For managed services providers (MSPs) and managed security services providers (MSSPs), adding or improving security tools in your stack is time-consuming and often challenging. The evaluation process can be overwhelming, and the final decision has a long-lasting impact. The choice is more difficult now than ever before, having to decide on the thousands of security tools in the marketplace offered by a myriad of vendors. Some find themselves feeling paralysis by analysis! If you have found yourself in that state of mind, I am here to tell you there is a way to simplify the process of evaluating emerging security technologies so you can always be confident in your final decision.
Security Fundamentals are Key:
While security technologies and threats are constantly evolving, the fundamentals of security rarely do. Evaluating emerging security technology from a fundamental perspective helps you standardize the process and make it replicable. Rinse and repeat. And keep it simple.
The fundamentals of security are:
- A security framework of layered defenses
- Continuously reducing cyber risk
- Enhancing technology with human expertise and management
A security framework of layered defenses like the CIS 20 Critical Controls might shift priorities periodically based on the evolving landscape of threats, but the overall 20 critical controls will not change. Twenty critical controls are much easier to manage and map than complicated compliance frameworks such as NIST. Installing a security framework makes it easier to identify gaps in your layers of defense and understand exactly how a new technology fits in the space. By taking the first step of establishing a security framework, you have a roadmap in place for evaluating new security technology to fill the gaps in your layered defenses. That leads me to the next point.
Cybersecurity is all about managing and reducing risk. There is no silver bullet. You will never find one. Investing in a new tool that marginally reduces your risk is a waste of money compared to the technology that will significantly reduce it. To understand your risk, you must understand what layers of defenses you have and their varying degree of strengths or weaknesses. As the industry innovates, security tools are simultaneously becoming more diverse, niched, and unified. The more tools and defenses you add to your stack, the more likely there will be overlap. Overlap is not necessarily a bad thing. Several different technologies will complement and improve a particular layer of defense. For example, your antivirus and email security might both have malware sandboxing, which is good. They complement each other in the prevention layers of defense. An example of a negative overlap is when you have too many tools that can become averse to managing security posture. Venn Diagrams are a great way to analyze and see this excessive and unproductive overlap. The diagrams can also show you the gaps where a niche tool would be a good investment. The other key to “knowing thyself” is evaluating the human bandwidth required to manage the security tools in your stack and any new tech you are assessing. “Shelfware” is when you invest in a product that requires more human bandwidth than you have available and ends up providing little to no value. This concept has been a major issue in the security realm for a while. Artificial Intelligence (AI) and Machine Learning (ML) can reduce the required bandwidth but will not eliminate it entirely. Using Venn diagrams helps visualize where there is excessive overlap and where you can free up more bandwidth to manage the new technology , which fills those gaps you have identified. Consider a Proof of Concept (POC) or deploy a Not for Resale (NFR) license internally if you already know there is little human bandwidth to spare before investing in new technologies.
Some other quick tips and tricks for evaluating emerging security technologies:
- Deep Learning: AI/ML is useful but dig into what it does and the value it brings.
- Automation/SOAR (Security Orchestration and Automated Response): Be sure there is as much interoperability as possible to streamline response and reduce Mean Time to Detection and Mean Time to Response.
- Analysis of historical data and benchmarking is critical to reducing time-consuming false positives.
- Understand reporting capabilities and what value it can deliver – get sample reports and make sure they meet your needs.
- NFR! You should deploy every tool internally that you sell. Drink your own champagne and treat yourself like your best customer.
- Research the product/vendor’s reputation in the channel: long-lasting and mutually beneficial partnerships will make your life easier.
- Cost is important but remember, you get what you pay for, especially in cybersecurity. What is the point in paying for security technology just to have something in place that does little to reduce risk?
There will always be new security technologies emerging that you should consider. However, having a security framework makes the process easier and repeatable if you want to deliver the maximum value. Know the layers of defense where the risk is tolerable or not, consolidate where there is a large overlap, and understand which gaps the new technology will fill. If it does not reduce cyber risk, it is not a good investment, even if it seems cool! While you do not have to overspend, be wary if the price tag seems too good to be true. Remember, most of all; the tool is only as valuable as the engineer who knows how to manage it and has the time.
Travis Ray is known to MSPs as a cybercrime fighter! He is currently the director of channel sales at Overwatch by High Wire Networks. He has spoken on several cybersecurity panels for IoTSSA and is passionate about educating MSPs and MSSPs about mitigating cyber risks. He is happy to delve deeper into best practices on emerging security technologies.
Travis Ray, Director of Channel Sales, High Wire Networks, firstname.lastname@example.org