Integration has been a defining story in the past year of cybersecurity.
The retreat from the perimeter hailed by the likes of Brian Dye of Symantec (he of "antivirus is dead" fame), is still being sounded by vendors who confidently claim that the outer wall of security is dead, and has been for some time.
Falling back to inside the network has put even more pressure on vendors to examine the links between all the parts that make a company secure these days, including endpoints, mobile devices, emails and the Web.
That lack of interoperability was flagged more than six months ago by Chris Young, head of Intel Security and former Cisco staffer. Speaking at the firm’s Focus conference in Las Vegas, he said the industry was "creating its own problems" as vendors failed to connect their own products together and facilitate links between competing brands.
But since then has the industry listened, or were his remarks to no avail?
We don’t need no integration
On the floor of the Infosecurity Europe conference in London, CBR sat down with Sophos, a British security vendor that is just about to list on the London Stock Exchange, in a move that could leave them valued at £1bn if analyst’s predictions are to be believed.
Unsurprisingly James Vyvyan, UK&I president at the firm, was feeling bullish about his firm’s position. Under the "Galileo" project the company has been pulling together the two halves of its business – endpoints and networks – to deliver better integration and analytics.
Content from our partners
The result of this labour will be revealed next month as the project is rolled out, just over a year after Sophos announced the plans, which are similar to those revealed by Intel Security (still referred to by its old name McAfee) when Young made his comments on integration last year.
"I think McAfee are talking a similar game," Vyvyan said. He remains scornful of the attempts by Palo Alto and FireEye, two more of Sophos’ rivals, to connect their products together, as well as other industry attempts to create frameworks that multiple companies can connect to, through things like open APIs (application programming intefaces).
Mostly this is due to difficulties in getting developers to work together with one another. "I can’t see that level of collaboration across the industry," he said. "It’s difficult enough to get people in the same company to develop in the same way."
Room for the reseller
These problem, which partly prompted the integration debate in the first place, have been acknowledged by others. Simon Church, chief executive at NTT Com Security, which consults with firms about their security postures, agrees that vendors are failing to integrate products.
"Clearly because we’re doing so well they’re not doing so well as they could be doing," he told CBR at Infosecurity Europe. Whilst he predicts that we will one day reach the stage "where everything is talking to each other all the time", he seems confident that for now consultants like him linking together security products will be a lucrative line of business.
Unfortunately for the likes of Church some vendors, including the leviathan Cisco, take integration with others more seriously than Sophos. "The message from us right now is security should be implemented a different way," Terry Greer-King, director of cybersecurity for Cisco, said to CBR. "What we’re trying to do with enterprise networking is integrate things more and more."
This, as he puts it, is a "work in progress". As for collaboration, he maintains "there was never a point in time where you could provide every piece of security technology. There’s always going to be an opportunity for small, niche start-ups to come up with solutions."
Further fracturing
Ahead of Infosecurity Europe CBR caught up with Symantec at their offices in the City of London. As it prepares to split itself between storage and security – effectively undoing a previous merger with storage firm Veritas – Symantec appears particularly emblematic of the integration problems in cybersecurity.
Balaji Yelamanchili, general manager of enterprise security at the firm, maintains that despite the split both companies will continue to work together just as effectively as before. It is hard to reconcile this claim that both halves will be able to tackle storage and security more effectively as separate bodies – the official reason for the divorce.
"Because each group has a very specific focus, it gives each group an understanding of those synergies," Yelamanchili argued. "It also gives companies the opportunity to work with other vendors in the space."
Working with other vendors is certainly part of the Intel Security’s plan. Since Chris Young’s comments last year the company has continued to bolster its Security Innovation Alliance, which now has around 100 partners, according to Raj Samani, EMEA CTO.
For him security is about defending against the weakest link, which has made integration and its corollary analytics essential. "For most of the attacks you today they leverage the concept of trial and error," he said. "So understanding your security posture in real-time is very important."
Analytics, as Samani says, is important. Indeed it is partly to agglomerate data that firms are so keen to integrate their security products. But for now at least, a fractured industry has produced a fractured response to fracturing.
Go figure.
