Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity News

Convergence is the answer for a defense-in-depth approach

By Etay Maor
cybersecurity-freepik1170x658.jpg

Image by Freepik

August 29, 2022

The president of the BSI (Germany’s Federal Office for Information Security) recently issued a warning about an uptick in the number, and severity, of cyberattacks due to the Russia-Ukraine war. He specifically pointed out the hacktivist attack on the German subsidiary of Rosneft, a Russian oil company, and the collateral damages from the Russian attack against the KA-SAT satellite service, which resulted in damages to German wind turbines. 


Global connectivity has its banes

Unfortunately, the risk of becoming collateral damage isn’t limited to any single country. SMBs and individuals, as long as their systems connect to the broader internet, may find themselves caught in the crossfire no matter how far off they are from the battlefield. Like NotPetya, the destructive malware spilled from Ukraine to hit Maersk and Merck, and Stuxnet, which found its way from Iran to Germany-based Siemens. 


Such attacks and damages were predictable, and yet, in today’s cybersecurity architectures and procedures — they remain difficult to prevent, mitigate or even detect. That said, cyber challenges for businesses don’t end here. Organized cybercrime has more than doubled since 2015. The conflict in Ukraine fueled the creation of new cybercrime groups and ransomware gangs. 


SMB cybersecurity — where did it go wrong?

What most targeted organizations have had in common is that they approach cybersecurity risks as a set of stand-alone problems. As a result, they address them with single-point solutions. Phishing? We have a system for that. Vulnerabilities? We have a team doing patch management. Suspicious events? We log, and we have firewalls, anti-virus, data loss prevention (DLP), security information and security management (SIEM), endpoint detection and response (EDR), virtual private network (VPNs), and more.  


Organizations fail to realize that a breach is never a single failure. In almost all cases, a breach is a complete failure of all the security products and processes. Attackers must successfully complete many different tasks to complete their mission. Cyberattacks involve multiple stages, from performing reconnaissance to delivering malware to establishing command and control. Unless we address them holistically, there is no reason for us to expect anything to change. 


The problem with best-of-breed for defense-in-depth

For years, organizations have built defense-in-depth with best-of-breed point solutions. In theory, that means getting the best of what each vendor offers and making it work synergistically to erect impenetrable security defenses. The reality, however, is much more complicated, especially as the workforce becomes distributed, IT infrastructure scales, and partner networks expand. 


  1. Integration management: Multi-vendor point solutions focus on individual functionality and are not built to integrate seamlessly. Security teams are often consumed by integration projects, device updates and patching, and monitoring across multiple consoles. Visibility loopholes and integration flaws are inevitable. 
  2. Budget and manpower: SMBs especially do not have the budget, staffing, and time to recruit, purchase, maintain and grow a security team as big as large-scale banks or government entities. These organizations, which can be crippled by cyber-attacks and even go out of business, must muster up a defense at par with large-scale businesses because the threats they face are essentially the same. 
  3. Digital transformation: Cybersecurity is no longer about installing firewalls and anti-virus programs on individual devices. The shift to BYOD (bring your own device) and flexible and remote working means a globally distributed workforce that relies on cloud applications and multiple devices per individual. Installing, integrating, and managing best-of-breed solutions across all endpoints is inefficient and impossible.

Instead of having (on average) 40+ different security products which force departments to constantly consider and execute integration projects, manage multiple devices, patch them, update multiple policies, etc., we have to rethink our approach.


Convergence is the new best-of-breed

At present, over half of organizations have either already shifted from the best-of-breed approach to single-vendor security suites or are in the process of making the switch.


SMBs need to take note of the market trend. Converging security tools can take away the pains of best-of-breed while yielding even better results. 


  1. When all security functionality is designed to work coherently, organizations don’t have to worry about manually integrating each functionality and creating vulnerabilities. 
  2.  A single-vendor, as-a-service approach takes away update and patch management headaches from security teams. It also enables single-pane-of-glass management. 
  3. A centralized management console paired with cloud delivery, as in SASE (secure access service edge), can extend the security perimeter to wherever the workers or resources are. 


With its centralized management console and flexible management options, SASE is more than the sum of its parts. Instead of security at the cost of mounting exhaustion, performance inefficiencies, and other overhead, convergence offers security with ease of management and operational efficiency. Organizations don’t have to add tools and make updates once new threats emerge — it’s also flexible enough to defend organizations against up-and-coming threats. 


The takeaway

The BSI statement reminds organizations that conflict yields crime and collateral damage. Cyber has no boundaries. Businesses need to rethink their approach to cybersecurity in the face of these new threats and their digital transformation and remote work needs.


If organizations want to secure their systems, they must approach security as a holistic issue that requires a holistic architecture. Combine that with adopting an attacker’s mentality to approach your network, and you should be well on your way to becoming cyber secure. 

KEYWORDS: cyber security defense in depth risk management security technology small and medium business (SMB) security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Etay maor

Etay Maor is the Senior Director of Security Strategy for Cato Networks. Previously, Maor was the Chief Security Officer for IntSights, where he led strategic cybersecurity research and security services. Maor has also held senior security positions at IBM, where he created and led breach response training and security research, and RSA Security’s Cyber Threats Research Labs, where he managed malware research and intelligence teams. Maor is an adjunct professor at Boston College and is part of Call for Paper (CFP) committees for the RSA Conference and QuBits Conference. He holds a BA in Computer Science and a MA in Counter-Terrorism and Cyber-Terrorism.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • vertical green text on black screen

    The rise of AI in SASE applications will fend off cyber threats

    See More
  • blue digital graphic with light blue rings

    SSE versus SASE: What’s the real difference?

    See More
  • threat-intel-freepik1170x658v78.jpg

    Eliminate threat intelligence false positives with SASE

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing