- Upgrade to Microsoft Office Pro and Windows 11 Pro with this bundle for 87% off
- Get 3 months of Xbox Game Pass Ultimate for 28% off
- Buy a Microsoft Project Pro or Microsoft Visio Pro license for just $18 with this deal
- How I optimized the cheapest 98-inch TV available to look and sound incredible (and it's $1,000 off)
- The best blood pressure watches of 2024
The Challenge of Utilizing Multiple Security Tools
Greetings everyone, and welcome to this week’s blog. This week, I’m diving into number six in our “Top 10 List of the Challenges Cybersecurity Professionals Face,” as found in our Cybersecurity Insights Report 2022: The State of Cyber Resilience: Lack of integrated cyber-security solutions.
To deal with the cyberthreats they face every day, Enterprise Security Decision Makers seek new and well-supported solutions. They look for solutions that are easy to use and integrate with other cybersecurity systems and different parts of their organizations.
44% of those surveyed said that easily integrating with other cybersecurity tools is essential when evaluating cybersecurity solutions. What do you look for?
So why do almost half of enterprise decision-makers want easily integrated tools?
Enterprises frequently deploy new security tools and services to address changing needs and an increase in threats. In fact, according to recent findings, mature security organizations have deployed on average:
- Small business: 15 and 20 security tools
- Medium-sized companies: 50 to 60 security tools
- Enterprises: over 130 tools security tools
If you like math, check out these stats:
A typical six-layer enterprise tech stack, composed of networking, storage, physical servers, virtualization, management, and application layers, causes enterprise organizations to struggle with 1.6 billion versions of tech installations for 336 products by 57 vendors.
Increasing Investments
Our research showed that 74% of organizations had increased their cybersecurity budgets to help defend against increasing cyber-attacks. Despite these increasing investments in cybersecurity, only 46% are very confident that their cyber-protection technologies can detect today’s sophisticated attacks.
While investment is on the uptake, effectiveness is not. Response efforts have been hindered by the complexity caused by fragmented toolsets, highlighting that investing in too many tools can reduce the effectiveness of security defenses.
More Tools, More Problems
The wide variety of tools enterprises invest their time and money into to combat security threats can create numerous issues.
Security analysts are understandably frustrated. They’re spending most of their time chasing false positives and performing manual processes born from these disparate toolsets. They’re working longer hours and are under more pressure to protect the business.
CSO Online provides a good article listing the top challenges of security tool integration:
7 top challenges of security tool integration | CSO Online
- Too many security tools
- Lack of interoperability among security tools
- Broken functionality
- Limited network visibility
- Increase in false alarms
- Failure to set expectations properly
- Lack of skills
You can find the full article here. Source: csoonline.com
For this blog, I’ll focus on what I think is the biggest challenge the article did not mention: Disparate tools create siloed organizations.
Creating Gaps and Silos
In the last blog, I focused on the concept of cyber fusion and how it offers a unified approach to cybersecurity by combining the intelligence from different teams into one cohesive picture. That blog centered on people and threat intelligence. When you add in technology, the need to break down silos is even more evident.
Cybersecurity is one of the most siloed fields in all of IT. In some cases, we can attribute this to organizational structure. The problem becomes magnified when you add all the tools each department or analyst needs to complete their jobs.
Cybersecurity experts typically need to sift through multiple data sources from disparate security tools, chasing false positives, to try to identify relevant security issues and cybersecurity risks. Without third-party integrations available, security teams are solely responsible for bringing this data together to identify potential threats and gain insights into security incidents to maintain their security posture.
Download our ebook to learn how to break down silos to achieve a more collaborative security structure.
The Whole is Greater than the Sum of Its Parts
When it comes to cybersecurity, the whole is always more significant than the sum of the parts. Unfortunately, many security products do not lend themselves to this approach: security operations centers and analysts use individual tools programmatically to gain relevant visibility into advanced threats.
Vendors have little incentive to ensure their solutions work well with others or how well it fits into an organization’s existing tech stack. As a result, the final security infrastructure might include many best-of-breed tools, but ones that often live in operational silos that aren’t communicating efficiently, if at all.
The Burden is on CISOs
The lack of interoperability between different security tools has made it difficult for CISOs to integrate them into their existing security programs. This begs the question: Is it more difficult to defend against cyberattacks, or is it more difficult getting all of their security tools to work together?
Incompatible security tools and solutions can also have many negative consequences. At a minimum, the inability to easily share information on cyber threats and collaborate on other aspects of cybersecurity means overworked security professionals must rely on manual processes and analysis. This can lead to security teams increasingly focusing on the cyber risk at hand rather than looking at the big picture, losing sight of managing the organizations’ overall security posture. If unattended, the gaps between multiple security tools can lead to cyber risks that threat actors can exploit and turn into security breaches.
Is XDR the Answer?
As an industry, we need to agree on what extended detection and response (XDR) is, as it’s defined differently by industry analysts and vendors. And to be honest, I get offended when people say it was just a term made up by marketers. As a marketer, I don’t care about acronyms. I care about highlighting a solution that solves a problem or a need.
The problem we’re trying to solve here is that organizations struggle to connect all of their disparate tools to get a concise view into their relevant threat landscape to ultimately defend their organization against cyber-attacks effectively.
And, by some definitions, including Gartner, ESG, EMA’s, and Anomali’s, XDR is the current acronym that says it can solve that problem.
XDR solutions collect data across all security telemetry, including networks, clouds, endpoints, and applications, while applying analytics and automation to increase visibility into advanced threats. XDR helps accelerate threat detection and response to achieve comprehensive visibility while avoiding a deluge of false positives that can sometimes accompany other security solutions.
The XDR promise is that it centralizes, normalizes, and correlates data from multiple sources, including cloud security, to break down security silos and provide complete visibility and insights for faster detection and response.
Marketing hype? I’m not so sure. I know I’ve seen our solution in action, and it’s pretty powerful. You can see how it identified Log4j in seconds here.
I know that organizations need to integrate their technologies, people, and processes to break down silos to keep up and defend against advanced attacks. By fostering collaboration and breaking down the barriers of disparate data, cybersecurity teams can work together to collect and integrate the intelligence needed to detect and respond to cyber-attacks quickly.
Or, we can keep arguing about what XDR is and its benefits, and the likely result will be that organizations will struggle to keep up with today’s sophisticated attacks.
The main goal of any organization should be to prevent breaches and stop attackers. Breaking down silos and connecting disparate solutions help reach that goal.
Thanks for reading. Join me next time as I continue this journey and look at number five on our list.
In the meantime, download our Cybersecurity Insights 2022 report or scroll through below for direct links to the other blogs in this series.