In times of economic uncertainty, IT security benchmarking is becoming increasingly important for companies. In the face of the looming recession in Europe, businesses must maximize the efficiency of their IT infrastructure without compromising on security or productivity.
The past few years have been an exciting time for the IT market. New vendors, approaches, and technologies have emerged rapidly, and customers were eager to adopt and purchase these solutions. Security products were developed and sold for even the most niche use cases—largely because budgets were generous.
This is now changing drastically. Companies are under pressure to cut costs, especially in IT. For most organizations, it no longer makes sense to spend 50% more of the budget just to achieve the final 5% of security coverage. A solid, efficient, and well-integrated overall solution that covers 90% is more than sufficient for the majority of businesses.
In maritime terms, especially in the context of piracy, this means: You don’t need an escort of two battleships and an aircraft carrier to navigate an oil tanker off the coast of Somalia. A handful of armed mercenaries already make you better defended than most other ships—so why would pirates target you instead of easier prey?
The same applies to IT. (Internationally operating) hackers (or hacker groups) also aim to work efficiently. This means they primarily focus on the easy targets—those with no or poorly optimized security measures in place.
Security should not be seen as the ultimate goal. A company that is maximally secure but not an attractive target for attackers—or that can no longer afford key investments due to high IT spending—cannot be successful in the long run. That’s why it’s crucial to view security in the right context.
The following questions should be evaluated:
What is my risk appetite?
How attractive is my data to attackers?
How critical is an IT outage for my business?
Do I have regulatory requirements like NIS2 or KRITIS?
Am I losing a competitive edge because I’m not ISO 27001 certified?
Can I save on cyber insurance costs by demonstrating a certain level of security?
When it comes to reducing costs, the first step is to determine how much risk you can tolerate or are willing to accept. Do you want to reduce your risk to 3%, or is 10% acceptable? Once this question is answered, you can evaluate which systems help mitigate how much risk. It makes sense to start by analyzing the most common attack vectors and aligning your defense accordingly.
You can achieve a strong baseline simply by leveraging quick wins.
The most common attack vectors—and the corresponding defense mechanisms, i.e., quick wins—are:
By following these core principles, you’ll establish a strong security baseline. And the best part: reaching this baseline is not expensive. At Rheintec, we see this as the absolute minimum. We don’t go below this standard because we act responsibly. Dropping below it only makes sense in the rarest of cases.
The follow-up question is how to best, most easily, and most quickly reach this status. There are three dimensions to consider:
The basis is the calculation period, usually 3, 5, or 10 years: how much will the infrastructure cost over the entire period? Depending on the chosen period, one-time expenses shrink over the years, while recurring costs gain importance.
One-time expenses typically apply to hardware such as firewalls, proxies, servers, virtualization, and network components, as well as the necessary integration through partners or internally. The usual lifetime of such systems is between 5–8 years. After that, the systems need to be replaced. Since this is inefficient, especially in small environments with a few hundred employees, the market has increasingly shifted toward SaaSification. This makes sense, as companies no longer need to worry about hardware replacement, maintenance, support, etc., and above all, no longer need to provide personnel for it. However, in the area of network and firewall (WAN edge), this is, by nature, not yet fully possible. Though, small caveat: with Zero Trust and 5G, this is now largely conceivable. There are already companies that have rationalized away the majority of their internal network in this way and only maintain a generic base infrastructure for printers and IoT (which will likely also become obsolete in the long term with the spread of 5G and its successors in those devices).
Recurring license fees tend to increase with the use of SaaS products. However, since internal complexity and effort are reduced, they are still more cost-efficient in most cases. The real question is: can I, as a company, afford to achieve more with fewer personnel?
Nevertheless, the goal here is also to avoid license overlaps as much as possible. If I am using Zero Trust Network Access, I no longer need a large perimeter firewall with all sorts of features that terminates and inspects traffic from my remote users. Besides, firewall vendors usually do this rather poorly anyway. For standard user branches, no firewall is typically needed at all. An extremely simple SD-WAN capable network device with basic segmentation capabilities is perfectly sufficient. This saves both cost and complexity. We clearly recommend Ubiquiti here, with its license-free SD-WAN, central cloud management, and brilliantly simple networking features.
To save on operational expenses, simple approaches with low complexity are needed. SaaS plays a role here as well. But also other approaches like user self-service, file flattening (mailing), automation such as browser isolation (proxy), and the use of simple remote access solutions like Zero Trust instead of VDIs. This not only saves complexity and VDI licenses but also Microsoft licenses, as access to the application is enabled directly via Zero Trust.
An important point is to avoid building isolated solutions, and instead choose vendors in such a way that they can integrate with each other meaningfully and deeply. Imagine sending every soldier to the front individually and compare that to forming a group: of course, the group—by playing to and compensating for their individual strengths and weaknesses in coordination—will be much more effective!
At Rheintec, we follow a cost-efficiency-driven best-of-breed approach. This means we combine the top vendors in their respective categories into a setup that is as easy to operate, as automated, and as simple as possible—while integrating them deeply to maximize security. In detail, we recommend the following approach for companies:
Here, we go with Ubiquiti. Ubiquiti is our choice because the system is license-free, offers centralized cloud management, and is extremely easy to operate. For user branches and server locations with up to 100 VMs or servers, the system is absolutely sufficient. Since the new zone-based firewall introduced with the Network version 9.X update, firewall rules can now be managed extremely easily as well. The networking features are user-friendly yet more powerful than Cisco Meraki. The combination of switches, access points, and firewalls within the product portfolio is very well aligned. Integration with Zscaler as an SSE solution is now also possible thanks to policy-based routing.
The system is focused entirely on network segmentation and Layer 2/3—this is what it does best, and it’s not used for anything beyond that. Security takes place in the cloud. Additionally, Ubiquiti enables the seamless interconnection of 1,000 locations without effort and without dealing with NATing. In this area, they are far ahead of the competition. With 100 Gbit/s switches, even large campuses with over a thousand users can be served.
Here, we go with Zscaler. Zscaler has been the market leader in the proxy space for over 10 years, and as a Security as a Service solution, it is extremely simple and performant while offering a wide range of advanced security mechanisms. There is no easier or more efficient way to bring security into the user context within an organization. Additionally, web traffic from servers can also be protected without incurring extra costs. Data Leakage Prevention (DLP) is already integrated into the system and can be expanded for maximum protection needs.
The solution also includes AI capabilities to greatly simplify microsegmentation for administrators. Zscaler is also directly integrated with CrowdStrike—the systems communicate with each other, automatically exchange risk scores and metadata, and can notify each other about malware to quarantine systems accordingly.
There’s a reason why Cloudflare, in less than 15 years, now handles 40% of global web traffic. The solution is technologically outstanding and, most importantly, extremely cost-effective. Besides Ubiquiti, there is hardly another provider in the IT market that offers such value for money. Even in its free version, Cloudflare provides DDoS protection, external DNS services, and a web application firewall with 5 rules. For many SMEs, that’s already more than what they currently have. For just a few euros per month, you get even more security and features—making this SaaS solution absolutely compelling.
For those who want more, Cloudflare can also serve as a CDN or a modern data center for serverless code applications.
CrowdStrike has been the market leader in the XDR space for nearly ten years—and that’s how long I’ve been working in IT security myself. We’ve compared various solutions in terms of functionality, implementation effort, and false positives—the result was clear: CrowdStrike is extremely easy to implement, delivers hardly any false alarms even at maximum detection levels, and is functionally unmatched.
This is especially relevant for companies looking to enhance their IT security with an additional SOC. Since around 50% of SOC data typically comes from endpoint security, using CrowdStrike’s SIEM and SOC services is a logical step. Those who opt for Falcon Complete get a fully managed Detection & Response SOC—without any complexity. Of course, it’s not a full-fledged SOC with firewall log analysis, NDRs, or proxies—but from a security perspective, it comes very close, and at just a fraction of the cost. As mentioned above, CrowdStrike also integrates seamlessly with Zscaler and Proofpoint.
Mail-Security: Proofpoint
Proofpoint is the market leader in email security. It has the best spam and phishing detection rates available and offers, in addition to sandboxing, file flattening, and advanced threat protection, valuable automation features for users. The solution is extremely easy to integrate and highly cost-efficient. Our fastest implementation took just 15 minutes in our INTG environment—of course without a slow rollout, but with tenant creation via the MSP portal!
As mentioned earlier, Proofpoint also integrates seamlessly with CrowdStrike. Threat data is exchanged, and responses to attacks are automated.
Keeper focuses on user-friendly password management and collaboration—at a very competitive price. It offers single sign-on via your IdP, strong encryption (trusted even by the U.S. military), and practical collaboration features like private and shared folders that can be assigned to IdP groups.
Especially helpful: MFA tokens can be securely bound to entries without being extractable—ideal for preventing misuse by former employees. For those wanting to go a step further, Keeper also offers a simple yet brilliant PAM solution (Privileged Access Manager): quick to deploy, container-based scalability, IdP-compatible, with automatic key rotation, session recording (SSH, RDP, databases)—and connections can be launched directly from the password manager with a single click on the target system.
Backup & Data-Protection: Rubrik (or Acronis)
It has to be said clearly: Rubrik is the Ferrari of the market. Especially when it comes to DLP and data protection in the enterprise space, they are (entirely on their own) the market leader—because other vendors primarily focus on backup. Backup is mainly about the speed of recovery, and Rubrik is unmatched in this area.
Unlike other vendors, Rubrik offers a hardened and closed system with immutable backup plans that can only be changed via support. This protects companies from the intentional deletion of backup data through compromised backup servers. Rubrik can also manage both SaaS platforms like M365 or Salesforce as well as all on-prem and cloud resources from a single, central management console—down to granular details like individual database entries or emails at a specific point in time. Backup is not only critical during attacks but also when data is accidentally deleted or modified, and you don’t want to roll back the entire infrastructure to a state from days or weeks ago.
In the DLP space, Rubrik offers another unique feature: it automatically classifies a company’s entire data landscape using AI. Everything is covered—from databases to unstructured data. Thanks to integration with Zscaler, these classifications can be enforced by a centralized DLP solution like Zscaler at a single point (instead of five different ones). The combination of Zscaler and Rubrik is currently unique in the market—no other vendor can do this.
That said, Rubrik is expensive and an enterprise-grade solution for demanding organizations. If extended data protection, classification, and DLP are not required, Acronis is the better choice in terms of cost. That’s why we recommend one of the two solutions depending on the use case and requirements.
IT security doesn’t have to be expensive. It’s important to maintain a healthy balance between costs and security needs. The key is knowing where you want to go and how to get the most out of every euro spent. This ensures a healthy and sustainable IT infrastructure in the long term without placing too much financial strain on the organization. User experience, integrated systems, and automation should be the focus—so that the solution is well-received by both management and end users.