Do Labels Help in Security?

Greg Day


 Tags: ,

In the security industry, there has always been a want to use “best of breed” technology, which is about to be further amplified as the EU introduces the requirements around “state of the art” cybersecurity capabilities. As such we look to put products into categories, be they Sandbox, NGFW, UTM or Endpoint protection just to list a few.

The challenge comes, however, as technology providers look to differentiate themselves from their competitors. Each has additional capabilities or a different approach to solving the problem.

The Palo Alto Networks Next-Generation Security Platform is variously mentioned, depending on the source, under all the categories of NGFW, sandbox with the WildFire service enabled, and has sometimes been called a UTM solution when you leverage multiple or all the services: WildFire, Threat Prevention, GlobalProtect, and URL Filtering.

But herein again lies the rub: What is a UTM solution? Most would typically consider it, as its name suggests, a collection of solutions aggregated into a single piece of hardware. The value in such instances is typically cost. From my time working in product management, the biggest overhead of such solutions was the management plane, which effectively becomes the baton manager ensuring traffic is passed from one process to the next to allow each to complete its specific tasks, effectively making the approach like a relay race. Typically they share a management dashboard or common interface.

Considering we strive now for “state of the art,” such linear processing is, in the modern world, relatively archaic. In recent months the impending era of quantum computing has been in the media. The idea of being able to break atoms down to the subatomic level, and then process them at far greater rates, seems like a principal that should be at the heart of a next-generation cybersecurity solution. Rather than analyzing characteristics linearly – as most UTMs would – and then requiring humans to do the computational physics, we should be parallel processing the subatomic elements to get to a more accurate outcome, more efficiently, today.

So why don’t we do this already? Well, whilst we aren’t yet using quantum mechanics, some solutions do look to take an evolutionary approach, changing the starting point of how we analyze the traffic, based on use rather than IP protocol pre-concepts, and then look to take a singular pass to complete multilayered analysis that has cross dependencies to provide a singular outcome. Palo Alto Networks Next-Generation Security Platform strives to achieve this as it does allow, much like the quantum mechanics, a method to do far more in-depth analysis at greater speed that reduces the human physics involved, giving a more efficient and accurate answer. Does this make it a UTM? Palo Alto Networks would say “no”, as regards the expectations of what a UTM is; we would consider archaic linear analysis in the face of what we can actually do.

So do labels help in security?

At a high level, they give an understanding of the broad scope of technology capabilities; yet, as the saying goes, the devil is indeed in the details. A MINI and a Ferrari are both cars, yet each has very different capabilities. What’s important is that, when looking at technology capabilities, you consider which specific aspects are important to you under each broad label.

Today labels typically focus on capability groupings; but, what is becoming increasingly critical – be it driven by either EU legislation or the broader skills gap in the security industry – is usability. How many people or man-hours does it take to get to the answer? The “how” is as important, if not more important, than the “what”. Both a computer and a quantum computer would give you an answer to the meaning of life (which, of course, would be 42.) However the former could take decades and the later, milliseconds.

In an industry as dynamic as cyber, keeping pace with “state of the art” means security leaders must look beyond the “what” label and see the “how” value that comes especially in the context of each company’s broader cybersecurity eco-system. As technology and the threats against it continue to evolve, so too – I’m sure – will the labels applied by the industry against the cybersecurity tools we use evolve.

Now “best of breed” or “integrated solution”, that’s another debate that seems to have raged on for too long; however, that’s for another blog…

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS