Why should I not choose the best security product?

Share this post:

Well maybe you should buy the best of breed, there are many things to consider before jumping to the conclusion that it has to be the best product, next factor could be price should I get the most expensive or the cheapest solution? Or as we see too often the solution where I can have most impact and become the engineer due to the reason that no product fits my needs. Of couse, there is the last option that no one builds a better product than myself, therefore I will develop my own products. But price and best of breed is often the preferred choice, when choosing a product.

All the above reasons for buying will have to be taken into consideration but in today’s security world there is one thing that is above all and that is interoperability  – how do your different products work together and why is that?

The average large company has more than +80 security solutions from up to 40 different vendors. Often each vendor has a unique way of delivering value and if you read the product description it is hard to find any vendor that talks about how his product fits in to the greater security solution. It is often about reputation and features and functions.

IBM have developed a great way of thinking Security. It is called the Immune system. How does it work? First, we need to acknowledge what is the most important thing when we choose a solution and there is not only one! But should I choose one, it would be to be able to get central access to data and to correlate this information in an automated way so we can get a united picture of the threat situation.

Figure 1 IBM Immune system

Figure 1. gives you a great insight to the IBM Immune system, how the connectivity between the different disciplines are working together, how data can be monitored in its own environment but still become part of a great network of security information that will give you the following:

Automatization: with IBM security, analytic capabilities it will make it much easier to handle the enormous amount of data that your security systems are generating and you will be able to generate a risk picture more quickly and if attacked respond.

Safer environment: no hacker will think in one opportunity, he will look for multi opportunities and therefore not always attack either the server or the app or the network but maybe all at once, so when getting attacked you need to be able to see a hole in your environment and before the attack know your risk level. Point solutions do not give you that risk level in a corporate view. With the Immune system, you have to break down silos and by doing this you will automatically get a safer environment.

Respond: As we all know, there are three levels of  security status, you have just been attacked, you don’t know that you have been attacked or you will be attacked very soon. Therefore, it is not enough to monitor, you need to be able to react/respond and time now becomes an issue. You need information at your finger tips, you cannot wait for the endpoint guy to arrive, so here your Immune system brings value, in your SOC (security operation center) or computer department. You need to get a fast view of your whole environment, what has been attacked, what has been patched, who had access, what has been changed, are there any sleeping parts of the attack left that could wake up and attack again. So responding becomes at least as important as detect, because this is what brings your business back again. A very skilled customer once asked if we believe in this immune system ? do we think that we could ever build such a thing so complex world of computing? And it was clear he did not believe in the story of the Immune system, he believed it was a marketing stunt.But after a couple of hours of walking through his legacy solutions and his new investment plans we agreed that, uou will not get a Immune system if you don’t put it in to your strategy, you need to look at you current security product investments, since there will be products that were best of breed 3 years ago but today they might create a false feeling of being secure and these need to be replaced. Some of your solutions work with the new immune system and it would be possible to integrate those. So we ended up agreeing that he could continue the defragmented approached and, for sure, not get to a world of optimal security or you could start your path to a more secure world by adapting the immune system.

So with IBM’s expertise in integration enables full collaboration across third-party vendors, technology providers and IBM Business Partners to enhance security while lowering costs and complexity. Backed by analytics, real-time defenses and proven experts, the IBM Security immune system provides a fully integrated approach that allows solutions to grow, adapt and work together within your infrastructure to improve effectiveness. The result: intelligence, visibility and actionable insights across your entire environment. So the effective conclusion is  not always the best of breed, not always the cheapest, not always the most flexible, but the one that holds all three but at the same time integrates into an Immune system for optimal security.

So how do I get started? call your local IBM partner or a IBM security seller and we will gladly look at your environment and see how we can get you closer to an Immune system that keeps your business strong.

Click here to learn more about how the IBM Security immune system is a fully integrated approach that allows its components to work together to improve their effectiveness or click here to watch a video about IBM Security Operations and Response.

If you have any questions do not hesitate to contact me at NBA@dk.ibm.com.