Secured integration to the future

Secured integration to the future

The Necessity of a Multivendor Approach in Choosing Cybersecurity Solutions

Майстер-клас: секрети випікання найсмачніших млинців!

23.07.2024

The recent incident involving CrowdStrike marks the largest IT failure in history, impacting over 8.5 million Windows-based computers. This outage triggered the blue screen of death (BSOD), disrupting numerous sectors including banking, stock exchanges, restaurants, aviation, and more. Although not resulting from a cyberattack or breach, this incident inflicted trillions of dollars in losses and underscored the importance of managing supply chain risks. In the article, we delve into the necessity of a multivendor approach in selecting security solutions for organisations, detailing practical implementation steps and the scope of this strategy.

What is a Multivendor Approach?

A critical component of robust endpoint protection is adopting a multivendor approach, especially regarding Endpoint Detection and Response (EDR) solutions. This strategy aims to employ cybersecurity solutions from multiple vendors and integrate them within a single infrastructure.
By leveraging a multivendor approach, organisations can enhance their security posture, capitalising on the unique strengths of each solution. For instance, while one solution might excel at detecting specific threats, another may offer superior protection against different types of attacks. This methodology also mitigates the risk of dependency on a single vendor, which can be crucial in scenarios of failures or vulnerabilities, as exemplified by the CrowdStrike incident.

Key Benefits of a Multivendor Approach

Diverse Protection: A single EDR solution may be highly effective against specific threats but fail to detect others. Multiple solutions enhance detection and mitigation capabilities, as each system employs different threat analysis methods and algorithms.
Stability and Updates: Relying on a single solution can lead to instability or failed updates. Multiple solutions from various vendors ensure uninterrupted protection, even if one solution encounters issues during updates.

Vendor Risk Mitigation: Problems with one vendor can jeopardise the entire organisation’s defence. A multivendor strategy disperses risks and reduces dependency on a single provider, ensuring a more reliable and resilient security posture.

Holistic Implementation: The multivendor approach should extend beyond EDR and encompass all domains of information security. This includes antivirus software, firewalls, access control systems, and other critical security components.

Practical Steps for Implementing a Multivendor Approach

1. Needs and Requirements Analysis: Identify critical and non-critical business assets and establish requirements and functional modules for each group of assets
2. Proof of Concept (PoC): Conduct analyses and PoC to evaluate various solutions' economic feasibility and effectiveness.
3. Solution Integration: Integrate selected solutions with existing SIEM and third-party systems to ensure comprehensive protection.

Example: Multivendor Approach in a Financial Institution

Consider a large financial institution with an extensive network of thousands of endpoints. The organisation divided endpoints into two main groups: critical business assets and non-critical assets.

Critical Business Assets

This group includes servers, databases, and other resources containing confidential financial information and personal customer data. The selected solution from vendor “A” is renowned for its high efficacy in detecting and blocking sophisticated threats. It allows for manual response by skilled analysts, adding an extra layer of protection for critical assets. Additionally, this solution boasts specific features and certifications from local regulators.

Non-Critical Assets

This group includes employee workstations that do not have access to sensitive information and perform routine tasks. Vendor “B”'s solution was chosen to protect these endpoints from common threats. It is more straightforward to configure, more effective in detecting and neutralising widespread threats, and designed for personal computers, making it more cost-effective and resource-efficient. It also includes automatic response mechanisms, ensuring swift threat mitigation without manual intervention.

Conclusion

The CrowdStrike incident has shown the critical importance of a multivendor approach in organisational protection. Utilising solutions from multiple vendors minimises risks associated with potential vulnerabilities or failures of a single product, providing more resilient and reliable protection.
A multivendor strategy offers diverse protection, increased stability, and reduced dependency on a single provider. Practical implementation involves analysing needs, conducting Proof of Concept, and integrating solutions.

IT Specialist partners with leading security solution providers like Check Point, Cisco, Fortinet, SentinelOne, Symantec, IBM, and others. Contact us, and our experts will help you select the best combination of solutions to secure your business assets effectively.