This year’s RSA Conference (RSAC) is taking place from May 6 to 9 at the Moscone Center in San Francisco. The conference serves as the epicenter for the global cybersecurity community to converge, gain valuable insights, engage in deep conversations, and discover transformative solutions that can change their business model. The Expo also reveals the latest advances in cybersecurity technology from over 600 of the world’s foremost vendors.
So, as you look to navigate RSA, with so many vendors, approaches and solutions, how do you know what cybersecurity solutions you should be investing in? Will they work with your current tools and solutions? What about future solutions?
Right now, many SOC teams are at a crossroads, torn between choosing vendor-based platform solutions or best-of-breed products. Here we help you analyze the vendor landscape and understand what questions you should be asking to not only stay one step ahead of the ever-evolving threats of today, but also anticipate the challenges of tomorrow.
Seek to eliminate security tool siloes
Today’s SOC teams face an uphill battle with fragmented tools and data silos. There are also major challenges around alert fatigue and overloaded SOC teams who, despite all their tools, end up undertaking manual investigations to determine the best response. This is causing SOC burnout, with more than two-thirds (66%) likely to change jobs in next year.
Siloed security tools are a big part of this challenge because they are hard to manage and often data from one doesn’t correlate or integrate with another. This limits opportunities to achieve visibility across the digital environment and apply findings uncovered in one area to risks relating to another.
Platform versus best of breed – weighing advantages and disadvantages
Most organizations are utilizing both vendor-based platform and best-of-breed security tools, some of which they may be looking to consolidate. Platforms promise a streamlined interface between the vendor’s solutions within your environment, but they have drawbacks and often lack the functionality and features provided by best-of-breed solutions.
To deliver a platform, a vendor needs a very wide set of products and services and it needs to be capable of developing and refining them all over time. It’s therefore important to ask questions around the product roadmap and direction so you can understand how comprehensive the vendor’s platform really is and whether it will evolve and scale with your needs.
One of the main advantages that best-of-breed has over a platform approach is that it allows customers to choose the most suitable and effective tools for their specific needs and preferences, and benefit from the innovation and expertise of specialist vendors.
However, best-of-breed solutions also have drawbacks, the SOC team may have limited visibility across the entire attack surface, limited workflow integrations, Also, as mentioned above, the tools could be siloed and this can lead to challenges integrating intelligence across the whole environment.
Integration with other tools
One of the key questions you should be asking vendors, when looking for the optimum solution, is how well their platform or solution integrates with other tools.
It is important that you understand your strategy before you get into any conversations. For example, you may be looking to consolidate several tools to reduce complexity, but you will still need to integrate those you do select.
Unfortunately, there is little incentive for many of the large vendors to work with their competitors, which often limits integration opportunities between them. On the other hand, best-of-breed providers know that they must integrate and work with an ecosystem of organizations and competitors in order to deliver comprehensive defensive capabilities. Additionally, when you integrate with a broader ecosystem of providers, you are able to leverage intelligence, information and data from other tools. This enables broader visibility and additional control.
It is also worth noting how existing and new regulations play into your decisions. Often regulatory environments prefer best-of-breed solutions but recognize that integration is essential to get the full picture.
Breadth versus depth – the value of the depth of information
A vendor may have a wide breadth of integrations with third-party providers, but these might not go that deep. Ideally, integrations won’t be merely surface level, but will draw on the deeper capabilities of the complementary solutions. Therefore, it is important to understand the depth of these integrations and whether they will meet your needs.
At the end of the day, if you are building out a platform approach you will inevitably still have some technologies that you need to integrate. Additionally, you should be aware of the issue of vendor lock-in; customers that rely on a single company for their entire security environment, rarely move off that platform. So if you are committing to a dominant vendor, you need to ensure it has flexibility to incorporate those best-of-breed solutions that you still want to use.
Central to this is asking how robust the vendors APIs are. I say this because legacy vendors, that evolved in a standalone environment, may have limited APIs, meaning that there will be less that the SOC team is able to do from an ecosystem standpoint. The extent and limitations of your capability to integrate with other third-party solutions will be dependent on how robust your platform provider’s APIs are.
At the end of the day, SOC teams want to quickly identify which events matter the most, eliminate alert fatigue and enable more value-added activities. They want to use vast amounts of untapped event, network, ecosystem, and DNS intelligence data to move from a reactive to a more proactive posture. They want to stop threats before they occur, starting with proactively hunted threat intelligence and insights derived from massive dataset analytics.
Therefore, before you set off to RSA this year, here are four additional points to consider:
- Assess your current and future security needs and challenges and prioritize the most critical and urgent ones.
- Evaluate the existing and potential products and services that can address your needs and challenges, and compare their features, benefits, drawbacks, and costs.
- Consider the reliability and reputation of the vendors and their vision and direction for the future.
- Beware of the risks and trade-offs of consolidation in the cybersecurity landscape. If your tool vendor’s plans are misaligned with your strategic goals, and they get acquired by another company, it’s likely to change its product roadmap, support, and pricing structures.