Extending cybersecurity’s efficacy with integrated response
It’s quite true that cybersecurity news is almost always bad news. It is almost always about bad guys successfully pulling off huge data breaches, and very seldom about how a business is fighting them off and winning. There are a few reasons why.
For one, businesses usually keep their cybersecurity efforts under wraps for competitive and security advantage. Also, it HAS become exponentially harder to deal with cyberthreats, during this day and age.
According to McAfee Malaysia’s Solution Architect, Jason Siew, back in 2005, security had an average of 25 new malwares to deal with daily. In 2016, that number is now close to 500,000.
In an unexpected turn of events however, 2017’s cybersecurity focus is upon the one single malware and how so much more sophistication goes into a malware so that it can target its victims and create more chaos than ever before.
Siew who was presenting to IT decision makers during an overseas cybersecurity conference, said that all of these – complexity of cyber threats and erosion of IT control, thanks to mobile and cloud – as well as time and people constraints, have created a perfect storm for security.
It highlights the need for an efficient security framework, and a defense architecture that is unified, finally.
Because organisations should focus upon innovation, operations and growing with confidence, instead of worrying about where, how and what cyberthreat is around the corner.
It isn’t that there are not enough cybersecurity solutions.
Siew presented Frost & Sullivan research that revealed security technology sprawl comes with negative implications – 62-percent of respondents felt that it reduces the security posture overall, 64-percent revealed that it causes an excessive training burden, and 53-percent have to develop their own technologies to integrate everything together.
Siew pointed out that there is tendency for new technology to emerge, to deal with a new cybersecurity problem. “So, the initial countermeasure is good, but its effect diminishes over time, so it looks like we are always at the losing end, despite deploying (the latest solution).
He also brought up one of the standard and common industry procedures which is testing and doing proof-of-concepts with cybersecurity solutions, before actually deploying them. “But after a year or two, efficacy (of the solution) drops.
“’So, how about doing immediate deployments?’ you may ask. Things don’t really work this way either.”
Instead, McAfee believes that to extend the efficacy of security products, organisations should take the integrated platform approach.
Integrated versus Best-of-Breed
According to Siew, the integrated platform approach is the best way to go. “Whenever there is new technology out there, there is one common platform, so deployment is seamless and ROI is more, as a result.”
A Penn Schoen Berland study in 2016 also showed that there are better outcomes with integrated platforms – better protection, faster response and less loss of sleep at nights.
McAfee’s Integrated Platform proposition, or the Data Exchange Layer (DXL), is a communications protocol based on a single fabric. Its main purpose is to share threat intelligence across all security products which are connected, simultaneously.
Earlier iterations of DXL were created to connect McAfee products; gateways, endpoints, mobile, intrusion prevention systems, analytics and more. This has evolved recently into an initiative called OpenDXL, that enables integration with security products from other vendors besides McAfee.
Partnerships for tech and business
According to McAfee’s APAC CTO, Ian Yip, OpenDXL is also an evolution of their Security Innovation Alliance (SIA), an ecosystem of security vendors, that now can natively integrate into McAfee’s DXL architecture.
The result is almost real-time sharing of threat intelligence by security products in an environment, and more efficient coordination to protect it.
To support this, OpenDXL.com is the open source community portal that facilitates openness and collaboration on the DXL fabric.
But collaborations are not happening on just the technology front.
Partnerships also have to be formed, business-wise, and McAfee’s channel ecosystem sees them go-to-market with partners that are skilled to help customers build out security architectures for continuous protection, continuous monitoring, as well as empower security teams to quickly respond to incidents.
In other words, collaboration between McAfee and their technology partners and channel ecosystem, is the critical enabler for a unified security architecture like McAfee’s to actually work.
McAfee’s Southeast Asia Managing Director, Craig Nielsen said, “One of the unique features of our partnership model are the number of integrations with third-party products that we provide through our SIA program.
“That means that our partners can deliver multi-vendor solutions to customers, and we take care of the integrations for them.”
In Malaysia, only two partners have earned the title of Services Delivery Specialisation Partner, an award given to partners who show excellent capability in selling, implementing and configuring McAfee’s complex solutions.
One of them, Firmus, is also a McAfee Platinum partner, that recently organised a CIO cybersecurity conference overseas, with participation from around 40 IT heads and decision-makers.
Firmus Vice President, Eric Yeow, commented about the near-a-decade partnership, “The McAfee business with Firmus has been experiencing healthy double digit growth year-on-year and is reflective of the close working relationship we enjoy with the McAfee team.”
He added that the partnership continues to make inroads, with new customer acquisitions and existing customers tending to grow their McAfee footprint, due to the vendor’s integrated security response strategy.