When it comes to cybersecurity strategy, it’s best not to put all your eggs in one basket. This adage is all the more relevant today, at a time when cyberthreats are increasingly complex and constantly evolving. Our Stormshield experts offer their perspectives on the subject.
At a time when the mobile phone market is rife with tension between the US and China over who can win the 5G race, the most astute observers are sounding the alarm over recent acquisitions of European tech companies made during the last few months. First, because more and more specialised French companies are now flying the American flag, and second, because fears are growing over the emergence of monopolies in the industry. Indeed, monopolies are generally problematic for any industry, as they often restrain user freedom by limiting their choices, while also jeopardising their security.
Ensuring ecosystem stability
When it comes to cybersecurity, it’s never a good thing when monopolies begin to form. Especially when at the same time, “the world of cybersecurity is Americanising”, as noted Matthieu Bonenfant, Chief Marketing Officer at Stormshield. “When the market is excessively consolidated around large, powerful actors, that destabilises the ecosystem. Certain companies or states may take it upon themselves to dictate tech practices.” As such, it is essential for the cyber ecosystem to achieve a balance between a variety of solutions. “Having a diversity of solutions and actors guarantees the freedom and security of companies and users.”
The world of cybersecurity is AmericanisingMatthieu Bonenfant, Chief Marketing Officer at Stormshield
Mounir Mahjoubi, the former French Secretary of State for Digital Affairs, alluded to this notion while defending the French search engine Qwant, claiming that it represented an “opportunity to introduce some technological diversity” into the tools we use every day.
Providing optimal protection against complex threats
In addition to the (fundamental) challenge of digital sovereignty, diversity also guarantees an optimum level of security. “Cyberthreats today are increasingly complex and sophisticated”, says Simon Dansette, Product Manager for Stormshield. “As such, a lack of diversity in our security solutions increases the risk that one of these systems will be breached by attackers on a massive scale. This is despite the benefits that such standardisation would bring—such as the massive amounts of information that could be collected in order to continually improve detection systems.” Microsoft’s decision early this year to homogenise its security systems and integrate them natively into Office365 and Windows10 illustrates this aspect well. While the intentions behind this move—increasing user security—are no doubt laudable, it is also important to remember the limits of such an approach.
A lack of diversity in our security solutions increases the risk that one of these systems will be breached by attackers on a massive scaleSimon Dansette, Product Manager Stormshield
“In short, if everyone is using the same alarm system, a potential attacker will be more motivated to find the best way to deactivate it, considerably increasing the amount of harm they can do”, notes Matthieu Bonenfant. “A good security system is a multilayer system that adopts a ‘defence in depth’ approach by using different technologies.” Caution should be taken, however, to ensure that this layering is consistent from end to end, and that no level of security is neglected. “I’ve often seen companies that have very impressive firewalls, but whose WiFi log-ins use passwords that are too weak. Or companies that have very sophisticated security infrastructures for their email or ERP systems, but no protections at all for their R&D department”, says Davide Pala, Pre-Sales Engineer for Stormshield.
Implementing technological diversity
So what does effective protection look like? It consists of two pillars: a variety of technologies (defence in depth) from a variety of publishing brands. “When it comes to solutions, you can set up protections at different levels”, explains Simon Dansette. “Broadly speaking, you have the service level—cloud, email, etc.—which needs to be protected against threats like spam or phishing attacks. Then there’s the network level (or ‘perimeter’ level), which can be protected with firewalls, UTMs and the like. Finally, there’s the workstation level, where protections like antivirus software and EDR solutions are your last line of defence against malware attacks. In an actual information system, the various layers extend beyond the three levels mentioned, and are constantly evolving.”
In addition to using a combination of technologies, the other pillar of an effective system involves selecting a variety of brands or publishers in order to ensure optimum security. That way, if a brand disappears—or if its security mechanisms are defective—you can avoid being completely exposed. This is the same principle behind the dual barrier concept. “For comparable security functions, we often recommend using different publishers. Since they don’t have the same approach, if one system is unable to detect a threat, the other can pick up the slack”, explains Matthieu Bonenfant. “For example, you could put two firewalls from different publishers in place, one after the other. Or for the gateway, you could use a different anti-malware technology from the one used on the workstations.”
Advocating for integrated technological diversity
Some will no doubt remark that, at a time when the industry is suffering from a shortage of resources and talent, with budgets that are far from unlimited, it may be a tall order for CISOs to manage so many different solutions. What’s more, we’ve seen that some publishers have noted these difficulties and are offering comprehensive solutions made with interoperability in mind, in order to facilitate administration. For Matthieu Bonenfant, the idea is defensible. Nevertheless, “it is completely possible to simultaneously manage and administer an assortment of different systems using APIs, programming interfaces that create gateways in order to exchange data or instructions.” To achieve this, “it is important for all products to rely on common standards such as REST API. That way, they can be administered using open-source tools, like Ansible or Python”, notes Davide Pala.
The next step will be to broaden considerations beyond inter-system dialogue: “in an integration scenario, it is no less important to be able to generate easily analysable logs and send them using standard protocols like Syslog. Much like natural ecosystems, cybersecurity ecosystems must engage in dialogue and communication. Multiple solutions need to be integrated together.”
Much like natural ecosystems, cybersecurity ecosystems must engage in dialogue and communication. Multiple solutions need to be integrated together.Davide Pala, Pre-Sales Engineer Stormshield
In a context where cyberthreats are constantly evolving, relying on multiple technologies and publishers is an indispensable bulwark. CISOs take note: this is surely one of the most important stops on your roadmap!