One of the key takeaways I had coming out of RSA 2020 is that security must shift away from the traditional point product approach to a fabric architecture. At the event, I interviewed a CISO that had a strong opinion that \u201cthe current approach with security is not working, has not worked and will not ever work\u201d and I whole heartedly agree with that.Despite spending billions on cybersecurity, security teams are falling behind because protecting the organization is an asymmetric challenge.\u00a0 Security professionals need to protect an increasingly larger number of entry points while the bad guys just have to find one way in.\u00a0 Every mobile phone, cloud application, branch office and remote employee is an entry point.The growth of the internet of things (IoT) makes this problem exponentially more difficult.\u00a0When I talk to organizations about their digital transformation plans, much of it is based on IoT without the term \u201cIoT\u201d being used.\u00a0 I recently got a tour of a new soccer stadium in Totteham, UK where everything is connected \u2014 fan kiosks, point of sale devices, digital signs and more.\u00a0 Not once did the IT director giving the tour call it IoT; there\u2019s an expectation now that everything will be connected.IoT may sound futuristic, and, indeed, many people see it that way, but it has already arrived. And the influx of IoT devices takes the growth of asymmetry from linear to exponential, placing an urgency on trying to reverse this curve.Towards best-in-class protectionTraditional security architectures are based on perceived best of breed point products located at specific points in the IT environment. Network edge, branch office, cloud edge, endpoint, campus edge, wireless, and so on. There are a couple of problems with this approach. The first is that one might buy a \u201cbest of breed\u201d product at a certain moment in time, but no vendor can be best of breed continually.\u00a0 Technology cycles ebb and flow and so does product leadership. The second, and bigger problem, is this model isolates data and makes analysis of the information, problem resolution and remediation a challenge.Consider endpoint detection and response (EDR).\u00a0 Almost all of these tools are effective at detection, meaning they can see when there is something funky going on with the endpoint.\u00a0 However, most EDR tools are poor at response. Typically, an endpoint is breached because of something further back in the transmission path, such as a network or cloud breach; EDR solutions don\u2019t see this so they can\u2019t fix them.A security fabric is different in that it encompasses the end-to-end environment. Think of it as a single security entity composed of disparate components.\u00a0 The data from the entire fabric can be aggregated together and, with the use of artificial intelligence (AI), insights can be gained as to when a breach occurred, where it emanated from, and how to fix it.\u00a0 In the scenario above, endpoint software could find the breach, and the analysis of the data could locate the source, providing immediate response information.From nice-to-have to must-haveMany breaches today result in threats that are \u201clow and slow\u201d meaning they hide beneath much of the security infrastructure and slowly make their way around the business gathering information before data exfiltration is executed. Most point products can\u2019t see these threats because they hide in the gaps between them. Analysis of security fabric information can reveal even the smallest of anomalies that could indicate a breach.\u00a0 For example, if an IoT endpoint is breached, malware on it might be used to map out the network.\u00a0 Most IoT devices access the same services every day, but if one day it pings the accounting servers, even just for a short time, the fabric will see that, and those servers can be quarantined.\u00a0 This can significantly shorten the time to find a breach.With IoT the concept of a fabric moves from a nice to have to a must have as most IoT devices have no inherent security capabilities or even a robust operating system, so there\u2019s no ability to run endpoint software. Instead, the fabric must monitor traffic, understand the baseline, and then report anything outside of that.\u00a0 The anomaly might not be a sign of trouble, but it\u2019s certainly worth the time to investigate.What to look for in a security fabricAs companies move forward with IoT, they should plan to adopt a security fabric along with it. \u00a0Here are some things to look for:Broad protection and visibility. The fabric needs to see every network segment, device, appliance whether virtual, cloud or on-premises.\u00a0 A single vendor likely won\u2019t have all the components, but they should have the three pillars of endpoint, network and cloud and then leverage third-party relationships to add to the fabric.Automatically synchronize security resources to enforce policies. I understand the thought of automation scares the pants off many security pros, but the reality is that people can\u2019t work fast enough to keep up with hackers today. Automation minimizes risk and should be considered the security pro's best friend.Coordination of automated responses to threats detected anywhere in the network. Responding to a threat will likely require multiple actions to be taken and the fabric can orchestrate these to occur simultaneously to avoid leaving gaps.A single console to manage all of the security solutions. One of the challenges of best of breed is too many consoles leading to manual correlation of data. The security fabric vendors need to provide an interface to manage the end to end environment at once.The world is changing quickly.\u00a0 The cloud, mobility, COVID-19-related work from home, and the IoT is putting new pressures on an old, outdated security model.\u00a0A CISO from a large bank told me she had this epiphany: One doesn\u2019t need best of breed everywhere to have best in class security.\u00a0 In fact, trying to deploy point products often leads to subpar security as keeping policies and rules up to date across vendors can be a challenge.It\u2019s time to rethink security and embrace the concept of a fabric and let AI do the things that people can no longer do because of the speed of response and volume of data.