Christopher Schuetze and Matthias Reinwarth introduce Security Fabric - a new architectural approach towards cybersecurity with the goal to achieve consistent and fully managed security across the whole corporate IT.
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Christopher Schuetze and Matthias Reinwarth introduce Security Fabric - a new architectural approach towards cybersecurity with the goal to achieve consistent and fully managed security across the whole corporate IT.
Christopher Schuetze and Matthias Reinwarth introduce Security Fabric - a new architectural approach towards cybersecurity with the goal to achieve consistent and fully managed security across the whole corporate IT.
Welcome to the KuppingerCole Analyst Chat. I'm your host. My name is Matthias Reinwarth. I'm an analyst and advisor at KuppingerCole analysts, I guess today is Christopher Schutze. He is director practice cyber security and lead analyst for KuppingerCole and he is acting out of Stuttgart, Germany.
Hi, Christopher. Great to have you, and there's news at KuppingerCole. When it comes to our offerings around the topic of cybersecurity, you've been busy working on a new overarching concepts for cyber security, and I'm really interested to learn more about that. It's called the security fabric. What does this encompass what's behind that notion of a security fabric we've been booking very hard or On the topic in the past months together with all our international colleagues.
I think most of our listeners know the topic or the term identity fabric, because it's very popular for coping a call. And the idea of the security fabric was really to have something similar to a topic cybersecurity. And this is what we've been working on. Bentley. The idea in the security fabric is also, you have to connect everything to manage it, so connect everything and manage it and do not have any gaps. This is the main idea behind the security fabric and in general, for sure. Then we have here six main areas which integrates into the security fabric.
This is for sure the topic identities. So also we station authorization and privileged access management, all the typical topics which are covered, covered with the identity fabric pattern or para Digman. We have devices. So mobile devices, IOT devices, OT devices, notebooks, whatever. And then we have data. We have applications. So no matter where they are hosted. So as a service, that based or locals, we have the systems.
So on premise system, cloud system hybrid systems, and we have the networks itself, and these are the topics we have to protect within an central approach within the security fabric and security fabric itself has five topics. We have to topic governance manage. We have protect, we have detect, we have respond and we have recover. And if you have some services for one of these five specific areas, you can protect your whole cybersecurity landscape. So if I understand it correctly, that this is really a step backward when looking at cybersecurity.
So not looking at individual products as provided by vendors, which come with the promise of protecting a different, a special aspect, but rather to take that step back and look at cyber security as a whole, and to identify what you really need, what are the threats? What are the building blocks that you require to, as you've mentioned, government manage, protect, detect, respond, and recover adequate to your organization, to your risk level and to the threats that you have identified. So it's really more of a conceptual view rather than just thinking of, of services or just of tools.
Exactly. It's, it's not a tool. It's the idea of which services, which capabilities, which building blocks. You need to have an well maintained and secure set of services, which helps you to protect your organization. And for sure, at the end, some of those services are fulfilled by specific products, maybe for bigger products for suits. Like we know it from the identity fabric where we have specific tools for IGA, or we only have tools which cover a smaller part of these requirements and capabilities. And this is at the end, the same in the security fabric.
We have specific tools which are just there to fulfill specific capabilities or building blocks. That's the idea behind, and the security fabric also helps you some tools, some biggest suits have a lot of capabilities, and sometimes you have more than one suit and you can also use it for optimization of your portfolio here. We had a lot of podcasts to the topic in the past because it helps you to identify that you have sometimes tools which can do more than one thing or maybe a tool which can solve problems.
And other tool can solve two Previous episodes just a few weeks ago with our colleague Alex a and he was talking about the cargo cult of cybersecurity. So I just the idea to, to solve your security problems with your checkbook and just buying some, some security infrastructure and adding that to the, to the, to the power of your implemented or not so well implemented cyber security tools. I assume that the security fabric also helps to understand what the products actually can do for you and also how implement them adequately to yeah.
To fix the existing issues rather than just buying it and running it without well-defined configuration. Yeah.
The, the security fabric is a tool set, which helps you to set up good architecture and the good service portfolio you need at the end. Everything starts when we go to our customers with identification of requirements. So really what is the need for a customer? What is the need for the specific departments, from HR to development, to the SOC, to governance, to all the important stakeholders, what do they need? And then we build out of these requirements, concrete capabilities and bundled them into building blocks.
And this is at the end where we first start to think about which tools you might use for the specific thing, because usually it's, especially in cybersecurity, there are a lot of tools, a lot of specific tools, and you need sometimes a very specific tool for a capability like maybe animal lead detection. And you need another very specific tool for network security, but at the end, and thinking about the QTS and overall process, they have to work together. They have to deliver information into your detect systems.
Maybe if you run something like an security operations center or an cyber defense center, or just if you have on cm, which collects event streams data and aggregate some of them to Pacific attack patterns or detection in that way. And really this helps you a lot to, to structure your needs, to structure the capabilities and create out of these capabilities and building blocks services, which are accessible by, by default ways like an API, which is very common here or integration into other visibility tools for SOC.
Well, we are recording this in, in mid 2020, and infrastructure has changed dramatically over the last years. And especially also in this, in this time of, of a pandemic crisis. So many organizations have moved into the cloud, whether they wanted or not, they had to. So I assume that the security fabric is capable of, and also focusing on hybrid infrastructure so that you look at infrastructure that are run in the cloud, but also that are delivered from the clouds of security services from the cloud. I assume that this is well covered in the, in this as well.
Yeah, For sure. Usually when we come to a customer the first time most of them say to today, so in mid of 2020, we have a cloud first approach. We want to put everything in the cloud, but then there is usually a bot and they have a lot of applications which are running on premises and which will probably run in five or 10 years on premises to maybe there is some legal issue, data, privacy issue, or whatever you will have on premise applications for many years.
And this is for sure something, the security fabric covers a hybrid environments with on premises applications to protect them, to integrate them really in an overall process like we do within the identity fabric too, that you can access or authorize on premise hybrid applications or cloud native applications to end with the security fabric, you can protect it. Yes. Right.
So when it comes to applying this, this approach, the security fabric, I guess there's, of course we are an analyst company there's research already available, but also we can support our customers when it comes to really using that tool set for, for optimizing their spending and improving their overall security posture. Right. Yep. Right.
We have, like we have for identity and access management. I know that's my favorite phrase today, but it's true. We also have for cyber security, a lot of leadership compressors, for instance, for network detection and response. So really on network level detect attacks, detect uncommon behavior and things like that. We publish there, our leadership compass and for many other core areas, important areas, we've created leadership compass, which allows us really to identify the leading products in that specific areas to support our customers, to find the best fitting tool here.
And as you mentioned, we do this in advisory too. We can support you with finding the requirements, setting up the security fabric. Then at the end, when talking about tools, find the right tool set you need, and to support our customers with the RFI processes, with the RFP processes. Exactly. Right. So as this is a new concept, of course, it's, it is already well elaborated, but there will be more information available at our website. So just for those interested in this overarching concept of the security fabric really watch this space KuppingerCole dot com.
We will of course follow up on this topic again in an upcoming episode of this podcast or even more than one. So first of all, thank you very much, Christopher, for giving us a first insight into this concept. And I'm looking forward to learning more about that too. Getting into more detail here. Thank you very much, Christopher. Thank you very much, Martinez. Thanks. And bye-bye