• United States




Well-funded doesn’t mean well-secured

Mar 10, 20174 mins
CybercrimeInternet SecuritySecurity

3 tips to develop and implement an integrated, security technology strategy despite disparate business units with varying priorities

1 integrated workloads
Credit: Thinkstock

Three of my four children are of school-going age. When they arrive home in the afternoon, the youngest usually makes a dash for the games console, the middle one is tired to the point of being miserable, and the eldest announces herself loudly, wanting to share every detail from her day with anyone who will lend an ear. The only thing they all seem to have in common is that they are hungry and want dinner.

While I’m the type of parent who makes the children fish-finger sandwiches and declares them fed, my wife prefers to serve a lavish five-course meal. In the past, she would often customize meals to meet each child’s individual taste and preference. After a while, I had to put a stop to it.

“This isn’t a restaurant!” I declared one afternoon. “We can’t make three or four different meals every night. When I was young, I didn’t have a choice. I had to eat what I was given, or else sleep hungry!”

While cooking only one meal doesn’t make all the children happy all the time, no one goes hungry, and it tremendously simplifies both food shopping and dinner time.

IT security purchasing mistake

How does all of that relate to cybersecurity, you might ask? Well, unfortunately, we see many enterprises consistently fall into a similar trap as parents when it comes to their IT security purchasing strategies.

Each business unit, division and purchasing code is like a different child with unique preferences. One area demands host IDS, another wants net flow analysis, while yet another needs threat intelligence. It’s a jumble of requests, and in an attempt to appease everyone, companies can quickly find themselves layering tools upon tools in their environment with little or no integration. This creates not only an expensive situation, but also one in which discrete technologies operating in silos end up offering little security overall.

It’s not the case that companies lack the funds to purchase, install and run products that results in many breaches. Rather, it’s that they lack a well-defined and integrated security strategy. In other words, a well-funded organization does not necessarily equal a well-secured organization.

Security technologies operating in silos are destined to fail. Every product and tool generates its own sea of noise that over-burdened analysts need to sift through—making it easy for them to miss alerts. This approach also hinders the overall security management process because a disjointed environment makes it difficult to extract or apply any meaningful threat intelligence and makes it nearly impossible to gain full visibility or undertake any form of orchestration.

3 tips for an integrated, security technology strategy

Below are three tips that can help companies develop and implement an integrated, security technology strategy despite ever-present challenges, such as disparate business units with varying priorities.

1. Define security objectives

With so many security technologies to choose from, it’s easy to be swayed into making a purchase by a compelling feature and then find a problem for it to solve. But having a security strategy that covers fundamental needs will help define what objectives your company is trying to achieve.

Taking input from risk appetite and threat models, then combining all of this information can put purchases into perspective. If the technology you are considering doesn’t align with your security strategy, then it is not worth buying—no matter how dazzling its features sound.

2. Make use of security technology you have

By looking around and getting creative, you may be surprised at how much existing technology can be leveraged to meet previously defined objectives. Ripping out and throwing away an established technology can be a painful process. Instead, look for ways that existing technology can be integrated into a larger workflow. This can often be easier and cheaper than buying a new product.

3. Pre-integration is better than post

The latest and greatest point technology may be the best thing since sliced bread, but it comes with the hidden cost of having to integrate its data into your existing infrastructure. Buying from vendors that have integrated multiple capabilities into one balanced offering can result in faster deployment, easier operation and greater return on investment.

Having a plan and sticking to it by trying to gain more value from existing products, or choosing integrated products with a broad range of features, may not sound like a recipe that will keep every division and business unit completely happy all the time. However, just like a well-balanced meal provides all necessary nutrients, a strategic approach will help companies achieve comprehensive security that is sufficient for their needs and, more importantly, will keep the business protected.


Javvad Malik is an award-winning information security consultant, author, researcher, analyst, advocate, blogger and YouTuber. He currently serves as a security advocate at AlienVault.

An active blogger, event speaker and industry commentator, Javvad is known as one of the industry’s most prolific influencers, with a signature fresh and light-hearted perspective on security.

Prior to joining AlienVault, he was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning. Prior to that, Javvad served as an independent security consultant, with a career spanning 12+ years working for some of the largest companies across the financial and energy sectors.

Javvad is an author and co-author of several books, including The CISSP Companion Handbook: A Collection of Tales, Experiences and Straight Up Fabrications Fitted Into the 10 CISSP Domains of Information Security and The Cloud Security Rules: Technology is Your Friend. And Enemy. A Book About Ruling the Cloud. He’s also the founder of the Security B-Sides London conference and a co-founder of Host Unknown with Thom Langford and Andrew Agnés.

Javvad has earned several professional certifications over the course of his career, including Certified Information Security Systems Professional (CISSP) and GIAC Web Application Penetration Tester (GWAPT). He’s also won numerous awards in recent years for his blogging, including the "2015 Most Entertaining Blog" and the "2015 Best Security Video Blogger" recognitions at the European Security Blogger Awards.

The opinions expressed in this blog are those of Javvad Malik and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.