The disjointed, piecemeal approach to security that is prevalent in the industry today is failing to meet businesses’ needs.
We see the results every day, from news headlines like the Sony hack to the thousands of businesses that have been affected recently by Cryptowall and other ransomware, banking Trojans like Vawtrak, and targeted attacks.
We also see it in the many IT professionals that come to us and our partners looking for a better way to secure their organizations.
This will be the first of three posts exploring the ways that the security industry is letting businesses down.
One failure of many security “solutions” is that they are incomplete. Most security products have evolved as point solutions to point problems. Viruses popped up on personal computers, so some people developed antivirus software. Hackers tried to break into networks, so some other people developed firewalls. And so on.
The trouble is, there are always new types of threats emerging. So businesses are constantly being encouraged — often by new vendors hawking new technologies — to add one more layer. Worried about advanced persistent threats? Add a new “Advanced Threat Protection” system to supplement your existing endpoint and network security. Need to protect sensitive data from leaking out to the wrong people? Add a data loss protection (DLP) system.
This approach worked for a while. But as attackers get more sophisticated and coordinated, there are so many new threats that most organizations can’t afford to keep adding more layers. The cost of the products alone would be prohibitive, not to mention the time and resources needed to research, purchase, learn, deploy and administer yet another product with another console and another set of alerts to manage.
At Sophos, we believe that security must be comprehensive. A security solution isn’t a solution at all if it doesn’t deliver what you need to protect your organization. Today, you can see this principle reflected in products like our Unified Threat Management (UTM) appliance for complete network protection and our Enduser Protection Bundles, which deliver everything you need to secure enduser devices and data in a single per-user license.
In the next couple days, I’ll write about the other two areas in which businesses are being let down by the security industry. And watch this blog to learn more about what we’re doing to deliver better, more comprehensive security for our customers.
For even more details, check out our webinar on all the features in Next-Gen Enduser Protection.