In an increasingly digital world, companies continuously face the threat of cyberattacks. Current advances in artificial intelligence (AI) promise significant improvements in detecting and defending against such threats.

However, it is no secret that attackers are increasingly using AI. Cyber criminals leverage AI and machine learning to optimize and automate attacks. AI-driven malware can quickly adapt to new security measures and exploit vulnerabilities in real time. These AI tools enable cyber criminals to scale their attacks and employ highly complex methods to bypass traditional security mechanisms and remain undetected. Additionally, attackers use advanced algorithms to make phishing attacks more precise.

In this context, Palo Alto Networks (PANW) recently announced the acquisition of IBM’s QRadar Software-as-a-Service (SaaS) business. This marks the second merger in the traditional security information and event management (SIEM) market this year, following the merger of Exabeam and LogRhythm. These developments followed Cisco’s earlier acquisition of Splunk.

Amidst these dynamic market conditions, choosing a future-proof technology architecture for threat management becomes almost inevitable. This underscores the necessity of selecting the best technologies and the right strategic approach.

There are two approaches: deploying the best individual solution or integrating a comprehensive platform.

Best-of-breed approach

The best-of-breed approach allows companies to select the best product for each security area. This results in a tailored solution optimally aligned with individual requirements and business processes. The main advantages include:

Specialized products: Companies can choose from various providers and select those that offer the best solutions for their needs. For example, a company might choose a leading SIEM solution from one provider and a highly specialized endpoint detection and response (EDR) solution from another to ensure all aspects of their security architecture are optimally covered.

Flexibility and agility: The best-of-breed approach allows companies to respond flexibly to new threats and changes in business requirements. When a new technology comes to market, companies can easily integrate it without overhauling their entire security architecture. This promotes agile adaptation and quick implementation of new solutions to stay current with the latest technology.

Avoid vendor lock-in: Companies avoid dependence on a single vendor by using products from various providers. This reduces the risk of being tied to a suboptimal solution if the company’s requirements change or the vendor encounters problems. Companies can easily replace products and integrate new vendors without significantly changing their infrastructure.

Best-of-breed challenges

Despite these advantages, the best-of-breed approach also has some drawbacks:

Integration complexity: Integrating products from different providers can be technically challenging and time-consuming. Different systems must be able to communicate and exchange data, which can lead to interoperability issues. This technical complexity can extend the implementation time to ensure all systems work seamlessly together.

Increased resource requirements: Operating and managing a heterogeneous security infrastructure requires specialized expertise and continuous training. Employees need to be able to work with various systems and technologies, increasing the demand for specialized security professionals. This can lead to higher operational costs as training and system management require more time and resources.

Costs: Procuring the best available technologies can be expensive. In addition to high acquisition costs, maintenance and license fees can also be significant. Companies must carefully weigh whether the improved security benefits justify the additional costs or if more cost-effective, less specialized solutions would suffice.

Explore IBM’s threat management services

Platform approach

A platform offers an integrated solution provided by a single vendor. This has several advantages:

Seamless integration: All platform components are aligned from the start and work harmoniously together. This facilitates interoperability and data exchange between the various platform modules. Companies benefit from a unified view of their security posture and can detect and respond to threats quickly and efficiently.

Automation and efficiency: Security processes can be automated and centrally managed with a single user interface. This enables faster responses to threats and reduces the manual effort required from security staff. Automated workflows allow routine tasks to be performed more quickly and consistently, enhancing overall operational efficiency.

Reduced complexity: Managing an integrated platform is less complex than managing multiple independent systems. This reduces the training requirements for security staff and minimizes the risk of errors arising from the complexity of integrating different systems. A unified platform allows security teams to focus on strategic security initiatives rather than dealing with technical integration issues.

Cost efficiency: A unified platform can often lead to lower overall costs as the need for multiple separate licenses and maintenance contracts is eliminated. Companies can benefit from bundled discounts and better control their expenditures. Additionally, management costs are reduced as fewer resources are required for system integration and management.

Platform challenges

Just as best-of-breed approaches are not a perfect solution, using a platform is not without challenges:

Limited functionality: There is a risk that a single platform’s functions will not cover all of a company’s specific security requirements. Some specialized security functions might be missing or less mature than with best-of-breed solutions. Companies must ensure that the chosen platform meets all critical requirements and does not leave significant gaps in their security strategy.

Vendor lock-in: Dependence on a single vendor can be problematic if the vendor encounters difficulties, such as financial issues, lack of innovation or poor customer service. Switching to another vendor can be expensive and time-consuming, as almost the entire security architecture needs to be rebuilt. Companies should carefully weigh the risk of vendor lock-in and develop strategies to minimize this risk.

Multiple stakeholders: Opting for a platform solution may require more coordination within the company, as different departments and stakeholders need to be involved. This can prolong the decision-making process and require additional resources to consider all stakeholders’ needs. Careful planning and coordination are necessary to implement the platform successfully.

Choosing future-proof technology architecture

The decision to choose a best-of-breed approach or a platform depends on several factors, such as the company’s specific security requirements, budget, internal expertise and long-term strategy. While best-of-breed solutions offer greater flexibility and specialized functionalities, the platform approach enables seamless integration and reduced complexity.

Ultimately, the choice should efficiently meet the company’s security goals. It is crucial to invest in advanced technologies and ensure that expenditures are proportionate to the risk. This means that investments should be carefully weighed without incurring unnecessary costs.

IBM can help you develop the optimal threat management strategies, processes and architectures to address your security challenges. Check out our Cyber Threat Management Services website.

More from Risk Management

Digital solidarity vs. digital sovereignty: Which side are you on?

4 min read - The landscape of international cyber policy continues to evolve rapidly, reflecting the dynamic nature of technology and global geopolitics. Central to this evolution are two competing concepts: digital solidarity and digital sovereignty.The U.S. Department of State, through its newly released International Cyberspace and Digital Policy Strategy, has articulated a clear preference for digital solidarity, positioning it as a counterpoint to the protectionist approach of digital sovereignty.What are the main differences between these two concepts, and why does it matter? Let’s…

A decade of global cyberattacks, and where they left us

5 min read - The cyberattack landscape has seen monumental shifts and enormous growth in the past decade or so.I spoke to Michelle Alvarez, X-Force Strategic Threat Analysis Manager at IBM, who told me that the most visible change in cybersecurity can be summed up in one word: scale. A decade ago, “'mega-breaches' were relatively rare, but now feel like an everyday occurrence.”A summary of the past decade in global cyberattacksThe cybersecurity landscape has been impacted by major world events, especially in recent years.…

It all adds up: Pretexting in executive compromise

4 min read - Executives hold the keys to the corporate kingdom. If attackers can gain the trust of executives using layered social engineering techniques, they may be able to access sensitive corporate information such as intellectual property, financial data or administrative control logins and passwords.While phishing remains the primary pathway to executive compromise, increasing C-suite awareness of this risk requires a more in-depth approach from attackers: Pretexting.What is pretexting?Pretexting is the use of a fabricated story or narrative — a “pretext” — to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today