The typical enterprise today has too many security systems and vendors to manage. Here’s how security costs can be improved through the process of reduction and unification.
Do you remember your first-ever computer password? Odds are that it was a great deal less complex than the 8+ character code (with punctuation symbol, numerical character and non-sequential number sequence) that is the standard complexity requirement for today’s Internet password. In a similar way, the cybersecurity industry as we know it today has gradually increased in complexity over the years as its practitioners tried to solve threats and risks one at a time. For instance, when organizations first needed to protect sharable resources, passwords and usernames were put to wide use – and as the first threat actors created password cracking software, the digital arms race was on.
When enterprises started to build local area networks, firewalls were implemented to securely segment traffic. As it became clear that bad actors could still get in, intrusion-detection systems came to the fore. And so it went – with each new threat came a new security tool, e.g., antivirus, firewalls for web applications, identity and access managers, data loss prevention tools, security information and event managers, and more.
To this day, it’s common for organizations, whenever they see a security challenge, to seek a new security technology or gadget to buy, deploy, and then hope for the best. The results aren’t all that surprising: many organizations today can’t keep up with the maintenance and fine-tuning of the existing security products they have in place, let alone finding time to research and buy new ones that may be more suited for the modern-day threat environment.
Typically, this is because organizations lack the dedicated in-house expertise to manage their tools properly, and because many forget or neglect to budget for the ongoing necessary care and upgrading of their security applications.
With all that said, the need for comprehensive endpoint security and management has never been greater. A new report from research and consulting firm Frost & Sullivan assessed the enterprise/ IoT cyber-threat landscape to examine how enterprises are keeping up with modern threats, and reported the following disturbing statistics: “Cybercrime-related costs (are) expected to hit $5 trillion globally in 2020. In 2019, an estimated 25 to 30 million cyberattacks happened globally. The FBI states that in the United States, 450,000 attacks were reported in 2019, but it estimates that at least 90% of attacks go unreported – indicating that upwards of 5 million attacks happened in the country in 2019.”
However, these estimates were made before the current COVID-19 pandemic took hold. The report notes this and continues, “Cybercrimes increased dramatically during the first half of 2020. The FBI reported a 300% increase, and the World Health Organization noted a 500% increase, in cybercrimes over the first two months of the pandemic. Even before the current health and related economic crises, enterprises were spending more than 10% of their annual IT budget just on cybersecurity.”
The research firm Ponemon also released a study recently that revealed how challenging security vendor sprawl has become. Fifty-three percent of survey respondents reported that they “don’t know how well the cybersecurity tools they’ve deployed are working,” and only 39% believed they were getting full value out of their security investments.
Perhaps Ponemon’s most interesting survey finding in the study is that companies reported, on average, using no fewer than 47 different cybersecurity products and technologies, and that under half of the respondents believed they were able to successfully stop breaches with their current technology and staff.
What does this mean for enterprise cybersecurity going forward? It means that, unless the right steps are taken, that security will become increasingly unmanageable, more costly, and less effective as the years go by.
Securing More With Less
It may seem counterintuitive, but the risk for many organizations will rise as they deploy more security tools than they can contend with, as their security vendor management burden increases. Costs will rise, too, as they spend more money on more tools and then have to hire more professionals to manage the toolsets. This is all great news for security vendors and the cybersecurity industry (after all, that same Ponemon survey also found those surveyed spend an average of $18.4 million on cybersecurity annually), but it is bad news for enterprises that want to effectively and efficiently manage their risks while keeping costs under control.
The Frost and Sullivan report found that enterprises today must contend with thousands of security vendors, with new firms being founded constantly as threats evolve. "For an enterprise to keep up with the market is a near-impossible task requiring resources that are unrealistic. Additionally, the more vendors an enterprise deploys, the greater the risk in terms of point-to-point security vulnerabilities and interoperability maintenance issues.”
How can enterprises ensure they aren’t overspending on security? For starters, they need to focus on methodologies of securing more with less. There are many ways to effectively achieve this whilst retaining both budget and sanity.
Here is some useful advice:
Automate manual processes: The most direct way to increase efficiencies is to look for manual security processes that can be automated. Areas that are ripe for automation include configuration management, data loss prevention, password management, endpoint incident response, vulnerability monitoring, and process automation that may improve the integration of security and operations, and can even handle simple remediation tasks.
Consolidate security vendors: There are additional ways to keep costs low that are beyond automation. The most comprehensive way to control costs in the face of increasing attack surface is to consolidate the number of vendors one must work with, which will reduce the amount of maintenance. The Frost and Sullivan report notes, “Today there are literally thousands of security solution providers; as the threat landscape continues to evolve, the number of vendors continues to grow. For an enterprise to keep up with the market is a near-impossible task requiring resources that are unrealistic. Additionally, the more vendors an enterprise deploys, the greater the risk in terms of point-to-point security vulnerabilities and interoperability maintenance issues.”
Consider using a single console: If you want to quickly cut costs, look carefully at the number of security information sources and consoles your organization uses. With fewer, or even a single security console, security teams will have all the information they need at their fingertips prior to identifying security threats, to respond to potential breaches, and to more intelligently defend systems and data. If your data sets are spread over multiple consoles, identifying trends in the data will be so much harder, and may waste valuable time in the event of a breach.
Use the power of artificial intelligence and machine learning: Companies should leverage security technology that uses machine learning (ML) and artificial intelligence (AI) so that today’s complex environments can be better monitored and secured. When seeking out a new vendor or reviewing your commitment with a current cybersecurity service provider, find out whether their products actively use AI and ML, and in what capacity. Many vendors pay lip-service to using these advanced technologies in their products, but rather than (say) using math models to proactively hunt threats, they may use AI simply to automate the heavy-lifting portion of formerly manual processes, such as virus signature creation.
Cross-train security staff: Wherever there are silos in security efforts, security teams should seek ways to cross-train security staff so that employees can step in and adequately perform the jobs of others when necessary.
Overall, managing security budget while still retaining the ability to scale up and handle today’s advanced threats is a challenge that enterprises need to get a handle on quickly. As organizations continue to build and deploy new applications, and as users use more devices and deploy more IoT devices in the enterprises, security teams are going to be stretched even thinner and forced to do more in the same time-frame – and there’s no way to succeed in managing budget by buying and deploying still more security products and continuously adding staff.
By taking the opposite tack and reducing the number of vendors and security consoles your teams must manage, organizations are essentially centralizing their security management. And when security management is centralized, security team members can focus on other more strategic areas rather than jumping from console to console.
The best way to achieve this result is to simply look for management capabilities that can be consolidated. Places to look include management platforms, such as those used for mobile device management, mobile application management, file management, and identity and access management, among others. All of these security technologies can be unified so that the security information they collect and manage can be more readily consumed and shared within a more collaborative security environment, simplifying management, creating more insightful reporting, and swiftly identifying risks – because when security is unified in this way, the cost to secure an environment comes down because teams become much more effective with the resources they have.
When security teams coalesce security technologies and embrace this strategy of “securing more with less,” they will not only reduce the number of security tools they must buy and security vendors they must manage, they will also reduce costs and improve their security posture.
In its report, Frost & Sullivan advises all organizations to look at the big picture and make certain that endpoint security is the foundation of their strategy and that “vendor sprawl” isn’t hampering security efforts through increased costs and decreased effectively. “Partnering with a solution provider that has the technologies to comprehensively secure an enterprise’s data and communication is by far the most effective way to ensure security, resilience, and uninterrupted business continuity,” the research firm concludes. You can see the full report for yourself here.