Can Shortening The Cyber Stack Increase Stability?

Uploaded on 2023-09-07 in TECHNOLOGY--Developments, FREE TO VIEW

The number of cybersecurity tools that make up the security stack have continued to increase - it’s now not uncommon to find 75-100 tools deployed in the average enterprise - and managing this stack is proving difficult.

The security team needs to learn the nuances of each solution, log in and out of them, and keep them updated. Consequently, CISOs acknowledge they would derive more benefit from improving control over the stack rather than buying in more tools. 

These tools generate numerous alerts, which means the stack also contributes to alert fatigue. This increases stress and burnout among the team, with VMware’s Global Incident Response Threat Report finding 51% of cybersecurity professionals had experienced extreme stress or burnout over the course of the past year leading 67% of those to take time off as a result. But alert fatigue is also dangerous because it can desensitise the team, which means threats can be miscategorised or ignored.

CISOs, too, are suffering the consequences of the bloated cyber stack. The Implications of Stress on CISOs report found 94% reported feeling stressed and 65% said it was compromising their ability to protect the organisation. The top solution to solving this stress as identified by 57% of CISOs? Consolidate the stack by placing multiple security technologies over a single platform.

Curbing Costs

Reducing complexity not only lessens pressure on the security team but can also help save costs associated with licensing, training and maintenance. This makes it even more compelling in today’s economic climate, where costs are escalating. Some businesses are choosing to outsource as a result to a Managed Security Services Provider (MSSP) to keep their costs under control and predictable.

It's these drivers – the need to reduce risk, stress and cost – that are now seeing CISOs focus on reducing the number of cybersecurity tools they have and the number of vendors they deal with. In 2020, only 29% of CISOs were pursuing such a strategy but that has now risen to 75% in a bid to improve overall risk posture, gain efficiencies of scale and eliminate the need to integrate separate tools, according to Gartner. 

Most are going about this by looking at how they can reduce the number of point solutions, vendors and integrations the security team must maintain. But this is no race to the bottom, as choosing to combine technologies over a single platform can enable the business to take advantage of more cutting-edge technologies. These can be easily integrated within the platform, making it possible to augment the functionality the business already has with complementary solutions. 

Complementary Tech

Take, for example, a modern Security Incident and Event Management (SIEM) solution. These are now usually mapped to the MITRE ATT&CK framework giving them threat hunting capabilities but these can be further enhanced. It’s possible to utilise machine learning and AI behaviour-based analysis via User Entity Behaviour Analytics (UEBA) and automated detection and response via Security Orchestration Automation and Response (SOAR), for example. 

UEBA provides contextual information. It applies parameters that monitor user behaviour while allowing for exceptions to the rule. But should a transgression occur, it then flags that behaviour for investigation. A good example would be where a user is granted access to certain file systems during a specific period. Any access outside of those hours would then be treated as suspicious and trigger an alert.

SOAR helps detect and mitigate threats more precisely, decreasing the mean time to detect and respond (MTTD and MTTR) to suspicious behaviour. It stores and prioritises alerts and security data from multiple sources and systems and automates incident response through the application of playbooks that then enable the team to investigate, contain and remove threats.

When Less Means More

The assimilation of these technologies into a singular platform to complement the SIEM is helping to move us away from point solutions and drive down complexity. But the benefits go further than that. Each technology complements but also supplements the other to provide much deeper insights. For instance, rather than alerts being treated as weak signals of possible compromise, native integration of different components into a converged platform makes it possible to fuse weak signals, benefit from environmental and situational contextual information and then to focus on what matters most. 

The converged dashboard also provides a single pane of glass through which to continuously monitor the entire IT landscape, making it possible for the CISO to more easily view, manage and report on the information estate.

But ultimately, it helps stabilise the organisation, by alleviating workloads and reducing stress fatigue, qualifying and focusing attention on the threats that matter and lowering maintenance costs. So that, far from shrinking the cyber estate, we should view convergence as a way of condensing and concentrating security efforts. 

Tim Wallen isRegional Director for the UK, US and Emerging at Logpoint                       Image: Kaboompics

You Might Also Read: 

Can Automation Help Bridge The Cyber Skills Gap?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Unique TTPs Attackers Use To Target APIs
Qakbot Malware Taken Down »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Talend

Talend

Talend is a leader in cloud and big data integration software. Applications include Risk and Compliance management.

ESG Elektroniksystem- und Logistik-GmbH

ESG Elektroniksystem- und Logistik-GmbH

ESG offer a comprehensive portfolio of cyber and IT services ranging from consulting, solutions and operations to testing, simulation and training.

Spire Solutions

Spire Solutions

Spire Solutions is the Middle East & Africa region’s leading cybersecurity solution provider and value-added distributor (VAD).

Bio-Morphis

Bio-Morphis

Bio-Morphis Reflex solution is a paradigm shift in the approach to information systems security.

Lithuanian National Accreditation Bureau

Lithuanian National Accreditation Bureau

Lithuanian National Accreditation Bureau is the national accreditation body for Lithuania. The directory of members provides details of organisations offering certification services for ISO 27001.

LinkShadow

LinkShadow

LinkShadow is a next-generation cybersecurity solution that provides unparalleled detection of even the most sophisticated threats.

Keyavi Data

Keyavi Data

With Keyavi’s evolutionary data protection technology, your data stays within the bounds of your control in perpetuity.

Raqmiyat

Raqmiyat

Raqmiyat provides end-to-end IT Services and business solutions including consultancy, digital transformation, infrastructure and cybersecurity.

Neosecure

Neosecure

NeoSecure is a specialist Cybersecurity Solutions and Managed Services provider in Latin America.

Nexon Asia Pacific

Nexon Asia Pacific

Nexon solutions include cloud infrastructure and services, unified communications, managed security services, business continuity, secured high-performance network and business applications.

Kyndryl

Kyndryl

Kyndryl has a comprehensive portfolio that leverages hybrid cloud solutions, business resiliency, and network services to help optimize your IT workloads and transformations.

C3.ai Digital Transformation Institute

C3.ai Digital Transformation Institute

The C3.ai Digital Transformation Institute is a research consortium dedicated to accelerating the benefits of artificial intelligence for business, government, and society.

CI-ISAC Australia

CI-ISAC Australia

CI-ISAC has been designed to support and promote existing legislation and Government initiatives that are working to uplift cyber resilience across critical infrastructure sectors.

42Crunch

42Crunch

42Crunch provides API security testing and threat protection. We proactively test, fix and protect your APIs from development to runtime.

Intracis

Intracis

Intracis is a 'Made in India' cyber incident management solution aimed at ‘Making Security Simple’ by simplifying cyber incident management for CERTS and CSIRTS.

Noma Security

Noma Security

Noma Security's mission is Application Security for the Entire Data & AI Lifecycle.