Security Experts:

Connect with us

Hi, what are you looking for?


Risk Management

Converging on a Better Approach to Security

Security organizations are grappling with anywhere from five to 50+ different security vendors and solutions. These disparate products each generate their own set of alerts which quickly becomes overwhelming.

Security organizations are grappling with anywhere from five to 50+ different security vendors and solutions. These disparate products each generate their own set of alerts which quickly becomes overwhelming.

Of the roughly 3,000 participants in the Cisco 2019 CISO Benchmark Study, 41% report seeing more than 10,000 alerts pers day and 30% are suffering from cyber fatigue. What’s more, only half of alerts are being investigated and, of those, only 24% turn out to be legitimate and fewer than half are remediated. Security professionals are experiencing a tremendous amount of noise and are assuming risk. While automation and machine learning help, the burden still falls on human intelligence. They need access to security experts to understand what these alerts mean to their organization, to make sense of the mound of data now at their fingertips.  

Clearly, the traditional approach of purchasing best-of-breed products and separate services a la carte is no longer efficient. Which is why we’re starting to see a convergence of products and services, aimed at providing organizations with total solutions that include the capabilities they need to get the most value from their tools and technologies. For example, endpoint detection and response (EDR) technologies are backed by a team that does proactive threat hunting, alerts you to incidents and provides remediation guidance.

Organizations are jumpstarting segmentation programs with solutions that combine advanced analytics platforms and authentication and access management tools with advisory services. The approach reduces the burden on internal staff to discover devices and traffic patterns, define segments, and establish trusts or policy with other segments. Purple Teaming exercises, designed to strengthen defenses and response, are being led by Incident Readiness and Response (IRR) providers that couple new technologies like infrastructure analytics platforms, application performance management, and security instrumentation platforms with a team of experts.

The convergence of products and services is a welcomed development and will lead to improved security. To capitalize on this trend in a way that sets up your organization for success, be sure to incorporate these three steps.

1. Anticipate: Begin by looking at the business in a way that transcends a particular technology or environment or even process. Business leaders and IT leaders should work together define security requirements based on enterprise initiatives and desired outcomes. By aligning your security strategy to your business strategy, you can be prepared to respond quickly to the needs of the organization while reducing risk and protecting data, applications and systems. This will help guide you in the next two steps – consolidate and innovate. 

2. Consolidate: Organizations are reducing the number of vendors they work with, using an architectural approach to guide this consolidation and integrate multiple individual products and platforms. Consolidation allows you to gain operational efficiencies and the better protection you seek, rather than struggling with individual products that each generate their own set of alerts and make it difficult to get a clear picture of risk. We’re seeing consolidation on the vendor side as well. According to Momentum Cyber, a cybersecurity-focused investment bank, security merger and acquisition activity remained strong in CY18, reaching $15.5 billion. As the security market matures and becomes less segmented we see a 1+1=3 dynamic at work with organizations deriving exponentially more value from their security tools.

3. Innovate: A hallmark of the security industry has always been a steady stream of emerging technologies to defeat emerging threats. The latest wave includes tools that use machine learning, artificial intelligence, and automation to cull through alerts, hone in on risky areas, and take action. But actual adoption rates appear to be falling, perhaps from uncertainty or lack of confidence. To innovate successfully, look for total solutions and not just the next tool so you can ensure you’re truly improving security, versus creating more alerts for yourself, adding complexity, and wasting resources.

The security industry and organizations are converging on a better approach to security, and it is well overdue. Blending technology and human intelligence for a “solutions focus” sets organizations up for success and closes the gap on risk. It helps you derive more value from your security investments and innovate with confidence – a powerful proposition.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Risk Management

In this virtual summit, SecurityWeek brings together expert defenders to share best practices around reducing attack surfaces in modern computing.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...