By Mark Evans, VP Marketing, Endace
The previous two articles in this series addressed Visibility and Agility as key requirements for stronger cyber defense. This last article in the series looks at the third leg of robust cybersecurity: Economic Efficiency.
According to recent research, gleaned from more than 250 global enterprises, organizations use, on average, ten different security management tools. In large enterprises, that number jumps to between 10 and 18 different security solutions.
The research also showed that even though organizations have deployed numerous security solutions, at great cost, they:
- Don’t have enough tools in the right places to detect and investigate security events (80% of respondents!)
- Find the challenge of constraints caused by Capital Expenditure (CAPEX) “significant” (75%)
- Take 6-12 months OR LONGER to acquire and deploy new solutions (budget, testing, product selection, deployment) (90%)
Additionally, organizations said they “lack visibility into network activity”, have “difficulty responding quickly enough to threats” and “find it hard to integrate tools and correlate data”
It’s clear then, that despite considerable investment in security, organizations are still not achieving their desired objectives. They are constantly on the back foot, unable to keep ahead of a rapidly evolving threat landscape. And, as covered in previous articles in this series, teams are overwhelmed by alert and platform fatigue due to lack of visibility and inefficient workflow processes that constrain productivity.
Reducing Cost and Increasing Efficiency
Network security functions typically rely on specialist hardware that can capture network traffic at high speed for analysis, therefore many solutions are appliance-based. As a result, organizations must deploy many different appliances to deliver the range of required security functions (IDS/IPS, data leakage prevention, malware detection, email scanning, etc.)
This has a number of cost and budget implications:
- Hardware-based appliances are expensive to purchase and maintain.
- Organizations pay for packet capture capability in each appliance they purchase.
- Hardware purchases consume so much budget that organizations can’t afford to deploy solutions everywhere they need them, leaving blind spots.
- Functionality is inextricably tied to appliance hardware – upgrading functionality often means a “rip-and-replace”. Without CAPEX budget for replacements, organizations must make do with solutions that are well past their “use by” date.
Virtualization has delivered significant benefits in the datacenter: lower cost, simpler infrastructure, efficient hardware utilization, greater flexibility, and rapid deployment. However, organizations have been unable to virtualize their network security solutions to realize these same benefits due to the lack of a common hardware platform.
What’s needed is a hardware platform that provides high-performance, hardware-based packet capture, and recording that can be shared by all the tools and teams that need to analyze packet data. This approach eliminates unnecessary functional duplication and allows security and performance monitoring tools to be consolidated onto a common platform.
The cost of this common infrastructure can be shared across SecOps, NetOps, DevOps and IT team reducing Operational Expenditure (OPEX) and CAPEX costs and facilitating closer collaboration. New functionality can be deployed without replacing hardware.
With packet history integrated into all their tools, analysts can more efficiently detect, investigate, and resolve security threats; moving from an alert or suspicion directly to evidence quickly and accurately. This is vastly more productive than the current swivel-chair integration resulting from managing multiple, non-integrated hardware appliances.
This series looked at three key issues facing enterprises in protecting and defending their networks: Visibility, Agility, and Economic Efficiency. By addressing all three issues together organizations can gain the clarity, confidence, and certainty necessary to effectively protect against cyberthreats.
About the Author
Mark Evans has worked in the technology industry for more than 30 years, starting as a developer and moving into CIO and CTO roles prior to joining Endace as Vice President of Marketing. He has also written extensively as an expert columnist for many technology publications. www.endace.com, @endace.