Pete has 32 years of Security, Network, and MSSP experience and has been a hands-on CISO for the last 17 years and joined Check Point as Field CISO of the Americas. Pete’s cloud security deployments and designs have been rated by Garter as #1 and #2 in the world and he literally “wrote the book” and contributed to secure cloud reference designs as published in Intel Press: “Building the Infrastructure for Cloud Security: A Solutions View.”
In this interview, Check Point’s Field CISO, Pete Nicoletti, shares insights into cyber security consolidation. Should your organization move ahead with a consolidated approach? Or maybe a workshop would be helpful. Don’t miss Pete Nicoletti’s perspectives.
What kinds of struggles and challenges are the organizational security leaders that you’re working with currently seeing?
Many! As members of the World Economic Forum Council for the Connected World, we drilled into this exact question and interviewed hundreds of executives and created a detailed report. The key findings are: Economic Issues, IoT risks, increase in ransomware, and security personnel shortages all impacting budgets. Given these issues, our council recommended that security spend remain a priority, even in challenging times, since we all know that security incidents cost 10x to 100x verses budgeted expenditures.
How are CISOs currently building out or transitioning their information security programs? What kinds of results are they seeing?
In challenging times, CISO’s are looking hard at their tool set and seeing if there is overlap, or redundant tools, or underutilized tools. CISO’s are also evaluating their “play-books” to ensure that the tools in-use are efficient and streamlined. CISO’s are also keen to negotiate ELA’s that give them lower costs with flexibility to choose from a suite of tools to support the “speed of business.”
Security teams need to be trained and certified on their tools in use, and those budgets are under pressure. All these drivers lead to tool consolidation projects. Our customers are frequently very pleased with the normally mutually exclusive benefits: Costs Savings and better efficacy once a consolidation program is launched.
What are the key considerations for CISOs in deciding on whether or not to consolidate information security solutions? Can CISOs potentially lose capabilities when consolidating security and if so, how can this be addressed, if at all?
Losing features when consolidating is a valid concern, however, typically we find more advantages after consolidation: Lower training costs, higher staff satisfaction, fewer mistakes made, and the real gem: higher security program efficacy. We also see our customers leveraging the cloud and needing to extend their security protections quickly and easily, and our Check Point portfolio supports this using one console. With all the news of our peers experiencing exploited security vulnerabilities and other challenges, we are continuing to gain market share and happy customers.
How should CISOs go about deciding on whether or not to consolidate cyber security? Beyond cost, what should CISOs think about?
The number one consideration should be efficacy of the program. CISO’s are realizing that very small differences in efficacy lead to very large cost savings. The best security tool for the job should always be selected knowing this. An inventory of tools and the jobs they are doing should be created and maintained. Frequently, CISO’s find dozens of tools that are redundant, overlap with others, add unnecessary complexity, and that are poorly deployed or managed and not integrated into the program. Once the inventory is completed, work with your expert consultant or reseller to review and find redundancies or overlaps and kick-off a program to evaluate technical and cost benefits.
What can organizations achieve with a consolidated cyber security solution?
As mentioned previously, the number one goal of the program should be improving efficacy and our customers do report this. Efficacy lowers the number of false positives, lowers the number of real events and decreases overall risk. Other savings are found with lower training costs, faster run book execution, fewer mistakes and the ability to free up security analysts from wasting time on inefficient processes. Those analysts can now be leveraged into more productive efforts and ensure that the business growth and strategies are better supported.
As a seasoned professional, when you’ve worked with CISOs and security teams in moving to a consolidated solution, what’s gone right, what’s gone wrong, and what lessons can you share with newbie security leaders?
Any significant change in your tool set needs careful consideration and evaluation. Every new tool needs to be tested in lab and moved, as appropriate, into production. You need to find all the gotcha’s with any new tool going inline before they cost impact.
Don’t rush this testing step! Ensure that you have good measurements of your current program so you can easily determine improvements with new tools or consolidation efforts.
If CISOs decide against consolidation, how can they drive better value through existing solutions?
Ensure that the solutions you are using are fully deployed and optimized. We frequently uncover many tools that are underutilized and ineffective. Sit with your staff and watch their work. If they are cutting and pasting, logging into and out of multiple tools, not having the time to address every alert, or are making excessive mistakes, it may be time to have Check Point come in and do a workshop. Our very experienced team will review the current program and provide thoughts and ideas to improve the program. Even if consolidation is not selected, other findings may help improve the program!
Are there any other actionable insights that you would like to share with cyber security leaders?
Every security program is different, and your challenges are unique. But, you can’t know everything, so, consider working with your trusted partners and invite Check Point in to do a free discovery workshop. Cloud maturity, consolidation program consideration, Zero Trust program formulation, and many others are available. As a CISO, you may have some initiatives that need extra validation, and we are standing by to help propel your program.
And for an even stronger security strategy, be sure to attend Check Point’s upcoming CPX 360 event. Register here.
Lastly, to receive cutting-edge cyber security news, best practices and resources in your inbox each week, please sign up for the CyberTalk.org newsletter.