One of the most wonderful things about technology is that it is always changing, always developing. Innovations and idea that begin life as non-functional at best and detrimental at worst have, in many cases, developed into some of the most groundbreaking of our time. But before people can accept transformative technologies, they must necessarily let go of the prejudices and misconceptions.
This happens, for example, in the field of IT security. Starting with the first computer virus named ‘Creeper’ in 1971, a rapid evolution of threats was initiated. It was also the start of the IT security industry and the first antivirus programs to combat them. Due to the very manageable variants of malicious code, they had an easy game at the beginning. However, as malware progressed, it increasingly became a problem. Consequently, more intelligent techniques must be developed and more threats must be identified by the security vendors in less time, in order to keep up.
However, the volume and variety of threats are already so big that it is almost impossible for a single vendor to always detect a global threat right on time. An obvious solution for this problem may be that multiple vendors are used to overlap each other and fill the gaps. This has already shaped the terms ‘multi-engine’ and ‘multi-vendor’ in the past. Nonetheless, one often hears the warning that this strategy is not necessarily a good idea, for various reasons.
It’s time to sort the fact from the fiction and set the record straight, once and for all.
1. “Combining multiple security products is not a good idea”
It is true that you should avoid installing a bunch of stand-alone security products together on a computer. Traditional security solutions are not designed to be used side by side in this way. Doing so creates major performance problems and other negative side-effects.
To operate multiple vendors and technologies simultaneously, they must be harnessed into a special scan framework, where it is not the security products themselves which are combined, but the technology cores inherent in each vendor product. For the best result, an agile collaborative approach is used for this, which allows an enterprise to freely choose and combine the technology cores of individual vendors separately for each security feature required. This is the key to achieving an optimum mix of technologies for every application, without compromising on performance.
2. “Multiple security products do not offer more protection”
Each security vendor has its own individual knowledge and technologies for threat detection, resulting in an individual protection potential. This is tested on an ongoing basis by neutral institutions. No single vendor can always detect every possible threat, but using multiple vendors in an intelligent and targeted way increases the level of threat detection, of an entire threat cleanup, and shortens reaction times to ensure threats are detected and eliminated in good time.
3. “Operating multiple security vendors is a big overhead”
If you operate many standalone solutions in your environment, this is indeed a big overhead. Every single piece of monitoring and maintenance will need to be done multiple times. A true multi-vendor solution merges all vendors and technologies into one, unified solution. Therefore, you only have the operating effort of a single product.
4. “Multiple security vendors are already in use”
Yes, many standalone solutions are available to cover different aspects of cyber security. Sometimes, illegitimate multi-vendor strategies are in place where, for example, one vendor takes care of the server landscape and another takes care of the clients. Besides the big operation overhead, this does not necessarily increase the security level either. They are still independent solutions that do not interact with each other. If one solution gets a problem, the other one is not able to help. A true multi-vendor solution operates multiple vendors and technologies simultaneously and ensures their collaboration. In this case, one vendor can compensate for the other’s weaknesses.
5. “Antivirus is dead”
Although this rumour does not necessarily have to do with ‘multi-engine’, we must address this as well. It is important to understand what is meant by the term ‘antivirus’.
Antivirus, under the definition of ‘endpoint protection’ is and will always be an important aspect of every security strategy. Depending on the attack vector and the type of threat, endpoint protection is your first and last line of defence.
Antivirus, under the definition of ‘signature-based’ detection, is another matter. Signatures cannot detect everything and it is a good idea to use additional approaches as well. This does not mean that they are ineffective; they do provide valuable knowledge, similar to reputation information.
We hope that this has helped you to understand the truth about multi-vendor usage. Developments have occurred at a rapid pace over the last few years, in no small part due to the necessity to continually adapt to fast-evolving cyber threats. It has never been more important to have the highest possible level of security protection at hand for your enterprise and now is the time to make multi-vendor security central to your strategy.
To find out more about agile threat detection and the power of multi-vendor solutions, we recommend downloading our free whitepaper, Keeping Your Data Safe Threat Detection Optimisation For Enterprises. Click below for your copy: