We would like to keep you up to date with the latest news from Digitalisation World by sending you push notifications.
A key priority for firms in 2023 will be navigating the rising cost of doing business. Between energy price hikes, inflationary pressures, impending corporation tax increases, labour shortages and ongoing supply issues, companies are becoming more aware of their costs as they look to mitigate the worst effects of volatile economic conditions.
Security budgets are likely to be scrutinised with firms working to scale down their expenses and streamline operations more proactively, and CISOs will be required to justify spend more than ever. However, while this will undoubtedly create additional challenges for pressurised security teams, it is not all bad.
A looming recession could serve to accelerate strategic improvements thanks to faster board approvals, providing CISOs with the opportunity to carry out some much-needed spring cleaning as they consolidate the cybersecurity technology stack which typically ranges between ten and fifty point security solutions.
Cutting the security stack makes complete sense from an operational standpoint. The more tools you have in place, the greater the workloads of the security teams who must monitor and maintain them. Standalone point solutions often don’t integrate easily and, as these tools generate numerous alerts, and it’s difficult to measure how efficient they are and if they protect what needs to be protected. The stack also contributes to alert fatigue, increasing stress and burnout among team members.
It therefore stands to reason that 75% of CISOs are now pursuing a vendor consolidation strategy (up from 29% in 2020) in a bid to improve overall risk posture, gain efficiencies of scale and eliminate the need to integrate separate tools, according to Gartner’s Top Trends in Cybersecurity 2022 — Vendor Consolidation report.
Doing so not only reduces pressure on the security team, but uncovers overlaps and security gaps in the security posture, which enables CISOs to identify cost saving potential and justify spend. It can also help save costs associated with licensing, training and maintenance.
Avoid solution siloes
One of the most economic ways to cull the stack without experiencing performance losses is to combine multiple tools into one platform.
Almost all security operations are centred around Security Information and Event Management (SIEM), which is the foundation of security data collection and analysis. But while a SIEM can alert you of any nefarious activity going on internally or externally, it doesn’t typically house the tools required to respond effectively.
As a result, many businesses resort to using separate solutions like Security Orchestration, Automation and Response (SOAR) or User and Entity Behaviour Analytics (UEBA) to automate responses where possible and prioritise the investigation and response efforts. This is a logical approach, yet issues begin to arise where firms adopt fragmented solutions.
The security market can be a difficult one to navigate. Today, there are tons of seemingly necessary tools on the market touting how they’re the next “ground-breaking” cybersecurity solution, encouraging organisations to jump on the bandwagon and invest.
Unfortunately, this can leave firms with a portfolio of siloed, conflicting systems that become extremely difficult to integrate within existing IT systems, leaving SOC teams overworked and overwhelmed. In addition, the CISO loses the ability to understand how the cybersecurity setup is performing, missing out on opportunities to make better decisions and interact with the board in a meaningful way.
A converged security operations setup
Instead, organisations should prioritise the big picture, working to develop a seamless converged security operations setup. Not only can this eliminate the complexities associated with managing and operating siloed security products, but it can also deliver several other benefits.
First, it can reduce the number of point solutions vendors and integrations that need to be maintained, reducing the burden on already overstretched security teams. By converging security technologies, organisations are empowered to unlock efficiencies of scale to help build defensive capabilities, giving users a transparent and comprehensive centralised overview that allows them to better manage cyber threats and reduce business risk.
Second, it improves security performance, helping to accelerate threat detection, investigation and response efforts. With a single platform, organisations can more easily surface high-value alerts, receive threat context to prioritised cases, and use data to optimise the efficacy of the broader security infrastructure.
It’s a case of combining technologies to improve outcomes. A converged SIEM, for example, can deliver machine learning and AI behaviour-based analysis via UEBA and automated detection and response via SOAR. In essence, a converged security setup will automatically add threat intel, business context and entity risk to observations to transform weak alerts into meaningful investigations where analysts have orchestration and automation actions at their fingertips to respond faster than ever.
Thirdly, cost transparency will also be boosted with a converged solution. Costs can be controlled more easily, while insights into how often each solution is used can also be surfaced, providing indications of relevancy, importance, and total cost of ownership (TCO).
In this sense, by combining complementary tools into one platform, a much fuller picture is obtained. Indeed, organisations become empowered to accelerate threat detection, investigation and response efforts, all while achieving efficiencies of scale and consolidating the tech stack.
At the end of the day, your SIEM is more than just a place to aggregate security events. It’s also the starting point for integrating threat intelligence into key insights and creating a highly effective incident response process for your security team.
Therefore, by integrating vital tools such as SIEM, UEBA and SOAR, you will be empowered to improve efficiency for your SOC teams and increase transparency for executives at all levels, providing tangible and actionable value to the companies and security teams implementing them.