The Omega Cyber Unit

Author: Elliott Long

The cybersecurity marketplace is awash with products designed to promote keeping businesses safe from hackers. Picking “the best” product can be difficult, so businesses adopt the “defense-in-layers” approach when choosing technology to protect themselves. Perhaps the layered approach is a sound tactic, or a case of our reluctance to choose a single solution. Each vendor touts a paradigm or implementation superior to others, yet coverage from different products and vendors can overlap and the overall advantage of an additional technology or alternative solution may be lost due to the combined play. After all this, a simple question begs to be asked: 

What is the most important cybersecurity product for keeping your business safe?

Omega Cyber Unit – Part 1 “The Question”

I know the cybersecurity sales engineer will say, “it depends,” and the cybersecurity salesperson will ask, “what are you trying to do?” Well, I am asking the questions here, and I am adding that I don’t want the answer to be “it depends.” I want the absolute best, and as far as what I want it to do, I want the cybersecurity product to keep my business safe. No reason to muddle the issue with qualifications as that would be a topic for a different article. In this article we are keeping the question simple: What cybersecurity product is best? Of course, I run the risk of oversimplifying the topic and making a mistake when asking this question. For this particular thought experiment, I’ll only keep the two following qualifiers in place: our existing physical security and our data backups.

So, one more time, if a well-versed and well-intended Cybersecurity practitioner could only deploy a single cybersecurity product into their network, what would it be? Or we could ask this question the other way around. If you were to remove each security technology from your network, one at a time, which technology would you keep to the very last? There are so many cybersecurity technology categories to choose from. Currently, we are up to seventeen Cybersecurity Magic Quadrants. Which product would we need to pull from your cold, dead hands? What is the very last product standing that you could not operate without? What is the Omega Cyber Unit?

Of course, as already warned, this is an impossible question to answer. Why would we ever get rid of any cybersecurity product, especially if it’s already paid for? Even if a contribution to our overall security is ever so small, even unknown, we would probably still hold onto and maintain our older legacy security solutions, if for no other reason than superstition. In the end, we would likely keep any security product that can potentially keep our business safe. However, this question means to explore that difficult theoretical space: What if you only had one product left? You choose what goes and what stays, and to make this more philosophically pertinent, let’s say you can’t quit your job and have to live with the consequences, perhaps getting fired if you chose poorly. With what is left after making your choices, you are still responsible for maintaining security. Let us slowly cull the layers of the cyber-defense you accumulated, not in the sense of a cyber strip show, but in order to bare your cyber-soul and reveal your cyber-soulmate.

If you are uncomfortable with the question, then I’d say you understand it. It has an element of “Which child do you love the most?” We don’t love every deployed product, so there would be some easy early candidates, such as HIDS and ArcSight, summarily ditched. A passionate cybersecurity specialist would probably give the standard “over my dead body” threat, only to cave in on giving up SEIM, Threat Intelligence, UBA, and Orchestration. We don’t need to worry about any Patch Management products, because we probably don’t have any. The next set of products to be jettisoned include Sandbox, Honeypot, Content Filtering, and DLP solutions. In this exercise, those particular products are demoted to the “nice to have” category. At this gut-wrenching point, we are finally down to our cyber-skivvies. Yes, I know we love our WAF, NAC, IDS, and Secure Email Gateway, but this exercise is quantifying that love, and I say that if we have to choose, then WAF, NAC, IDS, and Secure Email Gateway would be dropped like a mistress on your wife’s anniversary, leaving us nearly nude with UTM, VPN, EPP, and NGFW. In the end, we would fight for our Endpoint Protection, but when the true cyber triage challenge kicks in, there would be a little dissent in what devices cybersecurity professionals would be white-knuckle gripping on: Firewalls.

Of course, security experts would hate to see their EPP disappear, and the old go-to VPN wouldn’t be surrendered easily, either. However, under the desperate adversity that this question explores, you have to conclude and, as triage dictates, if endpoints can’t stay behind the umbrella of the Enterprise firewall, then I just can’t help them. If I have to VPN, I can VPN into my firewall instead of the concentrator.

So here we are, the last line of defense. After all these years of evolving Cybersecurity technology, in the end, we would hold on to the first device we ever installed: The Enterprise Next Generation Firewall (NGFW). The firewall was the first and the firewall will be the last. Although the fundamental function of the firewall has not changed much since its inception, deep packet inspection just can’t be beat. NGFWs evolved throughout the years, tacking on additional functionalities, including stateful inspection in 1999, thoughtful GUIs throughout the 2000s, along with essentials like multi-ported functionality, network address translation, and nowadays, SSL.

Even with all these enhancements, NGFWs are still the same layer 4 device that we have always enjoyed. Many vendors add extra capabilities, but the core functions, like DPI and Stateful Inspection, make firewalls indispensable. Calls for its demise, circa 2010, was overwhelmingly premature. All vendors’ firewalls operate on the basis of having licensed software and purchased hardware, with newer FWaaS offerings being the new exception to the established practice.

So, there you have it, the humble firewall is the last bastion of security in our cyber mind experiment.  In the end, it’s the upgraded enhanced access-list rules that ruled for cybersecurity. However, we have not completely answered the question yet, as we only chose a technology. Now the question needs a more specific answer. Unfortunately, if you stop here, you only get 50% credit.

Omega Cyber Unit – Part 2 “The Vendor”

Now I hate to nest a theoretical question inside of another theoretical question, but we merely revealed the firewall as our most beloved cybersecurity technology. Now we must explore the subtleties in each FW vendor to add depth to this extrapolation. Brand of firewall matters a lot. For example, if your last layer of cybersecurity were a Cisco ASA, then firewalls might have dropped out earlier in the Omega Cyber Unit pageant, prompting us to keep our EDR after all. We need to factor in specific vendors to keep this theoretical question less theoretical.

The generally considered top dogs in NGFW are (in alphabetical order): Check Point, Cisco, Force Point, Fortinet, Juniper, McAfee (Intel), Palo Alto, Sonic Wall (Dell), Sophos, Watch Guard, and zScalar. Definitely not meant to be a comprehensive list of firewall vendors, this list is just putting out the usual suspects. Furthermore, to keep this analysis under a couple of pages, I propose we reduce the candidates to the top four NGFW market share holders: Checkpoint, Cisco, Fortinet, and Palo Alto.

Yes, I heard that scream of injustice and I don’t blame you blaming me for tossing out all of the up-and-comers, however, true to this experimental question, up-and-comers are not what you want protecting your network when reducing your security arsenal to a single product. And I say that despite current loyalties; a customer is going to feel better with a tried, tested, and true long-term solution. These four vendors led the market over the last four to five years and have been rewarded with sales and market share thanks to very savvy cybersecurity shoppers. Seeing how most large security vendors tend to stagnate after bouts of success, they show the difficulty of being large and innovative at the same time. However, this analysis is looking for what is bullet-proof with vendor longevity being a measure of that toughness. So how do we choose amongst the industry’s giants? Perhaps we can start with these five standard types of metrics: Performance, Implementation, Management, Support and Value.

• Performance – This one is easy. Fortinet consistently outperforms the other three vendors, and that performance dominance is documented in several, if not all, NSS Lab results for NGFW performance. Afterall, what is security if it isn’t served up in heaping doses of on-demand, wire-speed connectivity. There are a lot of performance parameters to apply our attention to, but no single vendor is dominant in all. However, for the performance benchmarks most often touted, such as Overall Throughput, VPN Throughput, and Total Connections, Fortinet is the top performer. Being a clear winner here, and by a significant margin, the performance benchmark for enterprise firewalls goes to Fortinet. As for runners-up, this contest is for the single Omega product…second place is last, and still is a losing position.
• Implementation – Check Point and Palo Alto are “pure play” vendors, confining their product line to their own vaguely defined category of cybersecurity. For different reasons, Cisco and Fortinet successfully fold connectivity into the cybersecurity realm. Cisco is able to offer its customers complete solutions, combining cybersecurity and connectivity products into custom packages. As an industry juggernaut that assimilates companies and technologies, Cisco ensures that a business will never want for choices of others’ products. Of course, this is a strength and weakness at the same time; having so many products and different ways of implementing them is an issue Cisco is burdened with. In fact, some of the differences between Cisco’s sister product lines are as different from each other as are products from completely different companies. Fortinet also offers a complete product line for security and connectivity, however, Fortinet has taken the “fabric” concept and made it a reality. Fortinet gets a lot of praise for its all-in-one management paradigm, where switches, routers, firewalls, and Wi-Fi are centrally managed by its FortiManager. It is now possible to simply deploy a switch into production and instantly implement it. In that respect, the implementation benchmark in Enterprise firewall goes to Fortinet.
• Management – I wasn’t sure at first, but I had to look into what the industry is saying, or at least look into what the five prominent companies sampled were saying, before rendering judgment. Some solid, above-average things are going on at Cisco, and who cares if Cisco has different management platforms for each of their firewall product lines. Cisco customers know which platform they need. So, after reading through the lists of “suggestions for improvement” (formerly known as the complaint box), users widely criticize about all the management interfaces across all vendors. More hopeful than frustrated, the tone of criticism is collaborative, insistent and specific. For example, one commenter says, “the Cisco interface is pretty good, except I wish they would have …. [specific feature mentioned.]” It’s clear users want more out of the management platforms. As for Check Point’s management, it seems to be less disliked than the other vendors. However, not finding any negative comments deserves praise for sure, and it doesn’t mean that Check Point is great, but it may be superior. Since Check Point users seem to get what they want, I’ll choose Check Point as the firewall with the best overall management solution.
• Support – As stated above, firewall users expect a lot from their management interfaces, and the same is true for support. They may be non-irate or even content with the delivered service, but firewall users are always expecting undeviating top shelf delivery of service and performance. That said, all it takes is a few hiccups, like shipping issues, support hours, or dishonored SLAs, to tarnish a vendor’s reputation. When it comes to support, maintaining customer satisfaction is not easy. Vendors need to be consistent over a long period of time and need to exceed expectations, not just meet them. As vendors include more and more features to meet the demands of what is expected in the “base offering” of any product line, many cyber security niches become homogenized, with products from different vendors becoming similar to each other. Because of that, support remains one of the only areas where vendors can truly differentiate themselves. Once again owing to the comments of users, some loyal and some not, it does appear that there is a slight perception that Palo Alto is able to consistently deliver successful support services to its community. The support benchmark in enterprise firewalls goes to Palo Alto.
• Value – This is the easiest category to comment on because for every RFP after RFP, Fortinet is documented as consistently offering the best ROI, feature per dollar, and bang for the buck. However you want to measure what you pay for with what you get. There’s really no need for a lengthy examination here. Simply help yourself to the product comparison charts, work your eyes up and down the columns and you will find that you get more speed, feed, feature, coverage, for less dollars with Fortinet.Thus, the value benchmark in enterprise firewalls goes to Fortinet.

The Omega Cyber Unit described in this article is the cybersecurity product, that if you had to whittle down your compilation of cybersecurity technologies to a single product, would be the last security product standing. We can expand this debate, but in accordance with this briefest of assessments, we have a conclusion. Without further ado, the award for the Omega Cyber Unit goes to the enterprise firewall from Fortinet, the FortiGate. So, folks out there in Cyberland, hang onto your FortiGate as it may be the single most effective and respected product in the cybersecurity marketplace.