As the cyber threat landscape intensifies with bad actors increasing in sophistication, cyber security teams adopt more tooling in an effort to reduce their risk exposure. These tools can be valuable in their own right, but the sheer volume that enterprises have in place with today has created a serious problem.
The problem is that integration between those tools has suffered. IT and security teams all use their own tooling for each team, and those tools don’t interact with each other, let alone across teams. Very few of those are designed or set up to work together. Research has shown that organisations who deploy over 50 tools are 8% less effective in detecting threats, compared to those employing fewer tools.
The hype around needing the latest and greatest tools is wearing off, and enterprises need to think about all of the investments they have made. CISOs want to consolidate how their teams approach network and security functions, and Gartner estimates that 80% of companies want to embark on this. Yet today, only a few organisations are putting this idea into practice today. There are a number of misconceptions around the consolidation approach that need to be ironed out first, and this will take place in 2022.
How to empower your chief information security officer (CISO)
“Consolidation will save the business money”
The first big hurdle is what the word ‘consolidation’ means in business discussions. Each time the term consolidation is mentioned, the CFOs’ ears prick up as they immediately assume that this will equate to cost savings. However, that is not always the case.
This isn’t a ‘cull them all’ type approach. Security teams need to undertake a thorough analysis to understand where some tools may be overlapping and where blind spots inadvertently still exist. Based on this, CISOs will be able to define which tools will form the strategic basis for security planning, which ones will be integrated in with those products to fulfil specific goals, and which ones have standalone uses.
This can also show up tools that are no longer required, or where there are more licenses in place than is necessary in future. This might deliver some cost reductions when old tools are removed as you no longer need them, but that should not be your primary goal when undertaking this kind of project.
“I just need to find one platform that can deliver it all”
Conversely, some CISOs hope to uncover the holy grail of one tool that delivers on all of their IT and security needs. Sadly, this is not yet the case. Each corporate network will be different in terms of size and complexity, so it’s difficult for security vendors to design a one size fits all solution.
Enterprises will need to re-evaluate their approaches based on tomorrow’s threats, and work out what the best solutions are to meet those needs. There are requirements for best-of-breed products and for platforms that can cover multiple use cases; the ideal approach involves combining them to support better workflows across your team.
The threat of single vendor security is too high to ignore
“If I reduce my tooling, I’ll need more staff to cope with the workload”
In today’s market, recruiting experienced security professionals is a challenge. One fear is that a reduction in tooling will lead to increased pressure on the workforce. This is a very significant concern, particularly when it comes to dealing with critical issues in real time.
However, what many organisations don’t consider is that for each technological investment, you need someone who can manage the output. If you’re working with a particularly niche or specialist tool, finding an available specialist to recruit is going to be nearly impossible in the face of massive skills shortages across the industry. The opposite is true when an organisation has less separate tooling and better integration. It’s actually easier for your existing team to manage those tools when automated processes are in place and therefore won’t always require more headcount.
Next year, we’ll see a greater focus on integration at a deeper level than just within the Security Incident and Event Management platform. Instead, CISOs at enterprises will need to re-evaluate their approaches based on the threats that they expect to see in the future, and then work out what the best solutions are to meet those needs. With that, we’ll also start to see an amnesty style approach, where CISOs get the chance to admit where things aren’t working and work to fix those problems.
In the next year, this consolidation of tooling and services will help companies implement the right processes for them. This is about simplifying things as much as possible, but keeping risk under control. The main benefit is that this integration should deliver more automation support for the security team, which should free up staff time to concentrate on improving security across the business and its operations.
