The Security Problem With Too Many Security Solutions
When did our tech diet get out of hand? We started to learn more and more about different threats, and then about the latest security tool to fix each of them, and we just had to have them all (insert Pokémon Go joke here).
So we dutifully kept adding on solutions that required extensive time to install, update, deploy and maintain - stretching our IT admins and teams thin, while generating massive logs of security alerts and data. Our systems became bloated with software, but were they actually effective when it came to preventing and mitigating threats?
A research analyst at Gartner, Elizabeth Kim reports that the world-wide cybersecurity market reached $75 billion in 2015, and is estimated to reach $170 billion by 2020, according to their report titled Cyber Security Market by Solution (IAM, Encryption, DLP, Risk and Compliance Management, IDS/IPS, UTM, Firewall, Antivirus/Antimalware, SIEM, Disaster Recovery, DDOS Mitigation, Web Filtering, and Security Services) – Global Forecast to 2020, as reported by Forbes.
That’s a long list of disjointed security controls that may just work to increase your IT infrastructure complexity while broadening your attack surface, making it easier for attackers to leverage outdated software and even security vulnerabilities found in your security software.
One example of this was discussed by Mudge (Pieter Zatko) during a Duo Tech Talk he gave about his time at DARPA where he oversaw cyber security research.
When it came to evaluating the success of the security solutions they were using, he found that the number of cyber incidents kept increasing from 2006-2011 - however, he also found the federal cyber defense spending was also increasing. That indicated that despite the amount of money and effort put toward security, incidents only continued to rise.
Through his research, he found that additional security layers often create vulnerabilities themselves - 28.8 percent of all vulnerabilities tracked across 100,000 networks were found within the security software.
It’s true that additional lines of code mean greater complexity and a greater attack surface. But the key is to choose the right lines of code - that is, lean but comprehensive software that can effectively protect against different threats with only the most important defenses, and nothing extra.
Instead of contracting to several different vendors for disparate security solutions, why not choose a solution that combines the most effective features into one holistic solution? Duo has designed a solution that not only integrates well with all of your applications and technology, it also keeps your users in mind with user-friendly features that won’t slow them down.
Our solution embraces the bring your own device (BYOD) movement, allowing your employees to use their own phones, laptops, tablets and PCs to access your apps securely using two-factor authentication to verify their identities. We give you detailed insight into their devices, but also parse the data for you so it’s not overwhelming - we analyze and flag any outdated software on these devices for easy remediation.
Then, we give you the option to let your users self-remediate, by notifying them of outdated software on their devices as they log into your apps. We put the power back in the admin’s hands by giving them the ability to create custom policies and controls to notify, warn and block any devices that don’t meet your security standards (such as minimum OS, browser or plugin version; or required security features like passcodes and screen lock).
Finally, we integrate with all of your VPN, cloud, on-premises and web apps, and provide APIs and client libraries to protect your custom, proprietary applications too.
We protect your users, devices and access to your applications with one solution that actually works, and doesn’t provide a great deal of added complexity. Learn more by visiting What is Trusted Access?