By Roark Pollock

Dropping Advanced Endpoint Products into Existing Security Architectures

Security practitioners are by nature a cautious bunch. Cautiousness is a trait most folks likely have coming into this industry given its mission, but it’s also surely a trait that is learned over time. Ironically this is true even when it comes to adding additional security controls into an existing security architecture. While one might assume that more security is better security, experience teaches us that’s not always the case. There are actually numerous concerns associated with deploying a new security product. One that almost always shows up near the top of the list is how well a new product integrates with other incumbent products.

Integration concerns come in several flavors. First and foremost, a new security control shouldn’t break anything. But additionally, new security products need to gracefully share threat intelligence and act on threat intelligence collected across an organization’s entire security infrastructure. In other words, the new security tools should work together with the existing ecosystem of tools in place such that “1 + 1 = 3”. The last thing that most IT and security operations teams need is more siloed products / tools.

At Ziften, this is why we’ve always been focused on building and delivering a completely open visibility architecture. We believe that any new systems and security operations tools need to be created with enhanced visibility and information sharing as key design requirements. But this isn’t a one-way street. Creating simple integrations requires technology partnerships between industry vendors. We consider it our responsibility to work with other technology companies to mutually integrate our products, thus making it easy on customers. Unfortunately, many still think that integration of security products, especially new endpoint security products is extremely difficult. I hear the concern all the time in customer discussions. But data is now appearing showing this isn’t necessarily the case.

Recent survey work by NSS Labs on “advanced endpoint” products, they report that Global 2000 customers based in North America have been pleasantly surprised with how well these types of products integrate into their existing security architectures. According to the NSS research titled “Advanced Endpoint Protection – Market Analysis and Survey Results CY2016”, which NSS subsequently presented in the BrightTalk webinar below, respondents that had already deployed advanced endpoint products were much more positive regarding their ability to integrate into existing security architectures than were respondents that were still in the planning stages of purchasing these products.

NSS Labs webinar:
“Advanced Endpoint Protection – Market Analysis and Survey Results CY2016”
https://www.brighttalk.com/webcast/13469/248253/advanced-endpoint-protection-aep-market-analysis-and-survey-results-cy2016

Specifically, for respondents that have already deployed advanced endpoint products: they rate integration with existing security architectures as follows:

Excellent 5.3 %
Good 50.0 %
Average 31.6 %
Poor 13.2 %
(Terrible) 0.0 %

Compare that to the more conservative responses from folks still in the planning phase:

Excellent 0.0 %
Good 39.3 %
Average 42.9 %
Poor 14.3 %
(Terrible) 3.6 %

These responses are encouraging. Yes, as noted, security folks tend to be pessimists, but in spite of low expectations respondents are reporting positive results with respect to integration experiences. In fact, Ziften customers typically exhibit the same initial low expectations when we first discuss integrating Ziften products into their existing ecosystem of products. But in the end, customers are wowed by how easy it is to share information between Ziften products and their existing infrastructure.

These survey results will hopefully help alleviate concerns as newer product adopters may read and rely on peer recommendations before making purchase decisions. Early mainstream adopters are clearly having success deploying these products and that will hopefully help to lessen the natural cautiousness of the true mainstream.

Certainly, there is significant differentiation between products in the space, and organizations should continue to perform proper due diligence in understanding how and where products integrate into their broader security architectures. But, the good news is that there are solutions not only meeting the needs of customers, but actually out performing their initial expectations.

Get the General Here