Security organizations are grappling with anywhere from five to 50+ different security vendors and solutions. These disparate products each generate their own set of alerts which quickly becomes overwhelming.
Of the roughly 3,000 participants in the Cisco 2019 CISO Benchmark Study, 41% report seeing more than 10,000 alerts pers day and 30% are suffering from cyber fatigue. What’s more, only half of alerts are being investigated and, of those, only 24% turn out to be legitimate and fewer than half are remediated. Security professionals are experiencing a tremendous amount of noise and are assuming risk. While automation and machine learning help, the burden still falls on human intelligence. They need access to security experts to understand what these alerts mean to their organization, to make sense of the mound of data now at their fingertips.
Clearly, the traditional approach of purchasing best-of-breed products and separate services a la carte is no longer efficient. Which is why we’re starting to see a convergence of products and services, aimed at providing organizations with total solutions that include the capabilities they need to get the most value from their tools and technologies. For example, endpoint detection and response (EDR) technologies are backed by a team that does proactive threat hunting, alerts you to incidents and provides remediation guidance.
Organizations are jumpstarting segmentation programs with solutions that combine advanced analytics platforms and authentication and access management tools with advisory services. The approach reduces the burden on internal staff to discover devices and traffic patterns, define segments, and establish trusts or policy with other segments. Purple Teaming exercises, designed to strengthen defenses and response, are being led by Incident Readiness and Response (IRR) providers that couple new technologies like infrastructure analytics platforms, application performance management, and security instrumentation platforms with a team of experts.
The convergence of products and services is a welcomed development and will lead to improved security. To capitalize on this trend in a way that sets up your organization for success, be sure to incorporate these three steps.
1. Anticipate: Begin by looking at the business in a way that transcends a particular technology or environment or even process. Business leaders and IT leaders should work together define security requirements based on enterprise initiatives and desired outcomes. By aligning your security strategy to your business strategy, you can be prepared to respond quickly to the needs of the organization while reducing risk and protecting data, applications and systems. This will help guide you in the next two steps – consolidate and innovate.
2. Consolidate: Organizations are reducing the number of vendors they work with, using an architectural approach to guide this consolidation and integrate multiple individual products and platforms. Consolidation allows you to gain operational efficiencies and the better protection you seek, rather than struggling with individual products that each generate their own set of alerts and make it difficult to get a clear picture of risk. We’re seeing consolidation on the vendor side as well. According to Momentum Cyber, a cybersecurity-focused investment bank, security merger and acquisition activity remained strong in CY18, reaching $15.5 billion. As the security market matures and becomes less segmented we see a 1+1=3 dynamic at work with organizations deriving exponentially more value from their security tools.
3. Innovate: A hallmark of the security industry has always been a steady stream of emerging technologies to defeat emerging threats. The latest wave includes tools that use machine learning, artificial intelligence, and automation to cull through alerts, hone in on risky areas, and take action. But actual adoption rates appear to be falling, perhaps from uncertainty or lack of confidence. To innovate successfully, look for total solutions and not just the next tool so you can ensure you’re truly improving security, versus creating more alerts for yourself, adding complexity, and wasting resources.
The security industry and organizations are converging on a better approach to security, and it is well overdue. Blending technology and human intelligence for a “solutions focus” sets organizations up for success and closes the gap on risk. It helps you derive more value from your security investments and innovate with confidence – a powerful proposition.