By Andrew Bushby, UK director at Fidelis Cybersecurity
Despite an accelerated proliferation of cyber-threats, and ever-expanding attack vectors for organisations to consider, many security teams continue to work with outdated, complicated and inefficient security infrastructures.
Indeed, some procurements contain more than ten different categories of cybersecurity technologies from multiple vendors.
That most infrastructures have grown too big was highlighted by Fidelis’ recently published State of Threat Detection Report*, which showed that as little as 6.54 percent of organisations surveyed believe they are using their full security stack to its full capability.
This is not only costly in financial terms, but also leads to security professionals spending unnecessary time resolving what is often a deluge of false alerts, while sophisticated threats go unnoticed for far too long.
As their exploitable attack surfaces keep expanding, the gut reaction of many organisations has been to protect themselves from each new breed of threat that emerges with point solutions.
However, solutions that solve a critical issue at a certain point in time might end up hindering the solution of more advanced issues not long after. It is this short-term, protection-based, approach to security that has led to one of the most widespread industry problems – overloaded security stacks.
Vendors have not been late to take advantage of what to many is a seemingly hopeless situation, with a structural skills gap, and widespread lack of manpower and funding leading to security teams constantly being one step behind the attackers.
Security professionals, who might sit on expert knowledge around how to mitigate specific threats efficiently, find themselves having to waste time on overly complicated management, and trying to weed through the deluge of alerts produced by an overcrowded infrastructure, instead of actively working against actual threats at hand. In short, the wood can’t be seen for the trees, and many have had to pay in form of hackers being granted longer dwell times.
Calls for change
The combination of security challenges facing most businesses – including a lack of automation, a lack of visibility, unmanageable security stacks, a lack of tailored threat intelligence, and a lack of time or skill to conduct threat hunting – means security teams are often overburdened and not equipped to deal with the realities of modern threats. It is therefore not surprising that Fidelis’ recent research shows that there is not only an appetite, but dedication, within the security industry to enact change, with 78 percent of respondents revealing that they have, or are planning to, consolidate their security stack.
Where to go from here
The solution to the issue of out-of-control security stacks is twofold. In terms of technology, the case for unified software solutions has never been stronger, as they can speed-up post-breach detection and offer complete visibility to security professionals at a glance.
There also needs to be a focus put on people however, as the true worth of automation, broad visibility and optimised digital workflows can only be unlocked if it is nurtured by knowledgeable, and highly proactive, threat hunters.
Whether they’re hired full-time, or brought in on a project-basis, threat hunters can be invaluable when it comes to the discovery of malicious artefacts, activity or detection methods not accounted for in passive monitoring capabilities.
If given the right tools, unknown threats that could otherwise easily hide in an overcrowded network can be identified, analysed, and mitigated.
Ultimately, companies cannot be blamed for having acquired multiple solutions over time in pursuit of crafting the perfect, tailored, security stack for their specific organisation. However, it cannot be denied that the way in which the security landscape has changed recently has made over-complicated infrastructures not only inefficient, but in many cases dangerous.
With threat actors not looking to slow down the enhancement of their tactics anytime soon, security teams need to be liberated from the heavy weight that legacy systems put on them and given the chance to get full visibility into the networks they are hired to protect, as well as the opportunity to develop ways of proactively detect and hunt any threats that infect them.
About the author
Andrew Bushby leads Fidelis Cybersecurity’s UK business with a focus on the company’s network and endpoint cybersecurity technologies.
He has over 25 years’ experience working for IT companies, having held various senior leadership positions with companies that include Arbor Networks, Sun Microsystems, Novell and Oracle. Andrew’s goal is to show organisations how to combine the business requirements of the ‘C Level’ with the current technology landscape to deliver real business value to the organisation.