Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

Disconnected Security Increases Risk

In today’s high-risk IT environment, there’s no such thing as too much security, right? Well, that depends. As with anything in life, the devil is in the details. As organizations continue to expand their arsenal of security products in an effort to strengthen protections against advanced threats, they often introduce complexity.

In today’s high-risk IT environment, there’s no such thing as too much security, right? Well, that depends. As with anything in life, the devil is in the details. As organizations continue to expand their arsenal of security products in an effort to strengthen protections against advanced threats, they often introduce complexity. Adding technology only results in better security when multiple threat protections perform as a connected, integrated system and when security teams trust their automated security processes. 

 Human Nature: The Overriding Threat

The human factor has always posed a formidable challenge in maintaining enterprise security. IT teams educate end users about the risks of phishing and social engineering attacks that can put the enterprise at risk with one seemingly innocuous mouse-click. However, end users are not the only serious threat: Security teams themselves are becoming the weak link by overriding automated security processes.

Enterprise Security IntegrationLet’s look at why this problem persists and what can be done about it.

Disabled Features

IT personnel have their reasons for disabling security features. I’ve written about this risky practice in a previous SecurityWeek column. Some systems generate too many false-positive events. Performance impact is another common reason for turning off features as an underpowered solution may create network throughput issues. Additionally, IT staff may extend deployment timeframes to validate a new tool’s detection effectiveness.

It’s human nature to want to verify the existence of malware before initiating action. However, today’s incredible number of security events and alerts can quickly overwhelm a human’s ability to effectively manage risks, resulting in:

Information Overload. While security events and alerts generated by an organization’s multiple security solutions can vary widely, it’s not uncommon for some security products to flag upwards of 10 events per second (which is more than 850,000 events per day). More security solutions and more alerts mean more work. Dealing with volumes like these become futile without the use of automated security polices and processes.

Analysis Paralysis. While risk analysis solutions can offer significant detection enhancements, simply adding a new technology may not improve a security posture. Is the risk real? Does it pose an imminent danger? Does it require in-depth forensic analysis? Without an integrated security solution, you may need to jump between multiple security product consoles to get answers. All the while, the clock keeps ticking and suspect events continue to pile up.

Achieving Connected Security

Avoiding a security disconnect starts with intelligent, integrated solutions that work together to foil today’s advanced threats. Here are three considerations that can help you achieve connected security.

1) Choose an Intrusion Prevention System (IPS) that Connects the Dots and Takes Corrective Action. Today’s best IPS solutions integrate security data from across the organization in the blink of an eye, placing security events and alerts in context. They share contextual information between components and include sophisticated detection engines including signatureless capabilities.  Choose a system that is smart enough to perform deep inspection of network traffic, block threats, and take corrective action as needed without delay.

2) Choose Security Components that Work Well with Others. It’s hard to overstate the importance of integration. True integration is more than just a buzz phrase—it involves sharing real-time threat data, workflows, device details, user and application information, vulnerability assessments, and more among security components. For example, does your IPS share risk and correlation data with your SIEM, firewalls, and your enterprise security console? It should. Jumping between security consoles is not only time-consuming; it introduces opportunities for human error. You need a global view of risk and compliance, with data and workflows that feed into one central console—regardless of the security components’ manufacturer.

3) Layer Wisely. Sandboxing is a powerful tool that helps you expand threat detection to include unknown files and code. But once again, more alerts mean more work. Alerts that lack context and action may be overlooked, resulting in dire consequences. Sandboxes must be integrated into the security infrastructure. Rather than yet another stand-alone, alert-producing device, they must be an extension of the existing detection and protection arsenal, feeding critical threat data to solutions that can take immediate action.

Integration is often discussed in the context of increasing security management efficiency—which is true. However, marginal integration is a major cause of disconnected security. Intelligent integration must extend across your network and include your sandbox to avoid alert-overload and ultimately reduce risk.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...