CISOs buying into unified security proposition

Non-integrated point solutions make enterprise cyber security more challenging, thereby damaging confidence in security, making it harder to gain an accurate picture of what is going on, and wasting time managing multiple suppliers, according to a plurality of IT and security professionals.

This is the key finding of a Dimensional Research survey of 411 security specialists conducted on behalf of security firm Check Point, which set out to examine IT leaders’ attitudes towards consolidated security services.

The study found that close to 50% of organisations tended to deploy anywhere between six and 40 security products around their estate, and virtually every organisation quizzed used multiple suppliers, with larger organisations tending to use more.

A total of 98% of organisations said they were using multiple consoles to manage these products, making it impossible to get a truly holistic view of the threat landscape and complicating responses to any incidents that flare up.

Meanwhile, the never-ending process of maintenance, upgrade, contract renewals and other activities related to “the care and feeding” of a security solution caused a headache for 79% of security professionals.

“Some organisations operate under the false assumption that more products translate to more security. However, in this situation, global security leaders should adopt the less is more mentality,” said Ian Porteous, Check Point regional director of security engineering.

“Adding multiple products from different suppliers simply adds more complexity and can potentially undermine the organisation’s security. Enterprises need a consolidated cyber security solution that strengthens their defences while improving their agility against all forms of attack.”

Check Point said that many of those who responded to the study believed prioritising supplier consolidation would lead to a better overall security posture, and many were taking advantage of the shifts occasioned by the Covid-19 coronavirus pandemic to reassess their needs.

The findings support Check Point’s own views that reducing the number of suppliers enables organisations to enable a higher level of security through superior integration and fewer functional gaps between the protections that each product delivers.

At Check Point’s CPX360 event in February 2020, the firm unveiled its Infinity Next concept, which it said will address the concerns of chief information security officers (CISOs), who say that they have too much technology and too many products; of security engineers, who say that they are overwhelmed and cannot secure clouds and internet of things (IoT) estates; and DevOps teams, who say security should be automated and that they cannot wait for human approval.

In an interview at the event, Check Point CEO Gil Shwed told Computer Weekly that he sees Infinity Next as a blueprint for the next decade of cyber security.

“That is what we need to do in the next decade – to try, as much as possible, to make security simple, available and uniform, so it can fight these threats,” said Shwed.

Check Point does not, however, have the field all to itself. Cisco’s network security unit is also banging the drum for unified security solutions with its SecureX platform, a cloud-native security platform set to unify visibility across the supplier’s security portfolio and user infrastructure, enabling automated security workflows, and incorporating managed threat-hunting capabilities.

“We’re trying to solve the number one problem that every CISO has – that these environments have been built to be highly fragmented,” said Cisco chief security officer John Maynard. “The vast majority of customers have a multi-supplier security estate, and struggle with orchestrating alerts and driving remediation at scale across that fragmented landscape.”

SecureX is set to launch formally at Cisco Live later in June, which this year will be running as an online event thanks to the pandemic.