Welcome to blog #six as I explore the “Top 10 List of the Challenges Cybersecurity Professionals Face,” as found in our Cybersecurity Insights Report 2022: The State of Cyber Resilience.
In the last blog, I wrote about the challenges that organizations have with disparate tools, highlighted by the fact that mature enterprise organizations deployed over 130 security tools on average. That blog is a perfect introduction to number five on our list of challenges enterprise organizations face: ‘Solutions not customized to the types of risks we face.’
More Tools, More Problems
Most security teams use several security management tools to help them manage their security infrastructure. While each tool was acquired for a specific reason and purpose, introducing each tool into an existing security tech stack poses a different challenge. Unfortunately, there’s no one size fits all approach.
Every new security tool introduced requires integration to use the tool effectively. It takes a lot of time and effort to implement a tool properly into your environment and processes. There would most likely need training involved for those analysts who would be using the new tools. While necessary, these tasks take time and attention away from everyday activities and can significantly decrease a security team’s effectiveness before they’re fully integrated into their workflow.
Increasing in Multiple Tools Increases Security Complexity
The increasing adoption of cybersecurity solutions has created more consequences and challenges for organizations and their IT teams. With each addition of a new solution, another problem emerges Tool sprawl. Tool sprawl is when an organization invests in various tools that make it harder for IT teams to manage and orchestrate the solution.
Time is a precious commodity, especially in cybersecurity. It takes time to collect information from multiple tools and disparate data sources, then correlate it manually with the necessary intelligence. Instead of responding quickly to an attack, analysts will waste time collecting the data and relevant intelligence needed to understand what kind of attacks they are dealing with and which actions they should take. Instead of fixing a problem, security teams may suddenly find that they’ve added more.
How Cybersecurity Tools Grew Out of Control
Traditional cybersecurity operations were designed to manage anti-viruses, install and monitor firewalls, protect data, and help users manage passwords. It was evident by the mid-1990s that investing in cybersecurity would be necessary. Organizations now had a budget for security and had to figure out which parts of their infrastructure were most vulnerable.
As their strategy evolved, organizations began investing in hiring cybersecurity experts but realized people are expensive. They then began buying various tools to complement their security professionals. They soon realized that there was a security tool you could buy that could help resolve the situation for any potential problem.
The desire to throw tools at a situation continues today. Cybersecurity budgets have increased since the pandemic sped up digital transformation efforts and increased an organization’s attack surface. Board members and Executives realize the need to invest more in cybersecurity. New security products continue to spring up, promising to solve problems and secure all the various parts of businesses’ technology stacks.
Unfortunately, when adding tools, too many organizations make the mistake of looking for a quick fix, working in silos to solve one problem rather than taking a holistic approach to evolving their cybersecurity strategy.
Consolidation of Vendors on the Rise
Gartner conducted a survey on Security Vendor Consolidation Trends that revealed that 80% of the security leaders surveyed were pursuing vendor consolidation initiatives. An ESG survey also showed that 62% of companies are now rethinking how they purchase and deploy security technology.
This aligns with what we found in our Cybersecurity Insights Report: Enterprise Security Decision Makers seek new solutions that are well-supported, easy to use, and integrated with other cybersecurity systems and different parts of their organizations.
Security teams gain greater operational efficiencies when products are designed to work together. More importantly, it helps ensure an effective security posture to protect against today’s sophisticated threats.
Best Practices for Evaluating Cybersecurity Tools
New security toolsets continue to emerge from new vendors or existing players expanding their offerings. Trying to keep up with the latest security trends can be overwhelming for security teams that are already overworked with day-to-day operations and trying to keep up with an ever-evolving threat landscape.
This makes it harder for organizations to ensure they get the right tools to fit into their environment seamlessly.
What steps can you take when searching for or evaluating new tools?
Identify Your Problem
What Problem Are you Trying to Solve? Are there specific use cases you need to be addressed?
It’s essential to understand your current attack surface to address any holes. Where are the gaps in your existing tech stack? What tools will help your organization enhance your defenses and reduce overall risk for your company?
Leverage your analysts to see what challenges they’re having. Reach out to stakeholders to see what their priorities are to ensure your goals are aligned. Once you understand the problem, you can then solve it.
Map out your high-level requirements to meet your identified problem or any specific needs or use cases. Identify the critical users so you can get their input. Determine how it aligns with your existing tech stack to determine integration needs. Ensure you involve other stakeholders, like IT, network infrastructure, etc. As you define these requirements and work cross-functionally, you’ll be able to narrow down the number of solutions you’ll need to evaluate.
As you evaluate solutions, you need to ensure that any new tools you bring on board do not impact your current security posture or infrastructure. There may be processes in place or infrastructure needs that cannot be altered. There are also existing security tools in place to protect your organization that should not be paused or shut down to enable any open access for attackers. Ensure you’ve fully assessed your current cybersecurity posture, including policies, incidents, and historical data, to gain a complete picture of the environment to ensure you don’t run into any issues.
Try Before You Buy
Ask the vendor if they offer a pilot program or POC. or if they have a demo environment that you can explore. See if there are existing integrations you can test. Establish evaluation criteria for what’s important to you to evaluate the solution and quickly compare it to others you’ll be reviewing. The more you know beforehand, the better you’ll be at deployment.
Ask Your Peers
You’re not the only one who’s experienced this problem. Check with peers to see which tools they use and see if any of their solutions meet your needs. Read up on what industry analysts are saying to see what they recommend.
One Tool to Rule Them All?
XDR (Extended Detection and Response) solutions are different from other security tools in that they centralize data collection from multiple sources, including EDR, Network, messaging, cloud security, etc. to break down security silos and detect threats.
Security analysts need a solution that intelligently brings together all relevant security data to help detect advanced adversaries and sophisticated attacks in real-time. As adversaries use more complex attack tactics, techniques, and procedures (TTPs), analysts need more complete visibility and insights for faster detection.
XDR might be the solution to end tool sprawl. Only time will tell.
Every environment is different. Choosing the right tools to protect your organization is essential. Ensuring that those tools work together to quickly detect and respond to cyberattacks is even more critical.
Thanks for reading. We're getting closer to the top of the list. Please join me next time as I look at number four on our list.