TALK TO US


Looking for our support portal?

Support Portal

Browse the blog

Case studies, answers to common industry questions, and more

Security Vendors: Is It Better to Have One or Multiple?

We often get asked how important it is to have multiple security vendors versus invest in a single-vendor strategy. This is a good question and worth considering.
 
The reason this question comes up is because we have clients who are concerned about relying on a single vendor to protect them from all angles. Can one vendor stay on the forefront of security technology without having any holes in their products? This is a reasonable concern, but there is no straightforward answer. It will largely depend on your environment, size, and general IT philosophy. Let’s explore the possibilities. 

A Multi-Layered Approach is Important

The first thing to consider is that it’s very important to not depend on one product category for protection – for example, it’s not enough to just own a firewall. A multi-layered security approach that includes multiple product categories will provide the best protection. The more layers, the higher chance of maintaining a strong security defense.  A multi-layered approach contains some or all of the following:

  • Firewall with Intrusion Prevention
  • Cloud DNS Security
  • Endpoint security
  • Network Access Control
  • Multi-factor authentication
  • End-user training
  • Backup and Remediation
  • Security Management

As you evaluate each of these layers and the vendors that have products in these categories, you will see that there is no single vendor that has a solution for every one of them.  However, there are vendors that provide solutions for many of them.  

Pros & Cons

Single Vendor

Pros

  • Single pane of glass management
  • Ability to negotiate pricing by combining multiple solutions together in a single package
  • Not just one hardware/software vendor, but one IT integrator that will know all products and how they work together best
  • Less training required
  • No finger pointing - vendor technical support can’t point the finger at another vendor
  • One partner, one account team, one contract, one support number
  • One trusted security advisor

Cons

  • Fewer product choices
  • May be best in breed in some products, but not all products
  • Multiple vendors will likely have overlap in their product features, so you may buy the same feature more than once (like content filtering)
  • Dependent on a single vendor to stay current on the latest threats
  • Product innovation happens at vendor’s pace

Multiple Vendors

Pros

  • If one vendor doesn’t find the latest threat, maybe another one will
  • More product choices
  • Lower risk of being locked into one vendor or product
  • Lower total cost of ownership potential if you can get smaller vendors to compete with each other for your business

Cons

  • No single pane of glass management – different portals for each product
  • Higher training costs to be effective on multiple vendor products
  • Multiple vendors will likely have overlap in their product features, so you may buy the same feature more than once (like content filtering)
  • Finding an IT integrator that knows all of your products and how they work together will be more difficult and may require multiple IT integrators
  • More vendors equals more complexity, making it more difficult to manage the security environment
  • High procurement costs when buying one product versus packaging an entire solution together from a single vendor
  • Smaller vendors are likely to be acquired over time, while larger vendors have broader portfolios with longer lifespan and support
  • Technical support may point fingers to other vendors
  • Updates and maintenance from multiple vendors creates a more complex environment to manage

Which is Best for Your Business?

A single-vendor approach may be the right choice for your business if:

  • Managing multiple vendors is too complex and time consuming.
  • You have limited IT resources that can only stay current on a smaller range of products.
  • You need IT resources that can work on a stable and reliable environment of one vendor.
  • You already have a good working relationship with a single vendor that understands your security environment.  Why add complexity with additional vendors?
  • You do not need every component in your security stack to be best of breed.  A functional, reliable, and predictable system is enough to achieve your business goals.
  • You have a desire to work with a single IT integrator who understands all of the products and how they work together to complete an overall security strategy.

A multi-vendor approach may be the right choice for your business if:

  • You have a large IT staff that can dedicate resources to managing each vendor or product.
  • You are managing your own security strategy and have a dedicated security group.
  • The IT investment of your company is a strategic asset and having the latest tools and innovations is of high importance.
  • You are willing to invest in smaller, unproven companies with bleeding edge features in order to have the latest tools at your disposal.
  • You are willing to sacrifice ease of management of the entire security portfolio in order to have best-in-class products.

Conclusion

Most of our clients prefer a single-vendor approach for the reliable and smooth operating environment it provides and because there is value in streamlining your operations with a complete solution on a single platform.  Likewise, there are instances when a multiple-vendor strategy works well.  

For most companies—especially growing small and mid-sized businesses—budget is a major consideration in every technology decision. Unless you have a full IT team with diverse expertise and the experience needed to manage a multi-vendor strategy, a single vendor strategy is likely best to minimize equipment management and costs. 

Additional Reading
How to Keep Tabs on Your Network Security
Protect Your Business with a Multi-Layer Security Approach
Security Best Practices for the Everyday Joe

The Top 4 Security Tools to Keep Your Network Protected

This week we are bringing you the top tools we recommend for a great defense-in-depth strategy to protect your network. 
 

1. Next-Generation Firewalls

 
Firewalls are built to monitor ingress and egress network traffic to decide whether to allow or block specific traffic on a network. These decisions are sometimes based upon advanced analytics or deep packet inspection.

Countless organizations use firewalls as their first line of protection. While a good next-generation firewall can easily reduce risk exposure by fifty percent, keep in mind, no firewall can provide one hundred percent protection. This is why a defense-in-depth approach is necessary to protect your network and its sensitive data. 
 

2. DNS Protection

 
DNS (Domain Name Service) is one of the most important technologies on the internet. Think of DNS as the internet’s phonebook, containing human-friendly names, such as example.com, and the IP address that is used to reach each website.

DNS protection allows companies to protect their employees’ network communications and reduces the chances of them communicating with the bad guy or a website that has been hijacked or redirected.

A reputable DNS protection vendor also protects clients from speaking to malware sites, malvertising (malicious advertising) links, and ransomware (malware that requires the victim to pay a ransom to access encrypted files) sites.

Some of the top DNS protection services leverage data analytics and algorithms that even protect users from visiting questionable sites that may be using an IP address being seen for the very first time on the Internet, and even protect employees while using company devices off the network. 
 

3. Endpoint Detection and Response

 
Anti-virus and advanced malware protection, known as Endpoint Protection and Response, prevent threats at the point of entry and then continuously investigates the entire lifecycle of the threat. It will provide insights into what happened, how it got in, where it has been, what it is doing now, and how to stop it.

EDR focuses primarily on advanced threats that are designed to evade front-line defenses and have successfully entered the environment. An Endpoint Protection Platform (your traditional antivirus software) focuses solely on prevention at the perimeter. It is difficult, if not impossible, for traditional antivirus software to block 100 percent of threats.

In the best-case scenario, an endpoint protection solution deploys both EPP and EDR capabilities to provide maximum protection. 
 

4. Email Security

 
Today’s organizations face a daunting challenge. Email is simultaneously the most important business communication tool and the leading attack vector to get malicious code into your network.

When choosing an Email Security product, you need capabilities to quickly detect, block, and remediate advanced threats in incoming mail such as Business Email Compromise (BEC), ransomware, advanced malware, phishing, and spam. Secure email gateways remain the cornerstone of a solid security posture and are available both as an on-prem solution or a cloud service.  

 

This post was contributed by Eric Grimm, our Service Operations Manager. Eric is a Certified Ethical Hacker, holds a Masters Degree in Cybersecurity, and has multiple Cisco Security certifications.

 
 
 
 
 
 
 
 
 
 

Additional Reading
Security Best Practices for the Everyday Joe
How to Keep Tabs on Your Network Security
Protect Your Business with a Multi-Layer Security Approach

Security Best Practices for the Everyday Joe

Security is convoluted. Security tips should not be.

To be an expert takes many years of training. It takes countless hours of experience to ensure that you take into account and understand everything that can go wrong.

But for the Everyday Joe, that amount of time and commitment is an unrealistic expectation. That’s why we're bringing you three simple security tips that everyone should follow.

1: Use Multi-factor Authentication

Multi-factor authentication is a security practice in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (factors) to an authentication mechanism.

When MFA (also known as 2FA) is enabled on a website or application, the user logs in with their username and password as the first type of authentication (something you know) and then they’re prompted for a second form of identification (something you have).

Typically, this second form of identification is a randomly generated key that is presented on either a mobile app (like Cisco Duo, Google Authenticator, Authy, etc.) or a physical hardware token, such as an RSA SecurID token.

MFA makes all of your logins monumentally harder to hack, keeping your data safe.

2: Create Strong Passwords

Passwords are often the only barrier between you and your personal information. There are several programs attackers can use to help guess or "crack" passwords. However, choosing strong passwords and keeping them confidential can make it more difficult for others to access your information.

Password reuse is a big problem. One stolen password often means the attacker can access a slew of different accounts. When creating a strong password, you will want to create a password using a combination of words, numbers, symbols, and both upper and lower-case letters. You also do not want to choose passwords based upon details that may not be as confidential as you would expect such as your birth date, your social security or phone number, or names of family members.

The easiest way to maintain strong passwords and use a different password for every site is to use a password manager. A password manager allows you to randomly generate and store different passwords for every site you log in to. There are several different password managers out there like 1Password, Bitwarden, Dashlane, Keeper, and LastPass.

3: Just Hang Up

There has been an increase in phone scams over the past few years. I’m sure you’ve received the dreaded “We’ve been trying to reach you about your car’s warranty…” calls at all hours of the night, or the friendly Microsoft engineer calling you about a technical issue with your computer, or even the refund scam.

These types of scams look to take advantage of the elderly and other unsuspecting users. Regardless of which “company” is call you, do not give any personal information or access to your computer. Once a “technician” has access to your computer, they tend to steal your information, browse your bank accounts, and install backdoors so they can connect to your computer again later.

The easiest way to protect yourself from these types of scams is to just hang up.

This post was contributed by Eric Grimm, our Service Operations Manager. Eric is a Certified Ethical Hacker, holds a Masters Degree in Cybersecurity, and has multiple Cisco Security certifications.

Want to get to know us first?

 

Office Tour

A virtual look inside our space in downtown Turlock.

 

About Us

A brief overview of our company history.

 

Meet Ryan Flud

VP, Professional Services

 

Meet Michelle Padilla

CFO/COO

 

Meet Eric Mueller

VP, Sales

 

Meet Jose Hernandez

RCDD, Structured Cabling

 

Meet Lance Reid

CEO