Hello and welcome to the ICM Blog.
Lots of interesting cyber defense news as of late, but I wanted to take a moment to give you my thoughts on the debate over prioritizing consolidation of cyber defense tool sets versus keeping tiered tool sets in place to provide a more comprehensive defense. We will call this discussion Consolidation versus Efficacy.
Why do we need efficacy in our defense or controls? Simply put the goal of all cyber defense organizations is to eliminate the bad while freeing the good. This ensures the enterprise is operating efficiently while reducing risk through threat elimination.
The focus on consolidation efforts is slightly more complex. Some reasons to consolidate include:
Reduction of cost
Simplification of infrastructure
Ease of Employee Education
Integrated defense for advanced persistent, wide vector attacks
Ease of operational workflow
The reality of most of the available tool sets today is that you can have consolidation or efficacy, with roadmaps providing the promise of both in the near future. So which path do you follow?
The answer is a decidedly complex one that involves many factors. Ultimately, I will advise you to engage with ICM Cyber to conduct a workshop to scorecard your specific needs and goals. This will help you balance the equation to meet your organization’s required outcomes and succeed.
However, let’s look at a use case where a client is deciding whether to consolidate web filtering services onto a next-generation firewall. It seems like a good idea. We 1) consolidate infrastructure 2) lower operating costs 3) unify management experience. All gains.
But did we consider efficacy? By consolidating on to a unified device we have given up granularity of controls, depth of visibility, and pure “detect and kill” rate (and before the Firewall people attack me go out and pull industry analyst data over the last 10 years, the metrics are clear). Consolidation and its gains have cost you in your ability to defend the organization. So, is consolidation the right move?
Depends. Did you move from 97% efficacy to 10%? Or did you move from 97% efficacy to 89%? Do you have other tool sets that can make up for these losses, say a next-generation endpoint or remote browser isolation tool? How strong is your Patch Management Program? What is your industry’s visibility to threat actors? What is your tolerance for an exposure or breach?
In the end I am a firm believer in simple infrastructure and focused programs, integrated platforms, and those setting your defense on layered areas of focus (i.e. content security platforms versus network security platforms versus endpoint defense platforms) and the Cost of Ownership and Operation gains these models provide. But never at the cost of efficacy.
Find your balance. We are, of course, here to help.
Mark Mahovlich Vice President of Strategy & Execution