YOUR BENEFITS OF
AGILE CYBERSECURITY
In order to achieve optimal cybersecurity, you have to master many challenges. Find out here how agile operation of vendors and technologies can help you with it.
DO I DETECT ALL CYBER THREATS?
The main task of cyber security is the reliable detection and elimination of threats. The particular challenge is the daily growth of hundreds of thousands of new threats. How can the agile use of vendors help me to protect myself from this?
By using a single vendor, you have its individual security potential at your disposal. This decides whether a threat is detected or not. Whether EPP or EDR, signatures or artificial intelligence, the resulting detection rate is always subject to fluctuations, which means that many, but not all, threats can be detected. Neutral test institutes such as AV-Comparatives, AV-Test, VirusBulletin or ICSA-Labs continuously prove this.
Agile cybersecurity allows you the flexible combination of independent vendors. By overlapping the different security potentials, missing detections can be compensated for, existing ones confirmed, and the overall detection rate can thus be maximized. All technical approaches can be used for the combination, which can make their contribution equally. Behavior monitoring and artificial intelligence are no exception.
HOW DO I DEAL WITH FALSE ALARMS?
False alarms (false positives) are an unpleasant side effect of threat detection. Harmless files or legitimate behavior are mistakenly considered a threat. The consequences range from unnecessary extra work for administrators to computer crashes and data loss. How can agile cybersecurity help me deal with false alarms?
Any technical approach, including behavior-based surveillance and artificial intelligence, can cause false alarms. When using a single provider, you therefore have to rely on their quality assurance, check identified threats for a possible false positive and, if necessary, create exceptions to remedy them.
The simultaneous use of independent vendors enables you to deal with false alarms in a new way. You can make automatic responses to detected threats, which could cause potential harm, depend on the agreement of several vendors. In addition, the consolidation of the various threat information helps you to decide at a glance whether it can be a false positive or not.
HOW DO I SHORTEN MY EXPOSURE PERIOD AT ZERO-DAYS?
When it comes to the detection of new types of threats (Zero-Days), the period of time until protection is available is crucial. How do I make sure that this period is as short as possible to avoid damage?
The time to protection against a new threat can vary from case to case and from vendor to vendor. With the use of a single vendor, protection is therefore sometimes immediately available to you, in other cases your vendor must make adjustments beforehand (re-training of the AI, adjustment of the behavior analysis, delivery of an update). As a result, your risk period can range from hours to days.
Through the combined use of vendors, protection against new threats is always available to you by the fastest vendor you use. Agile cyber security can therefore help you to significantly reduce your average exposure period.
HOW DO I IMPLEMENT A NEW SECURITY VENDOR?
The implementation of a security system is the basis for cybersecurity and a multi-stage process. After some time, this must be repeated again and again, for a variety of reasons (e.g. dissatisfaction with the existing provider, changed requirements, strategic decisions). How does agile cybersecurity affect this?
The traditional implementation process consists of the following stages: The solutions in question must be installed and evaluated individually in order to select a single vendor. Based on its features, a concept for use must then be developed, the solution including the software roll-out implemented and the administrators re-trained. The total effort for this project can be weeks or months.
As soon as the base system for agile operation has been put in place, the implementation process changes fundamentally. Vendors in question can be activated on click and tested immediately. The choice does not even have to fall on a single vendor, but can be a combination of various ones. Further steps such as concept development, implementation and re-training are not necessary, since the base system is already in place and does not change due to the activation of vendors. The total effort for this project can therefore be a few hours.
HOW DO I DEAL WITH DIFFERENT REQUIREMENTS?
In a company, different systems can have different requirements to a security system. For example, a file server that has to process a large number of simultaneous accesses has other needs than mobile devices, that can leave the protection of the company. How do I deal with this challenge?
If a single vendor is used, it must be able to cover all required areas of application equally. By modifying its configuration, there is a little leeway so that you can adapt it to the task at hand.
With agile cybersecurity, you can address each area of application individually. Activate those vendors in those combinations whose technology characteristics fit the task perfectly. For example, high data throughput technologies for file servers and several different security technologies for mobile devices. This gives you optimal compatibility for every application.
HOW FLEXIBLE AM I WITH CHANGES?
IT and the threat landscape are constantly changing. Therefore, cybersecurity has to constantly adapt to new circumstances. How fast and flexible am I to make changes?
Depending on the vendor used and its features, you can make certain changes to the configuration or install additional products. If that is not enough, a re-implementation project is necessary to switch to another vendor that can meet the new requirements. This may be repeated several times.
With agile cybersecurity, you can make changes by click. Whether a change of vendor or the introduction of a new, technological approach, there are no limits to the possibilities. The desired changes are implemented via hot swap, in the common system, during operation, without a restart or the need for a new software roll-out.
WHAT STRATEGIES CAN I IMPLEMENT?
Which strategy I follow for my cybersecurity can be crucial to protect myself from all threats and to achieve optimal compatibility with my IT. What scope do I have with it?
Depending on the vendor used, the options may differ somewhat. However, the use of a single vendor limits the design freedom to the optional use of its functions and the creation of scheduled tasks.
Agile cybersecurity opens up a new dimension of security strategies. Due to the flexible use of vendors, new criteria for designing the strategy are available: Which vendors, in which combinations, with which technologies, on which devices, at what point in time should be activated?
WHAT DO I DO IN AN EMERGENCY?
When protecting IT, emergencies can occasionally happen. These usually occur when the security vendor used does not detect a threat and a virus outbreak begins. What options do I have in such a situation?
If your vendor does not detect a threat, you have to, if possible, research the symptoms and create manual blocking rules. Alternatively, you can download a cleaning tool (e.g. emergency CD) from another vendor and use it to manually clean your devices.
If none of the active vendors detects the threat, you can immediately use agile cybersecurity to call for help from another vendor who has the necessary detection. Activation can happen within a few minutes, across the network, to stop the outbreak.
HOW CAN I MEET THE COMPLIANCE REQUIREMENTS?
Depending on which requirements exist for my company, I have to implement measures to ensure compliance. There is increasing demand for multi-vendor strategies. How do I implement this?
With single vendors, you can set up pseudo multi-vendor strategies. For this, one vendor is used in different areas (e.g. vendor A for servers and vendor B for clients). Alternatively, you can try to find compatible vendors that can be operated simultaneously on the same device for different functions. In any case, however, this results in twice the operating effort and only a slight improvement in security.
Agile cybersecurity allows you to implement a real multi-vendor strategy. You can activate several vendors on one device and combine them flexibly. The uniform base system eliminates the need for double maintenance and the overlapping of the security technologies ensures a significant improvement in security. This means that you can met the compliance requirements perfectly, with little effort.
HOW BIG IS MY ADMINISTRATIVE EFFORT?
What are the consequences if I want to use multiple vendors for my cybersecurity? How big are the daily maintenance and operating expenses?
With the use of several individual vendors, your effort increases with each additional vendor. This includes the implementation effort, the ongoing maintenance effort (e.g. importing updates and patches per vendor), as well as the daily operating expenses (e.g. control of reports and dashboards per vendor).
Thanks to the uniform base system of agile cybersecurity, the implementation, maintenance and operating expenses correspond to those of a single vendor. The number of activated vendors within the system is irrelevant and the consolidation of the threat data means that you always have an overview of all information across vendors.
