SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Is it wise to put all your security solutions in one cyber basket?
Wed, 25th Oct 2023

Offering the best-of-the-best cyber security solutions from multiple vendors may seem like a good strategy. But is it the right move for all your customers?

After all, what could possibly go wrong when a customer has their network secured by a range of vendor products, resulting in multiple firewalls and differing vendor approaches to routing, switching, load balancing and Wi-Fi?

With so many vendors having different perspectives on the standards defined by the RFC, the challenge is to design these devices to ensure there is interoperability between them. At this point, you may be asking what’s an RFC and what does it have to do with this topic?

A quick run-down on RFCs
Not to be confused with Remote Function Call, an interface used in SAP communications, a Request for Comments (RFC) in this context is a formal document produced by the Internet Engineering Task Force – aka IETF.

IETF is a significant international community of researchers, vendors, operators and network designers concerned about how the Internet operates and evolves. They produce RFC documents containing technical specifications and organisational notes on various subjects related to the Internet and computer networking.

These technical specifications are adopted and implemented – voluntarily - by software developers, hardware manufacturers, and network operators worldwide. These invaluable documents are freely available online.

While RFCs are an important way for the industry to standardise how products work and apply best practices, the word to note in all this is ‘voluntarily.’ There’s also the problem of how individual vendors interpret the RFC and develop their products, as this varies depending on their initial mindset and design approach.

In short, there are no guarantees that different vendor products on the same network will work seamlessly together or even talk to one another when there’s a problem.

Knowledge is always power
While a vendor may offer 100% threat mitigation - which we all know isn’t possible, most users cannot validate that claim and are often short on real-world product knowledge (also known as experience). And many of our partners are in the same boat.

That’s why we suggest our partners and their customers join our partner enablement programme or attend our vendor workshops. Here, we share in-depth knowledge of the technology that’s been deployed - based on the vendor’s interpretation of the RFC. So, we train people just as if they are working in a live environment, guide them through potential issues, and demonstrate how one device might impact another. It’s worth noting that the most common feedback we get from our training is that vendor technologies don’t always work in real-life environments as expected.

Obviously, to be effective, this strategy depends on us fully understanding how each product works and training others to use it correctly – and in context to the products sitting alongside. We also leverage our trainers’ wide range of certifications and real-world experience in design and integration in enterprise and complex network environments to present a more complete picture where possible. Which is great. But does it really solve the problem where multiple vendor products are utilised in the same environment and must work together?

No, it doesn’t. But it can help.

So, should you encourage customers to adopt a multi-vendor environment?

No – and yes.

A typical multi-vendor environment has a range of devices, all with the different features needed to support the security needs of the network. However, a common issue for your customers is that when there’s an outage or a breach, it’s difficult to troubleshoot the problem because the products are not easily visible or accessible to one another. As each vendor has their own interpretation of the applicable RFC, there’s often a totally different syntax between the devices from one vendor and
the next.

To overcome this, you end up with a few options. First, as you add more vendors to the network, you – or your customer – need to employ more network engineers with the vendor-specific skill sets and certifications required to solve those issues. And where you can’t hire internal resources, accept the cost of leaning on your distributor or the vendor for help or support.

Alternatively, and more sensibly, in my opinion, is investing in an ongoing learning environment (and encouraging cross-training) for your existing security and network engineers to reduce the need for and cost of yet more staff.

Or, if the time is right for a complete network refresh, then encourage customers to purchase and deploy all their network security products from one vendor. So, if there’s an outage or a breach, they or you can quickly identify where the issue has occurred because all the devices are aligned. This means that problems are solved more quickly, and you or they only need network and security engineers trained to support that vendor’s products – which controls costs.

Going with a single vendor (if they offer the right functionality at the right price) will usually reduce the number of engineers needed to support the network, speed up troubleshooting, and improve performance, as the products are designed to work together seamlessly.

However, after years of working with significant and well-established customer networks, we recognise that it’s a rare opportunity to start from scratch, especially in the public and enterprise sectors.

But it’s quite a different proposition for a small or start-up organisation.

Size matters
Most small businesses can’t afford and don’t necessarily want a big team of network and security engineers. While deploying a single vendor’s products across the network may seem like the ideal answer to simplifying managing your smaller customers’ network environment and controlling costs, it does come with some caveats.

Namely: Not all products are created equal.

So, while a commitment to an entire ‘affordable’ security product range from one vendor may offer initial savings and only require a small team, keeping the lights to maintain it and ensuring robust security may be a different matter. As with anything in this life, with technology, you usually get what you pay for. Basically (with a few exceptions), if your customer wants a more secure network, they need more budget.

But the good news is that some of the vendors at the top of their game are developing their technologies so that they can be deployed on any network - whether enterprise, medium, or small – without breaking the bank or increasing risk. You just need to know which ones to invest in.

My topic takeaways:
Cost and performance are the two prime considerations for most organisations. And as their partner, you are there to help deliver both.

Getting the right advice now about the best vendor devices to help your customers simplify, support and secure their networks can significantly affect network performance, long-term budget, and your reputation.