Cybersecurity spending has outpaced general IT spend for the last few years, and in 2019 with budgets growing up to 5 percent according to some analysts, this trend is clearly continuing.
But with this level of investment, why are security teams struggling to keep ahead of threats?
The growth of investments is just one part of a larger story – much of this is being driven by a need to comply with new external regulations or manage the transition to multicloud; all of this drives a need for solutions to address different areas of risk, while still requiring the same security team to manage everything.
Investing in Solutions
As breaches become more complex, with larger fines and resultant damage to business and brand immeasurable, it’s hard for any enterprise to ignore the need for security investment. New solutions do not automatically ensure better protection – and, in fact, they can increase the risk for missing an alert, while making it harder to complete an overall risk assessment for the business.
So how can CISOs and their security teams ensure effective risk reduction, clearer regulatory compliance and the best ROI from security solutions?
The first consideration is to understand whether the existing security and non-security solutions used to manage the business are able to work together. This addresses two key requirements for early discovery and fast mitigation of threats:
1. The broadest possible visibility across security and non-security solutions, leveraging data effectively to give the earliest possible warning of a potential breach.
2. Automation capabilities to create security policy and deploy remediation across multiple different solutions.
You may wonder why it’s important for security and non-security solutions to work together, especially as the speed of cloud and digital transformation has not always been a primary consideration. Let’s think about this in very simple terms – if a threat is detected at the firewall but seen to have entered the network and infected several devices, the ability for security to deploy an access-control policy to the local network switch and isolate infected devices would be critical in preventing lateral spread and effecting fast remediation.
The ideal solution would be to visit a single vendor and buy everything in one place – that should make it all work together, right? Not necessarily. Many vendors have solution sets from a mix of existing owned technology and acquisitions, meaning there’s no guarantee of compatibility. Also, the reality of business today means that a rip-and-replace to make this happen is not realistic.
When considering new security solutions, it is important to make sure that they work well together and will work with existing solutions. The best way to explain this is with an example, so let’s consider Advanced Threat Prevention (ATP):
• The role of ATP is either to keep threats out of the network or detect and prevent lateral spread of threats on the network. In either case, if ATP works as a standalone solution then all it can do is alert the team to unusual activity and leave them to manually perform the corrective action, which takes time and manpower.
However, if ATP is working in concert with other solutions then there are a number of benefits. Firstly, with broad visibility of security data into ATP, it is possible to spot anomalies earlier as they move across the kill-chain. This data can be used to generate automated security actions that can stop known threats in their tracks – and provide early alerts to the security team of an unknown behaviour that might be benign, or could turn out to be an advanced threat infiltrating the network.
This is just one example of where having integrated and unified security can pay back dividends to the business. The network is the unique fingerprint of your business, it’s what the bad guys are after – if all solutions worked in harmony on and across the network then that fingerprint could be leveraged to keep the bad guys on the outside.
Investing in People
Of course, this is all great, but the next question is: How do I achieve this with a lean security team?
This is where security services become important, and as such have seen growth in recent years. Many security leaders lack the resources to deploy security software, or even keep up with technology advances in security. As such, using outside services and service provider expertise for this role is ideal. They can expand and contract the security team in line with the needs of the business.
There is another benefit of using security services to deploy solutions, one that’s not so obvious, but still important. The engineers in an enterprise are skilled, but their focus is on the environment that they work in each day – they already struggle to keep up under the weight of needed updates and changes. Utilizing external specialists for this extends the existing team temporarily and allows for the project to be completed within the agreed upon timeline. It also provides better train-the-trainer opportunities for when the project is handed off. Most important is the outside knowledge that an external specialist brings. This is a highly skilled individual, experienced in security solutions from having deployed to many other enterprise customers, and as such they will know design benefits, pitfalls and best practices –overall saving money and make the existing team more productive.
Let’s bring this full circle and return to my initial sentiment; while security spending is on the rise, it’s up to us as experienced security practitioners to make the most of this spend with a clear ROI that can be reported to the business.
To achieve this, today’s enterprise must clearly map out their priorities to ensure that they are in the best position to prevent, detect and mitigate threats. This is achieved not just by implementing technology, but by ensuring it works in harmony across the unique data of your business by strategically utilizing security services specialists with the broadest design and deployment experience possible.