Cybercriminals are exploiting the confusion that results from organizations simply throwing money at their cybersecurity challenges
Cybersecurity deployments have become as complex as the networks they are trying to protect. And that’s not a good thing. The demands of digital acceleration have forced organizations to quickly adopt new technologies and expand their networks. And far too often, security is applied as an afterthought. As a result, according to IBM, enterprises have an average of 45 security products deployed in their networks. And few (if any) of them were designed to operate as a cohesive system, making centralized management and automation nearly impossible.
The resulting vendor sprawl has become a severe challenge for many IT teams. When visibility is fragmented across multiple consoles, detecting and responding to a security event becomes increasingly tricky. That’s because, according to that same report, responding to a cyber incident requires coordination across an average of 19 of those tools. And in addition to a lack of interoperability, organizations must also contend with feature overlap, which can create havoc on the back end when it comes to managing things like configurations.
Many organizations end up building complex workarounds that need to be constantly managed and reconfigured every time a device is upgraded. According to one recent survey of 350 IT decision makers from organizations across the US, more than 80% of organizations with ten or more security vendors in place admitted that a third of their IT resources are spent just managing and troubleshooting their multi-vendor security environment every day.
Cybercriminals have been all too eager to exploit the confusion that results from organizations simply throwing money at their cybersecurity challenges. This past year, we have seen a staggering increase in attackers and attacks successfully targeting the silos, complexities, and visibility gaps that naturally arise from such complex and scattered security environments.
Taking a Cybersecurity Mesh approach
Gartner recently identified Cybersecurity Mesh Architecture (CSMA) as one of the top cybersecurity trends for 2022. CSMA combines best-of-breed planning with an integrated set of security tools, APIs, and common standards to enable centralized management and analytics to span the extended network for more effective threat detection and response. And according to Gartner, organizations that adopt a CSMA strategy by 2024 “to integrate security tools to work as a collaborative ecosystem will reduce the financial impact of individual security incidents by an average of 90%.”
What is a Cybersecurity Mesh Architecture (and how do I get one)?
A Cybersecurity Mesh Architecture involves much more than simply bringing fragmented infrastructure components and deployments under control through cross integration. It also needs to tie security technologies to the underlying network to simplify the deployment of new technologies and services. This way, as the network expands to meet evolving business requirements, the interwoven security fabric continuously adapts to the shifting infrastructure of devices, applications, and services it is there to protect. In addition, a cybersecurity mesh should also be deeply tied to solutions that converge networking and security, such as Secure SD-WAN or ZTNA that is integrated into a next-generation firewall.
Achieving this requires far more than the workarounds now being used to connect disparate legacy security technologies. A cybersecurity mesh platform must be fully integrated for consistent policy enforcement, broadly deployable to see and protect every corner of the network, and fully automated to detect and respond to threats without relying on human intervention. Such an approach is essential for reducing complexity and increasing overall security effectiveness, especially for new, complex trends like work-from-anywhere (WFA). WFA is perhaps the most common use case requiring multiple solutions to work together across a dynamic set of assets, applications, and environments. But it is just the start. New edge networks, increasingly integrated multi-cloud deployments, hybrid data centers, and smart environments, to name a few, will all need security and networking technologies designed to function as a unified system.
In addition to the deeply integrated security solutions functioning at the heart of a CSMA deployment, that core security platform should also support a broad open ecosystem of technologies. Such an open approach provides critical flexibility across the network, leveraging existing investments and enabling custom solutions designed for the variety of use cases each organization needs to address.
When developing a CSMA environment, organizations need to look for solutions that provide the following functions. Technologies should be designed to work together to ensure and maintain deep visibility across all edges, even as the network evolves. The resulting security fabric should enable the centralized management of distributed solutions for unified visibility and consistent policy enforcement. Integrated systems must also leverage a shared threat intelligence database, so every tool is looking for and responding to the same threats and alerts. Third-party integrations should improve the detection of known and unknown attacks and enable the automation of actionable responses across hybrid environments.
And while integrated technologies are essential for any CSMA deployment, that’s not all. Restrictive and rigid licensing systems can undermine even the best plans. So, in addition to developing integrated and open technologies, organizations require dynamic licensing schemes so their security can quickly scale up and out across any environment. Only then can a cybersecurity mesh architecture provide consistent, real-time protection as the network responds to constantly shifting user, connectivity, and business realities.
Fortunately, a cybersecurity mesh architecture is not one of those futuristic solutions that organizations will need to wait for years to implement. The reality is, all of this is available right now. What needs to change is how we think about and deploy security. Organizations must begin embracing and adopting an integrated approach to security as part of their digital acceleration initiatives. Frankly, it is the only approach that can provide the reduced complexity, simplified operations, and adaptive security today’s evolving business operations require.