the fact that they have these technologies all together. Sometimes, these cooperate well, they use a single console, they make perfect sense and integrate 100%...
Other times? Not so much. In one case I can think of, there were 5 different Security Consoles (with separate logins) from a single vendor's Comprehensive Security Suite. Some people reading this can probably guess which one, but the point of it is that this is because these products were not co-developed or built with the impression they would all fit together. They were, after acquisition, brought together into a single security suite in order to improve the sales of one or more of the other products included.
And it IS effective for selling licensing. So I understand why vendors do it, and in many cases, companies need all the products being included - even if they don't think they do. But the most important part of seeing cybersecurity is realizing that sometimes a single Product is not a Solution, a single Security Suite, is not your Cybersecurity Architecture. Distinguishing the difference is key to understand how to protect it.
As time has gone on, there have been rapid increase in the number of and sophistication of Cybersecurity Threats. And being a generalist is not a place you want to be when criminals are attacking with incredible sophistication, and we started seeing siloed security solutions that are each a different security vendor.
Cybersecurity has become Vendor Agnostic because often companies need more than what any single vendor can provide, either through the sophistication of their own Cybersecurity environment, or because of the specific needs of their organization. Regardless, using a single vendor is very much a thing of the past.
One, I don't know your environment, so I'm not saying that...
But two, you probably aren't using just one vendor. As I said above, vendors have acquired multiple technologies that may don't fully integrate in their "comprehensive" suite, so often though it comes from a single vendor it's actually from multiple development teams. Which is both a value and a problem.
Problem because it means that when you try and handle / resolve the problem each development team will try and blame the other for the issues - much like what happens when you call into Microsoft Support. Spoiler, it's never Microsoft's fault.
Value because it means that one technology may catch a vulnerability the other technology simply does not, due to different development cycles - or even intent.
That value is why Cybersecurity *SHOULD* be vendor agnostic. You want a layered security process that makes room for failure of individual products, while not compromising your overall security.
As a valued security partner to our customers, we don't simply want to sell a product to solve problems. We want to work with your teams to support the various Cybersecurity technologies - we offer full management of various Cybersecurity products that does not require the purchase of additional licensing through us - or take our suggestions on what security products might improve your environment, we want to do both.
One of the ways we want to help our customers or would be customers is to invite them to our Webinar June 29th @ 1 PM EST to talk about "Winning the Unfair Fight" against Cybercriminals, and how having the right tools can make the difference between a successful cyber attack and a thwarted one.