All I Want for 2023 are Improved Security SLAsRead Now
Let’s start by putting a fact on the table. The cybersecurity software industry is a crowded space.
If you’ve ever walked the exhibition floor of a conference like RSA or if you’ve witnessed the almost-daily announcements of new cyber startups on LinkedIn you probably know what we’re talking about. Estimates vary, but it’s safe to assume that there’s over 5,000 vendors in the security marketplace today.
While for an outsider (cyber outsider) it may seem like an overkill, there is a good reason. With no silver bullet to guarantee effective security posture against the increasingly dynamic and complex threat landscape, security teams have a lot of ground to cover. The landscape includes cloud-native environments, Infrastructure-as-Code (IaC), containers, secrets management, remote work — and that’s just to name a few. See the CyberScape map below:
A survey of 400 global security leaders carried out by Check Point at the end of 2019 found that:
- 49% of all organizations use between 6 and 40 point security products
- 27% of larger organization use between 11 and 40 different vendors’ products
- 98% of organizations manage their security products with multiple consoles, creating visibility silos.
- Small organizations are using on average between 15 and 20 security tools, mid-sized businesses are using 50 to 60, and large organizations or enterprises are using over 130 tools on average.
The More you See, The Less you Do?
The problem is that as organizations race to adopt more security tools, they don’t necessarily benefit from an improved security posture. In fact, the opposite is true. Research by IBM has shown that the amount of security tools that an organization was using had a negative impact across multiple categories of the threat lifecycle amongst those surveyed.
Organizations using 50+ security tools are 8% lower in their ability to detect threats compared to those using fewer toolsets.
There’s no single thing to blame for this reality. One issue is the enormous overload of alerts produced by such tools, all in different formats, received through multiple channels and dashboards, with duplications and no clear action. Weeding through these alerts takes significant time, as security teams switch between different technology consoles trying to put the pieces together. Spending so much time on data gathering, enrichment and prioritization take time away from the actual remediation. In fact, it’s reported that
44% of all alerts don’t get investigated at all and 49% of legitimate alerts go unremedied.
Another factor is the well known cyber security talent shortfall. Organizations simply don’t have the number of qualified and competent cybersecurity professionals necessary to operate the manual overhead of each tool.
Finally there is also the issue that these security tools can’t keep up with the agility of development teams. Given that development teams are often the ones who actually remediate those weaknesses identified by the security tools, it’s crucial that security findings can be ingested by them in a way that works for them.
What can be done?
Given all of the above, the question pops. Should organizations cut down on their security tooling? The short answer is — Absolutely not. Well, if there are tools that produce exact duplications then yes (and that itself requires time to understand). But otherwise, organizations require multiple security tools to cover that increasing attack surface.
The key to successful gain value from security tools is to focus on the interaction between security tools, people and processes. This can be achieved via consolidation, process automation and orchestration
- Consolidation: A truly consolidated solution leverages a single–pass architecture, in which, security engines process traffic in parallel with a unified single context. This facilitates one fully informed decision instead of a series of half-blind ones, and greatly enhances security coverage. Consolidation doesn’t necessarily mean the end of best-of-breed solutions. Consolidation can come in the form of a “management layer” above the siloed solutions beneath. One which empowers the current shortage of skilled information security professionals and the much-needed focus on retention, to simplify, centralize, and ease the burden on security teams.
- Process Automation: While automation usually makes the completion of individual tasks easier and faster, process automation often removes bottlenecks, making the operational steps needed to complete a project more accurate and efficient. Process automation deals with formulating multi‑step processes that occur between any combination of people and systems, streamlining interactions and handovers. Process automation isn’t just keeping track of the business, it helps you run the business, day to day. When it comes to reducing cybersecurity risk, process automation can help optimize and scale these lifecycle processes that often involve continuous back-and-forth interactions between security, development, IT and DevOps teams. This not only saves security teams a whole lot of manual effort, but it also eliminates the friction between security and their counterpart and accelerates time-to-remediation.
- Orchestration: While process automation will handle automation of individual business critical tasks, process orchestration is what glues these individual parts together into a cohesive workflow from beginning to end. Process orchestration will manage the automation lifecycle end to end, across various teams and systems, unifying multiple individual tasks into one smart unit. Security teams that effectively leverage security orchestration and automation are able to spend less time on manually connecting the dots between fragmented security findings, siloed teams and distributed tracking systems and can focus on the tough problems that really need the human touch for investigation, mitigation, and remediation.
The ever-evolving cyber-threat landscape is creating a continuous need to adopt new security solutions in order to keep our networks and IT assets protected. Each organization has a tipping point at which the number of products they bring on board becomes too complex to handle and begins to hinder their security posture. As a growing number of IT leaders come to realize this, the demand for simple, coherent, orchestration solutions will continue to grow and become their de-facto go-to security strategy. No longer are security and consolidation on opposite sides of the trade-off scales. They are, in fact, growing increasingly synonymous.