Harish Chib, Vice President Middle East and Africa, Sophos, explains how channel partners can play a critical role in easing security pains for CSOs and help achieve synchronised security.
The IT security and protection environment for end-users has become progressively complex. Industry researches and surveys increasingly indicate that Chief Security Officers (CSOs) are seeing reduced returns in their security environments due to the growing complexity of solutions.
In a recent statement, Joe Levy, Chief Technology Officer at Sophos, points out there is no such thing as perfect prevention. “Conventional wisdom in information assurance tells us to assemble best of breed network and endpoint components into arrays of controls that will provide some reasonable measure of defence in depth. While the practice is correct in its ingredients, the recipe is lacking.”
In other words, end-users are forced to adapt deployed security solutions to deliver the results they desire. And if they do not, they pay a price every day in terms of missed cues that might have led to attack prevention, response delays due to lack of information, or too much information leading to IT departments getting overwhelmed.
This is an opportunity for the security vendor and channel partners to enter end-user security environments with solutions whose components talk to each other and help reduce the complexity of security management. Network firewalls that talk to endpoints and endpoints that alert firewalls when they are compromised, is an example. An integrated approach of security components talking, sharing and working with each other is the need of the hour.
Channel partners need to recognise that some of the biggest challenges CSOs are facing are connecting the dots between isolated events and alerts. Incident reporting and tracking is in terms of IP address, DNS records, IP address database, and correlation of network traffic. This is a time consuming analysis especially when the intrusion or the source may no longer exist. On the other hand, the cost and complexity of implementing additional layers of security technology to protect the gaps and make the security shell fool-proof can be overwhelming – multiple endpoint agents, management consoles, and security vendors to manage.
Vendor channel partners may also find performance of their security solutions curtailed by lack of funds and lack of available skilled manpower with end-users. Currently end-users are realising that while everyone wants an end-to-end security solution that functions effectively, not everyone can afford to own or invest sufficiently to operate one.
A synchronised security solution can help Chief Security Officers by automating the process of connecting the dots inside an end-user’s security environment. What is usually prolonged hours or days of analysis to unravel in terms of network events can become an automated response in a matter of seconds, allowing designated responders to focus on the nature of the threat, resolving, blocking, and remediating the threat, instead of spending limited, costly and time bound resources on identifying the nature and source of the threat.
A synchronised security solution is a radically different approach that enables endpoints and network components to directly share security related information improving protection and leading to faster and better decision making. For example, the approach used by Sophos is a secure communication channel between the endpoints and network controls called Sophos Security Heartbeat. As the technology for synchronised security solutions progresses, it will expand to include other control points that till now have been regarded as too discrete. These may soon include encryption and protection for endpoints, mobile devices, cloud gateways, sandboxes, into an interconnected, synchronised security solution.
Security channel partners must look for such guidance from their vendors: do they have a synchronised security solution; what is the certification road map for them to become certified large scale integration partners; what is the road map of the vendor’s synchronised solution; does it include mobile devices, cloud, encryption, firewalls, gateways, DNS, network components; and other aspects to build longer term confidence in their vendor partnership.
Synchronised security is the new solution mantra that channel partners need to leverage that gets network security components to talk to each other and manage network threats in a rapid and predictable manner.
The journey into end-to-end security solutions for partners has just begun.