Securing heterogeneous environments while minimizing cost and complexity with integrated solutions
Melissa Stevens 270005B76W MELISSAS@US.IBM.COM | | Tags:  securityintelligence networksecurity advancedthreatprotection itsecurity
0 Comments | 4,616 Visits
Guest post by Dr. Jean Paul Ballerini, Sales Enablement for IBM Security.
But first- let’s discuss how we’ve gotten to this point. The way our environments have become heterogeneous is often the result of this cost-savings driver. We are led into the temptation to look for an affordable point solution that satisfies the need of a new platform, a “quick and dirty” way to prove compliance, or a pure cloud security solution (whatever this means). The hidden cost invariably is the lack of integration. Every point solution brings a new management platform, new processes to be introduced in the company and, of course, additional complexity.
Every quick fix turns out to be quick only once; the second time around things don’t work out the way did at first, or the solution doesn’t meet the requirements of other regulations. A product tuned to fit a specific architecture doesn’t allow us to easily secure multiple points, so there either is a larger cost in doubling the solution or in a reduced level of security.
So what can or should we do? The answer is consolidation and correlation.
Consolidation tackles two aspects which are extremely extensive in their impact on the security strategy.
First, the security measures that are implemented need to work in heterogeneous environments. We cannot afford to have security measures dedicated to a specific architecture living isolated from everything else; it is costly and ineffective. How can any company be satisfied with a solution that fits well the cloud architecture but not a traditional one? Not only do the management cost and time double, but the capacity to correlate events is seriously stretched.
Second, companies can less and less afford the cost, time and complexity of dealing with multiple (often dozens of) vendors. Consolidating the number of vendors on the one hand is often a guarantee of good integration among different areas of security (e.g. identity management and threat management). On the other, it gives companies time to concentrate the effort related to managing the relationship and obtaining better deals.
Whereas consolidation can highly improve any company’s capacity to manage and respond to security issues, there is additional value in the increased intelligence gained when all the information from all sources and devices in your network is collected and correlated. For example, often the entirety of data output from the networking infrastructure (e.g. log from switches and routers, all the “allows” from firewalls…) isn’t considered security information; yet, when an incident is detected it is crucial to be able to reconstruct the incident itself as well as link it to the related the data flow which might lead the analyst to victim #1 or, even better, to the source of the incident. It is then that the knowledge gained from this correlated and consolidated data becomes security intelligence.
Is this an easy path? Not necessarily; this process requires good communication among departments, sometimes it might require the replacement of existing point solutions , and it requires a proactive approach to securing an IT environment, rather than just reacting to the latest security trend. Is this the best path? I am strongly convinced it is; a consolidated security solution, one that secures heterogeneous environments and yet maintains a high level of integration, thus favoring the correlation of information, will reduce complexity and, consequently, minimize costs. This high level of integration is one of the basic requirements to enable a company to better identify emerging and advanced threats; it enables the security staff to have the necessary visibility that allows them to identify incidents much sooner hence preventing or limiting their impact.
Jean Paul Ballerini is a member of the World Wide Security Sales Enablement Team since January 2010. Prior, he was the Technical Sales Lead for IBM’s South West Europe region after having covered the role Senior Technology Solutions Expert for IBM Internet Security Systems for the previous six years. Since 2003, Ballerini has also served as the EMEA spokesperson for the X-Force, the IBM security research and development team.
He also holds a PhD in Computer Science and Law. In 2005 Ballerini became a CISSP, and since 2007 has also served as a Qualified Security Assessor for the Payment Card Industry. In June 2008 he was appointed an IBM certified Senior Technical Staff Member.