Slashed budgets, staff shortages, and the significant risks associated with legacy cybersecurity solutions – these reasons and more are why Security Operations Centers (SOCs) and Chief Security Officers (CSOs) are considering more efficient, secure systems with streamlined numbers of tools and layers.
The key for CSOs is to find the happy medium between big-tent cybersecurity solutions and the large number of niche hyper-focused cybersecurity features that enterprises require.
Reports indicate that since May 2022, tech startups have laid off nearly 27,000 workers, however, even before today’s budget and staff cuts, there was already a chronic staff shortage in the cybersecurity sector. According to studies, “the demand for cybersecurity professionals continues to outpace supply.”
There are tangible consequences in the cybersecurity realm to these staff and skills shortfalls – misconfigured systems, risk assessment and management that is either rushed or skipped, slow remediation times that leave systems exposed, and the inability to handle all active threats to the network. In short, SOC teams are increasingly understaffed and overworked – all while facing a rising tide of increasingly sophisticated attacks.
Furthermore, outmoded legacy solutions can leave networks even more vulnerable. There are certainly industries where older means wiser, but in cybersecurity, legacy solutions often cannot keep up with the evolving threat landscape and are not easily integrated with updated tools. In addition, they often have complex configuration and maintenance processes that make management, patches or updates complicated and impractical. According to reports, unpatched vulnerabilities and risky services account for 82% of successful attacks.
The current threat landscape is only growing. The hybrid work era has driven enterprises to adopt a rising number of SaaS and web-based tools to deal with the consequences of a decentralized work environment – messaging apps, file sharing, CRMs, etc. As recent Google Drive and Dropbox hacks demonstrate, there is a rapidly growing number of new attack vectors which malicious actors can exploit. This trend is only likely to continue as new SaaS and web-based tools are developed to optimize the modern workplace, and remote work policies give employees the potential to access sensitive apps from unmanaged and third-party devices. In short, many companies are a lot more vulnerable than they realize.
Big Tent vs. Niche
Understaffed and overworked SOC teams are now facing a new hurdle: System Overload. As cyberattacks grow in sophistication and frequency, the number of cyberdefense tools that security professionals rely on is constantly growing. Reports indicate that some organizations use as many as 45 different tools on average to keep their networks safe.
These hyper-focused security tools may be effective in the fight against the growing sophistication of cyberthreats, but their sheer volume is in and of itself a problem because they are often cumbersome to manage; forcing analysts to waste time toggling between tools. This results in delayed incident analysis and security system maintenance. Furthermore, the disparate nature of these solutions means that analysts are unable to get a holistic view of issues or react quickly to breaches. Those using more than 50 tools ranked themselves as 8% less likely to be able to detect an attack and 7% less responsive when attempting to address it. With staff shortages, SOCs also find it hard to retain the expertise needed to utilize these multiple systems efficiently.
That said, big-tent, legacy cybersecurity solutions are not necessarily the best alternative. It may seem beneficial to have many defense tools within the same platform, but the pinpoint responses of niche solutions to the growing threat-landscape may be lost. In other words, these catch-all solutions can’t necessarily keep up with the growing sophistication of threats. 40% of cybersecurity professionals said their current cybersecurity strategy will likely be outdated in just two years, with 37% said it would happen in three.
The Middle Ground
To effectively combat the next generation of cybersecurity challenges, CSOs will need to create an effective middle ground. This industry need has only been accentuated by the current economic downturn, which is forcing many SOCs to cut budgets by providing the most bang-for-your-buck solutions to secure vulnerable systems.
The trick for cybersecurity providers will be to offer a balanced number of solutions that effectively cover a number of threat vectors – not so many that they lose their focus, but enough that clients can reduce their reliance on an unwieldy number of security products. In the long term, more streamlined SaaS cybersecurity systems can not only make it easier for SOC teams to employ, train, and retain their teams, but actually reduce their workloads. Vendors must also strive to create easy to deploy and manage integrated solutions that fit neatly within customers’ current systems, and which interact seamlessly with their standard operating systems and business workflows. This ensures that both security team members and general staff can easily leverage the benefits in a frictionless manner. In a similar vein, vendors should provide tools and services that bolster a SOC team’s capacity, offering a lifeline for groups that are understaffed and overworked. These could be supported by automated ML- and AI-based platforms and actual cybersecurity experts in a managed SOC service to ease the strain of analyzing and remediating the tide of malicious activity threatening to engulf companies.
Modern streamlined and decluttered cybersecurity solution suites should be hastened in by the realities of the industry’s knowledge shortages and today’s economic challenges; however, going forward they make the most sense for effective, efficient, and durable SOC teams.
About the Author
Motti Elloul is VP Customer Success and Incident Response at Perception Point. He works with existing customers to educate and help them maximize their product knowledge and solve issues that may arise. Motti focuses on building sustainable customer relationships by optimizing their asset protection and leveraging the value of customer satisfaction. Motti has worked in people-centered roles at Applause, Red Bend Software, and Nuance Communications. He holds a BSc in Software Engineering from the Jerusalem College of Engineering.
Motti can be reached online at https://www.linkedin.com/in/mottie/
and at our company website https://perception-point.io/
This article first appeared in Cyber Defense Magazine’s eMagazine, September 2022 edition.