Is enterprise security broken?

The average enterprise, according to many estimates, has between 200-500 individual security products installed, ranging from multiple products deployed on user endpoint devices, all the way up to large scale network monitoring and protection software/appliances, as well as cloud-based service offerings.

Many products, especially those that have been installed for a while, are located on premises. But an increasing number are being deployed in the cloud as a service (SaaS) where many of the newest entrants are focused.

Why security is currently so hard to manage

There are numerous single-focused security-oriented products (e.g., network monitoring, data leak protection, anti-malware, VPN, user authentication, identity management, single sign on, and many more). They are brought in for a specific task and/or problem area and often not as part of some overall security plan.

With all of this complexity, the complete security posture of a company is extremely hard to manage, let alone determine. And this is not just an issue for large enterprise – small and medium size business have an equally daunting and perhaps even more difficult challenge given SMB’s generally have fewer resources to dedicate to the task.

We’re beginning to see some small steps to try and consolidate a number of these requirements into a single or small group of products. Much as we’ve seen in the move to a unified endpoint management (UEM) approach to upgrade smartphone management from a standalone to an integrated all-devices strategy, we’re beginning a similar process in security, although it’s a much more complex consolidation process that will take a long time to accomplish.

Below I’ll focus on two examples of vendors that are moving to a more consolidated approach, but from two different directions – one from the endpoint (BlackBerry) and one from the network (Cisco). Certainly these are not the only ones moving in this integrated direction, but are illustrative of the next generation of unified security products coming to market.

Blackberry’s approach to unified endpoint security

The variety and wide availability of various endpoints (e.g., laptops, smartphones, IoT devices, edge devices) for use by enterprises is creating a difficult situation. In the recent past, each would have had to employ its own security capabilities and have a unique management console, resulting in a hodge-podge of security mechanisms that IT needed to manage. But with a focus on zero trust (e.g., not assuming each device is secure in its own right and building a system to support overall security regardless), the market is moving to a single cross-device unified security platform. BlackBerry’s Spark Platform is an example of this.

[ Don’t miss: Industry analyst Jack Gold on Insider Pro ]

The platform is built on six complementary components that work on virtually any endpoint. These include the following: endpoint protection platform (EPP), endpoint detection and response (EDR), mobile threat defense (MTD), continuous authentication, data loss prevention (DLP), and secure web gateway.

Using an AI engine that BlackBerry gained when it acquired Cylance, it uses its intelligence to calculate risks, enable policy controls, confront malware threats, and protect sensitive corporate data in a dynamic fashion. It does this by creating behavioral profiles that look at what the user/device is doing and assessing whether or not this is normal and should be allowed, or the result of a malicious threat. As a result, the need to have multiple vendor unique-to-each-device anti-malware protection components is not required. Spark contains an AI-based threat protection component running on each device that eliminates the need for multiple vendors’ products, and is managed through a single console.

BlackBerry Spark does not yet have all of the components it plans to have longer term (e.g., DLP, web gateway), but even in its beginning stages, it goes a long way towards creating a single security platform across a wide range of devices that can be managed by a single console within nearly any UEM a company may have in place. This is a far more cost effective way to manage security than having potentially dozens of non-interacting stand alone components typical in most companies. And it allows IT to be far more efficient, while also enforcing a single security strategy for all devices.

I expect this unified endpoint security model to become the dominant endpoint security model within the next 2-3 years, although it may take somewhat longer for companies with already existing technology to make the change. Nevertheless, enterprises should be planning now to move towards this unified security model for increased security, better TCO, and improved user experience.

Cisco’s approach to unified network security

Much like the endpoint discussion above, most companies have a myriad of networking products in place to maintain security of the overall corporate network. This is complicated further by the fact that individual network vendors have their own unique management components that do not interact well with others. Indeed, critical infrastructure components, like VPNs, Wi-Fi access points, internet gateways, inter-office connections, etc., may all be controlled by individual management consoles, creating a huge burden on IT, and especially for smaller organizations that may not have the skills or the resources necessary. What’s required is a unified network security management capability.

As an example of movement in this direction, Cisco recently announced its SecureX as a cloud-native platform. Initially, this product is designed to integrate all of Cisco’s various security management products into a single console, as well as input from its threat intelligence service, Talos. This can go a long way to automating and extending visibility of what’s going on in the network, and reduce the number of siloed reports and consoles needing to be interpreted by IT staff.

[ Career roadmap: How to become an enterprise architect ]

Currently, most capabilities like network threat intelligence require using that data to then implement remedial action in a separate interface. The resulting disjointed workflow can severely restrict the time to mitigation of threats. Indeed, Cisco uses the example of before and after SecureX, when an automated way to identify, investigate, remediate and communicate a data breach on a laptop was reduced in total time from 5.5 hours with a manual approach to less than two hours using SecureX.

Time is critical in any potential data breach as the exfiltration of data is directly proportional to the amount of time the breach is not contained. Further, most organizations have severe resource constraints when it comes to security staff, and any automated system that can enhance the ability to evaluate and react to threats can go a long way to enhancing the security posture of the organization.

In the short-term, the biggest limitation of SecureX seems to be its relative lack of integration with non-Cisco products, although it does provide an API that in the future Cisco says will offer many more integration capabilities for other vendors’ products, although it’s unclear how many competitors will move to integrate with SecureX. Eventually, the APIs should also allow companies with unique products to do their own integration to the single pane of glass management that SecureX offers. Nevertheless, even with these restrictions, with Cisco’s huge share of the networking market, SecureX would be a major step forward in enhancing security posture, especially since Cisco expects the product to be made available to all existing customers.

Unified network security, like unified endpoint security, is an area I expect to be dominant in the next 2-3 years, especially as the need for more complex networking and elimination of new threat vectors come into play. Companies who are already Cisco-centric should definitely deploy SecureX as soon as practical. Other networking security companies will also move in the unified management space, and enterprises should be formulating a strategy now for how they plan to make the move in the next 2 years.

Say goodbye to independent security products

Bottom Line: The notion that ether endpoint or network security should be a plethora of unique and independent products that need to be interpreted and/or managed separately is coming to a rapid end. I expect most companies to move to a unified security approach, particularly as most of the tool necessary will be offered as cloud services, which makes a transition more attractive and easier to deploy. Companies must focus on unifying their security products in the next 1-2 years if they are to stay secure longer-term.