Glen has over 30 years of experience in Information Technology and Information Security with proven thought leadership. Prior to Check Point, he managed networks for national healthcare providers, and ran the Cyber Security practice for a Check Point reseller/integrator. Over this time period, he worked with many Fortune 1000 customers and federal, state, and local government agencies, architecting and managing high profile network and security projects. Glen currently leads the engineering teams for the Mid-Atlantic and Federal regions at Check Point Software.
In this thought leadership interview, Glen Deskin discusses how organizations can improve threat intelligence, reduce costs, and achieve better outcomes via security infrastructure. Leverage innovative, process-centric ideas that can seamlessly drive high-value results. These are premium cyber security insights that you won’t want to miss.
For readers who may be unfamiliar, can you explain the utility of a consolidated cyber security solution?
Consolidation means changing from best-of-breed, a model within which decision makers typically chose a specific product for a very specific need or technology niche.
For example, security leaders would look at industry analyses, or perhaps do a product bake-off, and then pick something that solved their endpoint problem. Then, they would choose something that solved their email security, based on a similar approach. Thus, security leaders would end up choosing multitudes of vendors and have too many systems to manage effectively.
The idea behind consolidated security is that one vendor, or fewer vendors, can offer better security across different product categories, leading to cost savings, efficiencies and omitting the challenge of dealing with a variety of unique third-parties and specialized tools that don’t work well together.
What should CISOs consider when exploring different security solutions?
Integration between the multiple components is a key. If enterprises wanted to bring their number of vendors down from ten to, say, three, the objective would be to choose a combination of vendors that provide the top security or the preferred level of security, while simultaneously proving an integration. Ultimately, organizations should be looking to achieve ‘single-pane-of-glass’ visibility.
By choosing components that integrate well together, organizations can get that single-pane-of-glass visibility and also get good interaction between components, which is one of the essential components of strong shared threat intelligence.
What should CISOs know about costs associated with consolidated cyber security solutions?
When you have fewer vendors, you often pay less in maintenance fees. Broadly speaking, additional soft costs include the costs around operational personnel time, training, and the cost of taking too long to adapt security to the business objectives. All-in-all, a consolidated security platform allows organizations to be more efficient and to manage budgets more effectively.
If organizations implement consolidated solutions, how can they show the effectiveness of spending?
Consolidated solutions translate to better prevention. The components will work together seamlessly, meaning fewer gaps in security for hackers to exploit, and better overall visibility. Consolidated solutions also enable organizations to address security incidents more efficiently than they might be able to otherwise. When organizations consolidate solutions, we generally see that decision-makers manage to cover the entirety of the security landscape more effectively.
Phishing prevention is key these days. Are consolidated solutions better at phishing prevention than best-of-breed?
Consolidation allows for better shared threat intelligence, which results in more accurate threat detection. In turn, more accuracy enables administrators to identify and defend against phishing threats more effectively.
How does a consolidated security solution assist with ransomware prevention?
A lot of the time, security incidents are multi-vector, multi-platform. If organizations have the shared intelligence that can communicate information about malware credential theft, and tie that to what’s seen in another threat vector, administrators can pull the information together and better prevent attacks across a variety of vectors.
Threat hunting within the environment also helps, and having the ability to detect previous attempts at compromising an environment is key. Let’s say we had one phishing attempt, and perhaps something got through, and there’s a component within the environment that perhaps hasn’t detonated yet…And then there’s a second attempt, and a second indicator…Using all of this information, administrators can go back and conduct a kind of retrospective analysis, looking at what may have already occurred that hasn’t yet turned into an emergency. So, threat hunting can a key piece of the puzzle too, and this is better enabled through a consolidated solution.
How can consolidated cyber security solutions help with automation?
Again, that integration, I think, is probably the simple answer; tighter integration, and therefore, fewer components to deal with. If we look at it in detail, there are integration points or API’s. If an organization has to deal with programming integrations for 10 different vendors, and programming all that interaction or finding tools that work with 10 different products, it’s a lot easier to find tools that work with three or even two vendors than to find a tool that may cover an entire gamut of what the organization might be running.
It’s becoming less of a challenge today because a lot of tools have broad industry standard support through REST APIs for example, but we know that support is better for some tools more-so than others.
If you have an entire Check Point solution, we have generally have common API and integration points. So it’s easier to provide automation due to the similarities across that entire security platform.
Are there any drawbacks to implementing a consolidated cyber security architecture?
One common thing is if you’ve got maintenance contracts that are expiring; perhaps one’s another year away, and ones expiring next month… Then, the logistics of co-terming all of that from a procurement perspective, and from a contractual perspective, can sometimes be a little challenging. But I wouldn’t call it a drawback because the net is a gain. I think the end goal is worth the effort there, of course.
Anything else that you wish to share with the Cyber Talk audience?
The whole idea of consolidation centers around visibility and costs. In choosing a best-of-breed approach, organizations go buy another product, spend more money, but aren’t necessarily optimally secure. If we look at the last year and a half with the pandemic, we see that organizations spent more on security, however we’ve also seen dramatic increases in security incidents. The spend and spend approach can lead to sub-par results. And that’s where I think consolidation helps and delivers high security performance outcomes.
Discover more cyber security insights via the CyberTalk.org newsletter. Sign up here.