Two words will uplevel your cybersecurity in 2022 — simplify and consolidate. To thrive in today’s market, organizations must apply these principles to their operational systems.
More than ever, reducing your security team’s load is critical for recruitment and retention. Don’t add more tools and programs; instead, get back to basics. Using the essential tools wisely will improve your security posture far more than throwing money at vendors.
Even at an enterprise level, businesses don’t need 50+ huge security tools with all the bells and whistles, most of which never get used. Instead, you need tools that allow users to have a cohesive view of things. Silos are for farms, not IT ecosystems. To reduce the number of tools by 20–30%, lean more heavily on comprehensive tools. Choose solutions that focus on a problem, solving it well and thoroughly.
Too Many Tools
Remote work and accelerated cloud migration sent many companies scrambling to cover their assets as the traditional security perimeter disintegrated. They rushed to add new security measures to handle problems as they arose. While these solutions may have delivered on its core functionality, many were hyper-focused. They did not lend themselves to functionality outside their scope, creating a tangled web of tools and solutions for staff to manage and oversee. This increased load overburdened the thinly stretched staff, required more onboarding time, and delayed new team members working to ramp up.
The best way to combat this proliferation of tools is to adopt a unified approach. Vendors should adopt it in their design, and organizations need to use it as a principle for guiding their programs. For example, critical tools like patch management, antivirus (AV), threat detection, vulnerability assessment, host-based firewall, and host-based intrusion detection can be unified into a single platform rather than broken out using several point solutions. When components that share similar functionality operate together, it not only eases the burden on staff and offers more comprehensive information, it also makes the data more actionable. Collecting incoming data on the firewall from known command and control (C&C) IP addresses can alert the threat detection, a routine procedure that begins to make outbound requests randomly over port 53, encapsulated in DNS, which would be stopped via a rule in the firewall, or alert AV that a possible infection may have occurred, allowing staff to remediate the attack in its early phases.
Solutions need to go beyond integration and move toward interoperation. Tools must work together, sharing findings in a meaningful and actionable manner. Vendors embracing this approach will standardize APIs and ingestion methodologies, streamlining inter-solution communication. Individual tools can still uniquely metabolize this data via machine learning or as a cross-reference to evaluate findings. The goal of any cross-tool data sharing is better visibility for your organization. Amalgamating multiple streams of security intelligence into a unified console helps improve overall security in several ways.
Better Vision Better Security
Your security posture benefits immediately from administration simplification for existing security operations. Intelligence gathering becomes more efficient when data is centralized. With multiple data streams amalgamated, security professionals draw more relevant insights on potential attacks. These streams viewed individually might seem like noise or false positives but taken in context with other data points, the scope of a broader attack becomes apparent.
Until vendors universally adopt a unified approach, the burden falls on the enterprise to simplify and consolidate. The self-assessment needs to consider what solutions are actively used by staff and determine if there are solutions that are unified in name only, without truly interoperating.
Utilizing this approach will streamline your organization’s security operations. Remove tools that are underutilized or require excess management. Move toward solutions that deliver multiple interconnected functionalities. This will reduce time wasted on administration, optimizing team utilization for more impactful security work.
The unified approach goes beyond streamlining to creating a better organizational security posture. With shared data across tools, organizations rapidly identify potential threats allowing them to take proactive steps. Mitigating attacks early prevents breaches and data disclosures that cost organizations both financially and reputationally.
Simplify and consolidate — these two principles make up the unified approach. Embracing this approach will do more than strengthen security postures. It will help vendors produce more effective products, decrease staff burnout, all while saving organizations from the financial and reputational damage the breaches bring.
This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.