The concept of an eclectic mix of security appliances, OS and hardware that seeks to maximise security architectures through diversity may be outdated thinking.
Should we select a multiple vendor 'best of breed' product and software approach to security architecture? A design that when combined with a security event management platform seeks to provide a near real time security monitoring across multiple disparate devices?
Or might we consider a single vendor approach? One that provides a security intelligent design, derived through a homogeneously engineered approach, leveraging the power and potential of security appliances and software similarities that collaborate over a 'metaphorical' single form factor and OS. Does this actually improve security over and above a disparate architecture?
Often it is an anathema to many security folk to have a single vendor platform that by default permits any given vulnerability to be replicated across the architectural fabric, which by definition functions on the same or similar operating system and hardware platforms. Disparate vendors may remove the simplicity of a widespread vulnerably contagion, however, this may not mean an improved result if the correlation of events by devices remains separated to such an extent that the true security posture of the enterprise remains relatively unknown! Add to this mix the pertinent fact that the IT security team's skills often never quite reach an order of magnitude to adequately tackle the array of completely separate devices and software involved and we may observe that the very creation of deliberately engineered diversity, may ironically increases exposure to risk.
Below are a few considerations to guide any business weighing up the options and decision making dilemma.
Multiple Vendor Approach
Permits best of breed for each point solution
May reduce the risk and of vulnerability contagion
Potential of improved security if accurate correlation of events is achieved
No single vendor lock- in
Architectural complexity increases difficulty in containing and restricting breaches
Testing and proof of concept of disparate platforms and architectures increases time to deployment
Multiple vendor procurement rarely delivers optimum commercial benefits
Higher costs of IT security training, with team's rarely achieving SME (subject matter expertise) across every device
Single Vendor Approach
Potential to increase security posture, with homogenous event capture and single management view
Reduced operational IT training and maintenance costs, with the increased ability to achieve SME (subject matter expertise) level for chosen technology
Easier to quarantine breaches
Maximise the return on capital expenditure by leveraging assets across the security infrastructure through feature enablement
Single platform decreases evaluation, testing, proof of concept, and time to deployment
Provides commercial economies of scale that procurement may leverage
Potential of increased risk and speed of vulnerability contagion across a single platform
Single vendor lock in
The decision cannot purely be made on security considerations alone. Financial impact on the capital investment and operational expenditure will also have a role to play. Inevitably a balance must be drawn with regard to return on investment in terms of the achieved level of security and total cost of ownership. Therein lays the magic that the strategic thinker needs to bring to the table. Food for thought for any of today's challenged decision makers.
Steve Maslin is an Independent Security Strategist and Business Consultant with CISSP