The “Convergence Confusion” for the Info Security World
With so many great software toolsets, appliances and SaaS based security products in the marketplace in 2024 it is hard to imagine not being able to successfully secure your systems… if you have enough budget. For those with healthy security budgets, this has created a “how much is enough?” challenge as vendors have pushed forward a wide variety of tools that have begun to provide overlapping capabilities.
For those providing security toolsets, the opportunity to expand into adjacent security markets has been all too tempting, often resulting in subpar service expansions in an attempt to grab additional revenue streams from existing clients. The potential to have one company provide true end-to-end security is particularly strong for providers with clients that have installed their agent software on all of their PC’s and servers. But just how far could these organizations take their products across the realm of information security markets?
I don’t think there’s a limitation. SIEM, EDR, AV/antimalware, Firewall, Vulnerability Management, and Zero–Trust enabling toolsets can all take advantage of existing client software deployments, increasing the odds that within this competitive marketplace, the tools you already have in place will continue to include additional, beneficial features that overlap with competitive tools. As these companies continue forward with their development many will begin to use fewer tools, and need to make a choice of which vendors will serve them best.
A few key elements to keep in mind while attempting to narrow down your list of security providers over time:
- Consider the benefits of those with great client software agents (as a part of their current solution) for Windows, Mac and Linux. These vendors have already committed to supporting all of the platforms you need to support for your organization, enabling you to use fewer vendors. Client software is essential for quality AV/EDR, SIEM Analysis, and Zero Trust, adds helpful features for many firewalling rules, and can offload significant server processing when used in conjunction with Vulnerability Management.
- Consider those with quality, easy-to-use SIEM products already developed. Your vendor/tool consolidation is going to require an increase in centralized log management processing, behavioral analysis, telemetry, and day-to-day management. If your tools aren’t quick to respond, easy to use, and allowing you to quickly come to conclusions while threat hunting…your frustrations will grow should that difficult SIEM become the platform you now use for all your security analysis.
- Zero-Trust services are a simple, effective step forward, but do not contain unique features. A small organization can use a high-speed internet connection and a next-generation firewall to achieve most (if not all) of the functionality that a Zero-Trust toolset is designed to provide. Some vendors in this space improved the ease with which Zero-Trust can be deployed, but the foundation of what they provide is built into other tools. We may see the core functions they provide begin to merge into other security agent-based products (SIEM with MDR, EDR, etc).
Agree? Disagree? Let us know what you think. Should you want to chat about it sometime with our teams, just reach out and we’ll schedule some time.
If you’d like guidance from OFFSITE’s Network Operations Center, give us a call (262) 564-6500.
About the Author:
Joe Cox – CISO & Chief Compliance Officer at OFFSITE, LLC
Responsible for Research and Product Development for a comprehensive set of IT Security and IT Compliance Services including SIEM Deployment and configuration, uncovering system and network vulnerabilities, threat hunting, compliance reporting and team management. Extensive management experience of Rapid7, Microsoft & Splunk SIEM products and services (Microsoft Sentinel & Defender platforms, Rapid7 InsightIDR & InsightIVM, Splunk, SentinelOne).