Page 21 - Cyber Defense eMagazine April 2023
P. 21
It’s essential to build a flexible and scalable infrastructure so that as your needs evolve, you can evolve
your security stack to meet your needs without having to scrap everything and re-design again from the
ground up.
Flexibility comes from the ability to deploy best-of-breed solutions for your organization’s specific security
requirements. The potential downside of this approach – and the reason all-in-one solutions initially seem
attractive – is data can become “siloed” within specific tools or teams. The solution is to make integration
capability a key attribute of any security tools you are looking to deploy - hopefully, you did this with the
tools you have already in place!
Recognizing customers’ needs to integrate solutions from different vendors is thankfully forcing vendors
to focus on building this capability into their products. Integrating security tools dramatically improves
visibility and flexibility – allowing you to collect and collate data to see related events in context.
Integration is also essential to enable automated or streamlined workflows.
Again, it is imperative to understand what are the key sources of evidence that your teams and tools
need access to if you want to ensure better ROI on your investments. The world’s best detection tools
can’t be effective if they can’t see all the data. The same goes for your teams.
As workloads move to cloud and hybrid-cloud environments, security teams are realizing they’ve lost
visibility into network activity. As a result, many organizations are investing in solutions that give them
greater control over, and visibility into, network traffic across the entire network. Building flexible and
scalable traffic monitoring and evidence-collection into the infrastructure at the design level ensures your
security teams always have visibility into what’s currently happening on the network -- and can look back
to see precisely what happened yesterday, last week or last month when needed.
Organizations are also realizing that the flexibility and scalability that cloud technology has delivered in
the datacenter can be a feature of their security tool suites as well. Where traditionally security solutions
were hardware based – firewalls, IDS and IPS appliances, and appliances for email or malware scanning,
DDOS protection etc. – most security vendors now offer virtualized versions of their solutions for public,
private, or hybrid cloud environments.
Virtualizing security functions can help eradicate “appliance sprawl” and allows organizations to design
far more scalable, flexible environments where different security functions – often from multiple vendors
- can be consolidated on common hardware to reduce both CAPEX and OPEX costs. Once these
functions have been virtualized, the process of upgrading part of the security stack or rolling out new
functionality is simpler, faster and cheaper. No longer do rollouts take months: they can now be done in
hours or days. Moreover, deploying a new function is typically far less expensive because it is a software
subscription rather than a costly hardware purchase. In short, virtualizing security functions can help
organizations evolve to meet new threats quickly and affordably when gaps are identified.
Conclusion
Security practitioners often say effective security boils down to three things: People, Process and
Technology. By focusing on making people more productive, processes more efficient, and infrastructure
21
