Make the invisible visible

Paul Davis says vendor consolidation has fragmented the approach to the evolving security threat landscape

Headline-grabbing data breaches at organisations such as Google, RSA, CitiBank, Sony, the IMF and others are testament to the fact that current defences are no match for the latest advanced, zero-day and targeted attacks.

It's reasonable to assume that many of the organisations spent a considerable amount on IT security products. They may well have deployed what many consider to be best-of-breed technologies. So what went wrong?

Many security technologies do what they do very well. However, contrary to what their marketing may state, they simply don't address the latest rapidly evolving threats.

Advanced and targeted threats bypass both signature- and heuristics-based technologies, so a new approach is required.

The consolidation of the vendor security space over the last few years suggests the market has become more integrated. But many of the technologies continue to operate autonomously in all but an organisation's marketing department.
Consolidation often takes place to the detriment of innovation. Many interesting technologies have withered on the vine after being acquired. And sometimes, the sum of all pieces is less than the value of the individual parts.

Security partners have been marginalised as vendors position themselves as one-stop shops. But the one-stop shop is a concept that is far removed from reality. We're at a watershed moment within the security industry, as the threats have evolved beyond traditional defences.

Because the more recent types of threats are effective, they are also multiplying rapidly.

And new approaches have been developed by lesser-known vendors to address such threats, but technologies from lesser-known vendors depend even more on the channel.

So those who understand how the threat landscape has evolved and grasp the emerging technologies can take on the resultant integration and consultancy opportunities.

I suggest that customers are looking for more visibility of what is coming into their networks, outbound beacons and potential data "exfiltration". Because without real visibility, it's difficult to have a rational, informed discussion about risk management and risk mitigation.

Of course, they are also looking for technologies that address next-generation threats, and they wish to integrate and enhance their existing security ecosystems.

Talk to customers. There is growing frustration and concern among businesses about these threats.

Many of the threats aren't very advanced but can easily penetrate legacy defences. Targeted threats of an individual or company are a very real concern. How do you stop something you know little about? And how do you find that proverbial needle in the haystack?

Paul Davis is European operations director at FireEye