Most enterprises have dozens of cybersecurity solutions to help them defend against an ever-expanding cyberthreat landscape, but new research finds that for most organizations, these tools are not sufficient. A recent Ovum survey revealed that in 2018, over two-thirds of organizations suffered a significant security breach in 2018. All surveyed companies have made significant investments in terms of dedicated staff, network or security operations centers (NOCs or SOCs), and tools, and many boards would expect no breach as a return on investment.
However, there’s the oft-said but highly relevant truth that enterprises need to keep every door and window firmly shut, because to perpetrate a breach, an attacker only needs to find one way in. Enterprises commonly adopt new tools to mitigate new attack methods or address increases in risk, in turn expanding their portfolios of commercial enterprise security solutions. So it should be no surprise that the same Ovum survey found that most enterprises have up to 50 cybersecurity tools in use today, and a further 12% of enterprises have more than 50 security products.
Yet this ongoing cycle (find a new security problem, fix it with a new security product) brings its own challenges. Beyond the cost of the solutions themselves, each requires trained and experienced cybersecurity staff to be effective, an ongoing struggle amid the well-documented workforce shortages. In addition, the security operations function frequently spends a great deal of time handling a deluge of alerts from various solutions in order to quickly identify and respond to potential breaches. Furthermore, because few if any of these solutions are designed to work together, critical threat intelligence is often not acted upon, and certainly not in the orchestrated, automated fashion that organizations are increasingly demanding.
This high number of solutions and their inability to prevent breaches has created a situation that is clearly unsustainable and not tolerable to enterprise security leaders. As such, organizations are reviewing their portfolios of cybersecurity technology to find a better way forward. Consideration is being given to the extent of integration (enabled and available), having fewer products and fewer suppliers, and ensuring that each product is being utilized fully and correctly. Furthermore, they are increasingly seeking a portfolio-centric approach across the three capability buckets (prevent, detect, and respond) to ensure that their solutions work effectively as a single cybersecurity architecture, and support the people and processes necessary to address the cyber kill chain.
As one CISO recently told Ovum: “We need to focus on stabilizing our security posture, ensuring that the security tools and products we have are fit for purpose and can support the enterprise. Those that don’t will be gone.” Security vendors take heed.
Straight Talk is a weekly briefing from the desk of the Chief Research Officer. To receive this newsletter by email, please contact us.