Connect with us

Hi, what are you looking for?


Data Protection

Cybersecurity Mesh: Overcoming Data Security Overload

A significant cybersecurity challenge arises from managing the immense volume of data generated by numerous IT security tools, leading organizations into a reactive rather than proactive approach.

Gartner projects that organizations worldwide will invest $208.7 billion in IT security and risk management tools this year alone. However, despite this significant investment, Accenture reports that 74 percent of CEOs lack confidence in their organization’s cybersecurity posture. Contrary to the longstanding belief that deploying more security solutions will inevitably enhance protection against threats, the reality can often be quite different. In fact, a significant cybersecurity challenge arises from managing the immense volume of data generated by numerous IT security tools, leading organizations into a reactive rather than proactive approach.

The expanding attack surface and mushrooming regulations (e.g., PCI DSS 4.0, NIST, FISMA, etc.) necessitate more frequent security posture assessments, resulting in the deployment of a myriad of security tools, each focused on individual attack surfaces and vectors. However, these solutions are often siloed, making it difficult for security practitioners to report on exploitability posture, identify critical business areas, and demonstrate the effectiveness of security initiatives and controls. Breaking down these silos frequently requires manual efforts to aggregate and correlate data, leading to critical issues not being addressed in a timely fashion. According to IBM’s 2023 Cost of a Data Breach Report, 67% of breaches were discovered by third parties rather than internal resources. Ultimately, the goal is to shorten the window attackers have to exploit software or network configuration flaws. While big data sets can assist in putting specific behavior into context, there are significant technological challenges to overcome.

Limitations of Today’s Security Data ETL

While security monitoring generates big data, in its raw form, it remains only a means to an end. Information security decision-making should be based on prioritized, actionable insights derived from the data. To achieve this, big security data needs to be correlated with its business criticality or risk to the organization.

Specific integrations exist between different products, often driven by vendors or occasionally by support for standards. However, a more common approach to integrating products is through Security Information and Event Management (SIEM) solutions, where a SIEM solution collects events from these products. Security Orchestration, Automation, and Response (SOAR) platforms can then orchestrate responses based on the analysis of these events. Nonetheless, not all data can be ingested by these tools, and the data that is leveraged is often stateful. Issues with attribute mapping and contextualization often lead to data quality problems, raising concerns about reliability and fidelity.

Unlocking the Power of a Cybersecurity Mesh

This is where a cybersecurity mesh architecture (CSMA) comes into play. It enables security practitioners to establish more connections between tools, allowing them to collaborate indirectly through the cybersecurity mesh, influencing each other’s functionalities. Security postures can span across different security products, and security intelligence becomes more effective and predictive. According to Gartner, organizations that adopt a cybersecurity mesh architecture to integrate security tools into a cooperative ecosystem can reduce the financial impact of individual security incidents by an average of 90%.

But how can you implement a cybersecurity mesh without incurring exorbitant costs or requiring a complete overhaul of your existing infrastructure?

Advertisement. Scroll to continue reading.

Recognizing that many organizations struggle to operationalize their security tools, a new breed of technology vendors (e.g., Dassana, Avalor, Cribl, Leen, Monad, Tarsal) has emerged that offer a solution that normalizes data, adds organizational context, and attributes data to its rightful owners. This allows organizations to extract vital insights to expedite time-to-remediation, enhance the productivity of security teams, and ultimately bolster the effectiveness of security controls.

When assessing these vendors that promise to unlock the power of a cybersecurity mesh architecture, decision makers should consider the following core selection criteria:

  • Domain Expertise: As this is an emerging technology category that will attract many vendors to jump onto the bandwagon, conduct your due diligence focused on the domain expertise of the founding team members and associated subject matter experts. Align with those that encountered the challenge of managing diverse data streams from disparate security tools in the past and set out to reimagine the security data ETL (Extract, Transform, Load) process.
  • Security Data ETL Approach: To unlock the power of a cybersecurity mesh, you have to overcome the limitations of traditional data ingestion, normalization, and correlation processes. Check if the vendor is consolidating all data into a single data lake. Once the data is consolidated, a single API should suffice, simplifying maintenance considerably. Following this approach, the platform can now ingest all raw data into the data lake, offering numerous advantages and enabling deeper insights. The true innovation to look out for is in the approach to the normalization process, treating it as a content problem rather than a mapping one.
  • Time-to-Value: You don’t want to end up with yet another SIEM-like tool that simply aggregates and leaves the rest of the heavy lifting to you. Thus, assess if the vendor provides contextualized output that delivers immediate value. You should be able to leverage either self-service analysis to query any dataset or even more valuable, utilize native apps to address specific use cases (e.g., risk-based vulnerability and attack surface management, security KPIs and resource planning, security control effectiveness management).


Traditionally, extracting vital insights from the onslaught of data produced by a myriad of security tools to expedite time-to-remediation, enhance the productivity of security teams, and ultimately bolster the effectiveness of security controls has been both costly and time-intensive, often necessitating DIY projects. Unlocking the power of a cybersecurity mesh promises to overcome these limitations and finally deliver a return on investment.

Written By

Dr. Torsten George is an internationally recognized IT security expert, author, and speaker with nearly 30 years of experience in the global IT security community. He regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege for Dummies book. Torsten has held executive level positions with Absolute Software, Centrify (now Delinea), RiskSense (acquired by Ivanti), RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global), Digital Link, and Everdream Corporation (acquired by Dell).


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

More People On The Move

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...


Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.