Integrated Security vs Multi-layered?

We've all seen in the past year multiple cyber attacks that have hit key infrastructure (such as the colonial pipeline attack), or the Solarwinds vulnerability which affected multiple government agencies this past year, or the more recent Kaseya vulnerability which has hit a great deal of businesses and impacted many more MSPs which rely on RMM technologies such as both Solarwinds & Kaseya.  But what it really reveals more than anything else, is that the standards for security that all levels of government are requiring are far from sufficient to handle the current threat landscape.

What does this mean for industries that have compliance requirements that are slow to update and difficult to maintain?  Well, it means spending the barest amount of money to meet those compliance requirements and take a big risk if you aren't able to maintain proper security posture... or taking a larger gaze at what security means for your company.  London Security has talked about Security Architecture in the past, and that's probably the first look a company should take.  Considering options, looking at security as more than specific technologies and solutions and as an overall security posture to be maintained and connected to general IT practices within the entire company.

Aside from that, the question becomes where does the industry need you to go in order to maintain the security practices that will provide adequate security against today's threats?  There's a few schools of thought here:

  • Integrated Security - This is the fabled "single-pane of glass" approach where you have a single console or set of consoles to feed data into and review security events. 
    • You generate policies based on the events within this console, and you make greater security policy decisions based on the information you're seeing within this single vendor approach.
    • There's a few ways this is pulled off - either through multiple vendors that integrate, or a single vendor who has a slew of security technologies of various efficacy, that you're paying for the value of their integration.
    • The realities of this model are that a good well funded security team with lots of time and resources might be able to make the most of this... if it were 2015. 
    • In today's "drive-by" zero day threat model, Integrated Security as a solution is outdated - and an ideal that Security Professionals chase because we want optimized data flows.  But it isn't realistic in today's market.  Simply having the data flows present doesn't mean you have responses built to occur in real time to prevent a breach from rapidly spreading... only that you know WHEN the breach happened when you're doing the retrospective for your management and C-suite.
  • Multi-layered Security - This is having different vendors that cover each other, in the premise that "if one vendor misses it, another will catch it".
    • This model of security has a different set of pros and cons.  The first is obvious - you have different vendors so if one vendor has a major problem, you aren't necessarily losing your entire security protections if they go down or have a huge zero-day threat issue.
    • Another pro is that if you can buy "best in breed" solutions for multiple technologies.  Not all vendors hold the "best" title for the different avenues they secure.  Cisco is great in networking... but it isn't really the best for endpoint or encryption.  That's where you could use a different vendor.
    • The cons... are a bit more complicated.  The first is that you have to find a way to look at all of the consoles data points individually, or craft / buy a solution that allows you to feed that data into it.
    • The expertise requirement is greater because you're paying an engineer to learn multiple technologies and know each of them optimally, versus a single technology or architecture and having the engineer manage that entire technology / vendor's security portfolio.
    • Finally... this is probably still a better model as more and more integrated technologies have single points of failure that can down an entire security product suite and allow ransomware or malware or hackers to get through and exfiltrate your data... when integrated solutions fail they fail spectacularly.

But... both models require additional interactions to be successful.  At this point of the security threat landscape it is necessary to have some form of 24/7 coverage for when security events occur on weekends, holidays, or very early in the morning where you don't have engineers able to respond in real time.

London Security recommends giving us a call or emailing us regarding what model you are looking at, and how you implement it.  We have security engineers to help set up your security architecture, or take over management for when you don't have the internal resources to fully handle it.  Talk to us today in order to figure out the best approach for your security, and consider talking to us about an assessment of your security architecture to make sure it can handle today's threats.