Most organizations have realized the strategic importance of cybersecurity by now and spend hundreds of thousands, if not millions, of dollars on detection and prevention technologies. In recent years, applications and services that assist companies in safeguarding their environments have truly become a staple of everyday information technology spend.
Many commercial products exist that provide adequate levels of protection for the most common types of security threats; some even offer entire suites with different products so that an organization’s security lives within a single, easy-to-use interface. Using an entire product line from a single vendor has both advantages and disadvantages.
Many of these products merge their different applications into a few, or even one, user interface. This allows security operators and technicians to receive information, review potential threats and quickly mitigate potential issues without needing to jump between applications. Although there are obvious advantages to such an approach, an organization becomes reliant on only a single source of information to provide a comprehensive security posture.
Expanding the toolkit, or bringing in technologies from more than one source, can often provide a more holistic and up-to-date security framework for larger organizations. At the end of the day, software companies can only be as responsive and current as the threat landscape allows and their ability to develop and augment applications permits. Just like when writing a research paper or dissertation, focusing on a single source for information is never a strategy that will yield the best results. Even though it will require a bit more user training and oversight, having security products from different sources may plug more holes then using any one product alone.
For those that shoulder the day-to-day workload of identifying and addressing threats to their organization’s environment, keeping current on their chosen products as well as staying abreast of alert information from commercial and national-level sources, this is not a new strategy. Utilizing a wide variety of products also protects an organization from threats to any one product line.
Some notable examples of security organizations that have suffered significant compromise include SolarWinds, which gained national media attention after a December 2019 incursion, and more recently Malwarebytes, which announced a breach by the same hacker group, Dark Halo, in January.
While the latter incursion did not appear to present issues within Malwarebytes’ suite of security products, security personnel and technicians should always stay informed when their service or software providers are impacted. There will always come a day when an incident at a commercial security company will adversely impact its end users. Relying on a single product will open up vulnerability to adverse issues. Having one or more backups to a primary security tool should never be seen as a bad idea.
More information: https://www.businessinsider.com/cybersecurity-firm-malwarebytes-was-breached-by-solarwinds-hackers-2021-1
For more information on cybersecurity and your legal practice, please email contact@ETRMGroup.com.