Cybersecurity strategies: Best-of-breed or integrated security suites?

gosphotodesign - Fotolia

Channel weighs integrated security solution vs. point-product approach

Channel partners can make arguments for the integrated security suite and the best-in-class point product method, but the decision ultimately rests on a customer's specific needs.

Whether to select a best-of-breed or an integrated security solution is an age-old question, and it's no different for channel partners when deciding what security products to deploy for their clients. The verdict? There is no right or wrong answer, channel security experts said; it comes down to what makes the most sense for the individual organization.

The number of highly-publicized security breaches over the years has prompted organizations to develop in-depth security strategies to protect their networks from cyberattacks. This led to a proliferation of vendors and technologies, many of which work in a siloed manner, creating management headaches for IT, especially as they have to contend with an avalanche of alerts and notifications.

As a result, some vendors now offer integrated security solution suites that tie together many elements of IT security. Channel security providers said there are advantages and negatives to both approaches.

"Security is not one-size-fits-all, so it depends on the type of organization and what their risk tolerance level is," said Michelle Drolet, CEO at Towerwall Inc., a data security services provider based in Framingham, Mass. "There are a lot of questions that need to be answered before you can make that decision."

Today's security challenges

The security product landscape has changed significantly, compared to five to 10 years ago, when companies offered products for endpoint and email protection, URL filtering and also firewalls, "and no one talked to each other," Drolet said.

Michelle Drolet, CEO, TowerwallMichelle Drolet

Now, there are integrated security solution suites from providers such as Sophos and Cisco, which purchased Sourcefire, a next-generation firewall, and Forcepoint, which purchased Websense for URL filtering, Drolet said. As a result, "There's a lot of best-of-breed products inside the integrated solutions," she noted.

For other channel companies, the decision is more clear-cut and they believe unequivocally the best-of-breed approach is the way to go. Key Information Systems, based in Agoura Hills, Calif., offers colocation and distributed denial of service (DDoS) mitigation services, and also resells Palo Alto and Cisco firewalls. Scott Youngs, Key information Systems' CIO, said that while the company takes "the best-of-breed approach" it is "also the best of breed appropriate to the client."

Scott Youngs, CIO, Key Information SystemsScott Youngs

Small and medium businesses have different challenges and different needs than a 1,000-person enterprise, he explained, since they may not have security staff with specialized skill sets for products like Splunk and Palo Alto's Traps and WildFire. The most important thing a security provider can and should do is have a conversation with clients to see if their organizations can handle different platforms for different security needs, and whether they have the right people to manage them, Youngs emphasized.

"This is the challenge with all the products that are out there," he said. "You have to move into the solution sell, not just the widget sell. You're not doing the client a service if you don't first have a conversation of 'What problem are you trying to solve?' and 'Do you have the people to run the particular product?'"

What frustrates Youngs, and what he has seen on more than one occasion, is when his company is contacted by a prospective client that bought a "fairly large behemoth" all-in-one package, and the person charged with managing it quits.

"Then we get the call, 'Hey, can you help us run this?' It's not what we do, but we can sit down and help them see what the right path forward is," Youngs explained.

He said he usually hears that management depended on that one person to run this system and there's been no cross-training, "and now they're screwed." This happens across all technologies -- not just security, he added.

Zohar Pinhasi, CEO, MonsterCloudZohar Pinhasi

Zohar Pinhasi, CEO at MonsterCloud, a managed cybersecurity services firm based in Hollywood, Fla., also believes buying best of breed makes the most sense. "The way I see it, you can't really have one suite that protects your business." He also finds that "unfortunately, and this is the reality, businesses feel they can win the war with guns," meaning having lots of security products.

A company could deploy a million dollars' worth of security products, but all it takes is one smart hacker who bypasses those systems, he said. "Customers are investing in hardware and software, compared to investing in people," Pinhasi said. "At the end of day ... finding the right IT guy can save a lot of money in hardware and software because this guy will know how to create the right protection for your network without spending a lot of money."

That said, companies should adopt a best-of-breed strategy, Pinhasi said, because "every security platform handles one specific area. Yes, you can [deploy] a security suite but, unfortunately, they're good at one piece and not the other."

The pros and the cons of both approaches 

The integrated security solution suites have come a long way, Drolet observed. Years ago, "If we had this conversation I would not be saying [this]," she said. But given how the threat landscape has grown and become scarier, she said, technologies such as next-generation firewalls and encryption have come such a long way that the suites have become more intuitive and better at providing better security.

Towerwall acts as the virtual CISO to three New England hospitals -- two in Maine and one in New Hampshire. The company provided risk assessment services and has become "the one throat to choke," Drolet said. As three disparate organizations, the hospitals use a lot of different security technologies and have a selection process requiring input from different people.

"We're helping them have those conversations," Drolet said. Because two of the hospitals were using the same technology for security information and event management (SIEM), the other hospital "got on board and said, 'Okay, we'll do that as well,'" she said.

Security is not one-size-fits-all, so it depends on the type of organization and what their risk tolerance level is.
Michelle DroletCEO, Towerwall

In this instance, the available options are IBM's QRadar and HP, which purchased ArcSight, but there's no integrated SIEM platform, according to Drolet.

"That's where there's a tradeoff with integrated solutions, and that's what we tell our customers: Do you need best of everything or do you need something that's really good and utilizes 75% of its attributes?"

Typically, clients say they appreciate that they can utilize the technologies they own, Drolet said. Echoing Youngs, she said the customer is glad to "not just have someone throw technologies at them. And that's where we need to be careful as security partners to our customers -- because if you're just selling best of breed and not really integrating it, the customer has a very false sense of security."

If an organization is only using 10% of whatever product from a so-called best-of-breed vendor, they are not protected, she emphasized. "And that scares me to death. And I think, 'Oh my gosh, how much do they actually have deployed?' And the stuff fights each other so then you have to turn it down. That's another check off box [in favor of] integrated [suites]."

A negative of the best-of-breed approach is having too many management consoles, Drolet said. "Information security is about repeatable processes, so whatever technologies you're using, you need to have documented," she said.

The organization can decide how often it wants reports generated, however: "If there are too many technologies, nothing's going to get done, unfortunately, because people don't have the big staffs they used to have," she said. "So that's a risk. If you have a lot of different consoles, people have to go in and view every day, and look for threats and attacks."

With the integrated suite approach, there is a single pane of glass and with "one throat to choke ... there could never be finger-pointing," Drolet said. Also, "everything's talking to each other. All the data should be correlated," so a company is notified of a potential breach or cyberattack.

"Target, for example, had every bell and whistle -- every monitoring tool -- but it gets so noisy you start ignoring stuff and nothing talks to each other," Drolet maintained. "So that's how that breach happened. All the information was there, but no one was looking at it. And the bad guys are getting badder."

Yet, a negative to the integrated security solution approach would be if a client only needs data leakage prevention technology, for example, and the integrated solution provides pieces of what the company needs. "So then, you have to go out and buy a best-of-breed solution, because you have a risk you have to take care of and the integrated solution can't do it for you," Drolet said.

But Pinhasi believes "one giant system is not practical because ... cybersecurity evolves on a daily basis, and I truly don't believe you can have one system that will handle everything from A to Z and do the right job."

How to pick products

The best-of-breed approach has led to a proliferation of vendors, creating a challenge when it comes to deciding how to select one for a client's needs. Towerwall creates a requirements document so the company can understand what is really important to the client, what their risk tolerance is, what the actual problem is they're trying to solve and whether it will be solved by technology or process.

"Sometimes it's not about technology," Drolet noted. "I think as VARs [value-added resellers] or as consultants, we need to help our customers understand the threat landscape and help them figure out what their risk tolerance is, because that changes the whole story. If they have high risk tolerance, there's different technologies for that. Then we have to talk about budget: Do you have a Chevy budget, but want a Cadillac?"

In the final analysis, it is better not to pick a "side" when it comes to best-of-breed products versus integrated suites, she said.

If a company tells its managed security services provider it wants to order 30 copies of McAfee's antivirus software, ask what is prompting this, since it requires a different discussion if they have already been hit with ransomware, Youngs advised. "At least have a conversation with them so they go in with eyes wide open, especially with security," he said. "There's a lot of bad guys out there and there's a lot of vectors of attack. Any VAR should be doing that."

"It depends on the customer and the problem and what they need," Drolet agreed. "It's about learning and listening to what the customer needs and what they're concerned about, and then you can decide. We just don't want to throw spaghetti against the wall."

Next Steps

Read about cybersecurity and other top channel trends for 2017

Learn how to avoid duplication within an integrated security tool set

Find out which security vendors are targeting the IT channel.

Dig Deeper on Best practices for cybersecurity management