The growing number of siloed security solutions that make up much of a modern organization’s security stack are creating major headaches for enterprise cybersecurity teams. Existing solutions don’t have the ability to glean contextual insights and analysts don’t have the time or resources to piece together wide ranges of data points amassed from different channels.
This results in an inability to predict and fully understand the scope of flagged threats. And that leaves organizations vulnerable.
To hedge their bets, threat actors look to target an enterprise through multiple attack vectors. This strategy has become much simpler as companies continue to adopt new SaaS apps, web apps, cloud collaboration tools and shared cloud storage drives.
With the number of vulnerable channels only expanding, so are the number of security solutions being deployed, making interconnection of an organization’s cybersecurity solutions essential for the continued and efficient protection of the organization.
Too many tools in the kitchen…
With the growth in sophistication and frequency of cyberattacks, security professionals rely on a constantly growing number of cyber-defense tools. On average, organizations use 45 different cybersecurity tools to keep their systems safe, and many companies actually deploy more than that.
With such a bloated slate of solutions, they frequently undermine one another. Security teams that operate more than 50 tools are 8% less effective at detecting an attack, and 7% less effective when responding to one. Clearly, siloed security solutions are leaving enterprises vulnerable.
What’s more, as the arsenal of unconnected solutions continues to expand, it becomes less and less sustainable for security personnel to hop from one threat defense tool to another. The siloing of all these solutions obfuscates the enterprise’s holistic view of its security status and important aspects of contextual analysis. And just think about the overhead that many of these tools require for configuration and management.
Sixty percent of cybersecurity professionals admit their current security tools do not enable their security operations team to work with maximum efficiency. Eight-four percent estimate their organization lost up to 10% of revenue from security breaches in the last 12 months.
These percentages will continue to rise if security teams respond to increased threats with an increased number of tools, especially as they scramble to protect the newer attack vectors. With each new workplace tool (or personal tool such as WhatsApp) adopted by users, areas of vulnerability not covered by traditional enterprise security solutions increase. As reliance on new cloud-based workplace tools grows and hybrid work becomes the norm, enterprise operations will become more complex, and siloed security data will in turn become more problematic.
Consolidation, consolidation, consolidation
There is no silver bullet to deal with threat actors. However, it is vital that cybersecurity professionals consolidate their tools to simplify communications and manage incidents rapidly and effectively. As much as possible, security professionals should be able to view activity and data provided by cyber and IT applications from within a single platform. That way they can holistically assess the organization’s security situation and easily plug gaps.
Although the cybersecurity industry is heading towards consolidation with the rise of effective extended detection and response (XDR) tools, the market is some ways away from reaching full maturity. In the meantime, there is still a need for bespoke solutions that deal with different threats and attack vectors.
Therefore, a certain level of synchronization between these different tools is vital. The industry is already seeing this in the form of multi-vendor partnerships which integrate various tools into one platform.
Doing away with siloed security
For example, enterprise platforms like Salesforce are partnering with external vendors to bolster cybersecurity capabilities, allowing users to integrate their niche app security within their wider network security. Cybersecurity EDR vendors such as SentinelOne and CrowdStrike partner with various external vendors to provide customers with coverage that is compatible with its own solution, to increase their customers’ security posture and unify management.
Security leaders should drive the vendor community to provide highly integrated solutions that deliver actionable insights from connections, as well as contextual analysis between seemingly disparate problems to prevent and remediate malicious activity. Built-in compatibility between different solutions will also reduce the manual workload required of security teams and allow them to better use their time, dealing with cyberthreats more effectively. This should be supported by machine learning (ML) and artificial intelligence (AI) to further reduce the manual workload.
A hodgepodge of siloed and disconnected solutions may cause more problems than it solves. A cybersecurity team’s lack of ability to see the whole picture (and more) is a major vulnerability for enterprises and impedes a team’s ability to prevent and act on threats. This is especially true if threats work on multiple levels, as is increasingly
In the current economic climate, cost-cutting measures are impacting all enterprises, and a security team’s time has become even more precious. So for an organization’s safety, it’s vital that their time is spent as efficiently as possible.
As the industry braces itself for an increasingly complex wave of threats, breaking down silos and building up synchronicity is imperative for its success.
Yoram Salinger is CEO of Perception Point.
This article first appeared on Venture Beat on February 26, 2023.