TMCnet Feature
June 10, 2021

The Inevitability of Using Security Controls from Different Vendors and How to Unify Them

What’s wrong about an organization using an antivirus from one security firm, firewall from another company, VPN from a different source, and other security controls from various other providers? Nothing - there are no studies that present compelling advantages in using security solutions from a single provider.

However, there is also no research showing that the use of security controls from different providers creates significant advantages. What is clear is that it is inevitable for organizations to employ security solutions from different firms. It has become the norm for virtually everyone to utilize security solutions from different brands or companies.

Why multi-vendor security is inevitable

It would be presumptuous to point out the exact reason why organizations use multiple vendors for their security needs. However, it can be inferred that this has been the case because of the way the cybersecurity industry developed.

Ransomware, DDoS, phishing, and other commonplace problems at present were not that much of a concern during the early years of the computer. Cyber threats slowly emerged. The history of cyberattacks is said to have started with the 1988 Morris Worm, which was originally intended to assess the size of the internet but ended up crashing computers.

This attack, unfortunately, inspired the development of more sophisticated systems aimed at harming computers. After which, viruses and other malware were developed. In response to these attacks, programmers came up with solutions that targeted specific issues. Cybersecurity firms started with focused solutions, not comprehensive cybersecurity platforms.

As such, security firms came to be known for specific security products such as antiviruses and encryption services. Many of the common threats now did not exist before. All-in-one security packages did not exist back then. It was only years later when cybersecurity providers developed comprehensive systems that not only detect and eliminate computer viruses but also scan email attachments and links or perform other security functions.

It was only in the past decade or so when vendors developed multifunction security solutions or comprehensive security software packages. Even with these, not all threats and cybersecurity needs are adequately addressed, so organizations still have to use solutions offered by other vendors.

Completely relying on a single cybersecurity firm for all security requirements is not that viable for now. No single cybersecurity firm has all the solutions organizations need to ensure a solid security posture, let alone the reputation and proven track record in addressing the most sophisticated new attacks.

The security testing dilemma

One of the crucial parts of modern cybersecurity that did not exist previously is security testing. Back then, it was large enough to have the right cyber defenses in place. The attacks were not as overwhelming and rapidly evolving as they are now. There was no urgency to regularly and continuously test security controls because cybercriminals were not as persistent and ingenious.

Now, a day or even just a few hours can be enough for some hackers to find their way around cyber defenses, bypass preventative measures, or completely defeat existing security systems. It is no longer enough to simply have the right security controls. Security penetration testing has also become a necessity.

Notably, security firms very rarely offer cybersecurity systems and security testing platforms at the same time. Companies that offer anti-malware tools, for instance, tend to not offer breach and attack simulation (BAS) platforms—which makes complete sense. Why would consumers trust a company to provide an effective testing system for the security products the same company offers?

It’s like Google (News - Alert) offering the solution to get rid of ads on its web browsers, Chrome OS, and Android system. It is simply not happening. It does not make business sense for Google and it is insensible for anyone to believe that such a solution will be genuinely effective.

The need for security testing alone provides a strong argument against the overreliance on a single security provider to handle everything. It is inconceivable for companies to offer something that will reveal the weaknesses or ineffectiveness of their other products.

Unifying security controls

The use of security controls from different vendors is not necessarily problematic, but it presents serious challenges. For one, it results in complex cybersecurity policies, which can adversely impact efforts to keep cyber threats at bay.

One online survey among IT security professionals found that multi-vendor IT security environments induce greater risks. The study reveals that 43.7 percent believe that such environments make it unavoidable to have “too many policies to manage,” while 49.6 percent say that the use of solutions from multiple vendors makes it necessary to have different expertise for different vendors.

Complex cybersecurity policies and the need for more expertise in relation to the use of multiple systems from different vendors are a bane to efficient cybersecurity. They can make it difficult to detect vulnerabilities and conduct unified monitoring. Some systems also do not support seamless integration with other systems, something that hampers automation and more agile responses to threats and attacks.

According to the same study above, manual security management remains to be the norm. Around 75 percent of organizations reportedly handle their network security manually. This is true even for large companies. More than half of the IT security professionals surveyed say that they manage their devices manually through their respective vendor-supplied consoles.

With the inevitability of multi-vendor IT security environments, there is a need to unify different security controls. The good thing is that the way for this unification is no longer just a pipe dream.

Automated continuous security testing, in particular, even with the use of multi-vendor security controls, is already easily achievable. There are platforms that make it easy to gather threat intelligence, monitor immediate threats, validate security controls, achieve better security posture management, and automate purple teaming and security assurance. These unification platforms are even designed with intuitive controls and a “one-click” scheme of operation.

Even better, these platforms take advantage of the MITRE ATT&CK framework to leverage the availability of an authoritative knowledge base of adversarial tactics and techniques to facilitate speedier threat detection, identification, mitigation, remediation, and prevention.

In conclusion

It is almost impossible to find an organization that can attest to the good outcomes of having security controls and security testing from the same company. The setup is not only far from ideal but also detached from the reality that virtually zero organizations exclusively use cybersecurity solutions from the same vendor. With this, it is a must to unify existing security tools from different vendors and promote collaboration and a unified front against new, more complex, and highly persistent cyber-attacks.

» More TMCnet Feature Articles


» More TMCnet Feature Articles