It's an old dilemma in IT: do you choose a single integrated solution or a set of separate tools that you make work together? Do you go for 'best of breed', where you know you are buying the very best possible solution for every challenge? Or do you go for 'best of class' with a broad suite of products that covers an entire domain, for example cybersecurity. Based on recent evolutions in the market, I would recommend a platform or ecosystem from a single vendor, for example Cisco or Fortinet. Let's take a look at what the benefits are.
Less specialized skills needed
When you use hard- and software from different vendors, you need specialists for all those different brands, who know the solutions inside out. That means you have to re-train them constantly and give them time to follow up on all the developments at those vendors. If you are in an environment where you have easy access to many specialists, that is not a problem. I can imagine that schools that involve IT students opt for best-of-breed, so that they can give their students the opportunity to acquire knowledge of everything. Unfortunately, in the IT departments of companies, specialists are usually less plentiful. And more expensive.
Less vendor management and administration
The more suppliers you have, the more time you must invest in maintaining the relationship with all those partners. In addition, you will have to do more administration to track all the orders and invoices. Each supplier has its own renewal cycle. If you go with a single vendor, you can standardize the follow-up much more and you will significantly simplify your administration. If you opt for six or seven vendors, then these efforts increase linearly.
Better correlation of alerts
The number of security threats is increasing rapidly. An integrated platform will be able to make better analyses and include more context in the decision whether action should be taken or not. By letting the technology do its work in an integrated way, you exclude a lot of human errors and misinterpretations. That optimal collaboration between tools is necessary, is also backed up by analysts at Gartner. They specifically talk about a ‛Cybersecurity Mesh Architecture’, an architecture within which IT departments must integrate their security tools in order to be able to deal with all the new threats. Those who build such a 'mesh' could significantly reduce costs after a breach, says Gartner.
Platforms and ecosystems cover most needs
The Cisco and Fortinet portfolios cover the needs of 90% of Belgian organizations. Only in very specific environments is there sometimes a need for additional solutions that are not part of the ecosystems of these vendors. Think, for example, of companies in heavily regulated markets or in OT environments. In such cases, there may be a need for specific point solutions, which are usually easy to integrate into an ecosystem.
APIs for integration
No company benefits from vendor lock-in, and several vendors have really learned their lesson. That's why companies like Cisco and Fortinet work with an ecosystem of solutions rather than a closed platform. In such an ecosystem, there is always room for third-party products in addition to their own solutions. Often these integrations are already fully prepared and proof-tested in advance. In addition, ecosystem vendors also offer application programming interfaces (APIs) that make it easy for other vendors to connect their products. The Fortinet Security Fabric, for example, offers APIs for system management, cloud, SDN orchestration, SIEM, endpoint and IoT integration... Cisco, on the other hand, has the SecureX platform that integrates various applications and provides a single management console.
Platforms are becoming more complete
Companies like Cisco and Fortinet spend gigantic sums on research and development. According to Statista, Fortinet invested more than $400 million on R&D in 2021, Cisco nearly seven billion. That means they are constantly improving their platforms, either through their own developments or through the acquisition of startups that add valuable technology.
Less risk, lower price
Needing less expertise and keeping less administration provides companies with serious savings. In addition, better security lowers an organization's risk profile. This also has a financial side, as it allows you to avoid costs for fines or ransomware if you are hit by a ransomware attack.
What role is there still for a systems integrator like Simac, if a cybersecurity ecosystem is already integrated? Well, we are still needed, for example, when advising which platform fits best in your environment. We assess your current implementation, propose a migration path and compare the added value of the various options. We ensure that the chosen solution fits seamlessly into your existing environment. Moreover, we can provide the experts who are specialized in the management of these platforms. They can perfectly assess which alerts require follow-up, and take action immediately. Finding the right people with the right expertise is no easy task, as I discussed in my previous blog. By working together with an integrator such as Simac, an organization ensures itself of up-to-date expertise, so that the organization itself can focus on its core business.
Fons Quidousse is technical cybersecurity & network consultant at Simac ICT Belgium. He helps his colleagues and clients to find the best possible solutions for challenges concerning networks and security. Fons has been working at Simac since October 2020.Contact us