The cybersecurity industry has a major problem; one that hinders progress in improving security posture for organizations globally. We are talking about the fragmentation of security operations within organizations. It can occur due to different reasons such as the use of numerous disparate security tools, limitations of the management structure, lack of connected processes, etc. Though the factors behind the silo-ization of security operations may vary, every organization suffers the negative side-effects and consequences of it. Cyber fusion provides us a way to alleviate many cybersecurity pain points, especially the ones arising due to silos in security operations.
Too Many Tools and Lack of Integration
Security operations involve a number of different teams within an organization, each of which may operate a different technology or tool stack. In many cases, organizations adopt specialized tools to address certain use cases. In the short term, adding a new dedicated tool may seem like a sound strategy but it inevitably adds to the operational workload in the long term. For every additional tool, organizations need to train their staff and may need to make changes in their workflow. It is easy to see why this is not a sustainable approach, especially for cybersecurity, wherein new threats and new security technologies keep coming up.
It is challenging to know the exact number of tools used in security operations as it is a confidential matter that can risk the organization’s security. However, several industry surveys and reports have shone a light on it in recent years. A 2017 survey by Enterprise Strategy Group (ESG) found that 40% out of 412 respondents used between 10 and 25 security tools. Moreover, 30% of respondents used between 26 to 50 security tools. Additionally, a 2017 study in the financial services sector by the market research firm Ovum revealed that over 73% of respondents were using more than 25 tools in their security operations. Some of the surveyed organizations even operated over 100 security tools.
Since 2017, the situation has not changed much since 43% of respondents in the SANS 2019 SOC Survey cited “Too many tools that are not integrated” as a top challenge in security operations. Due to the lack of integration between disparate tools, it becomes difficult to collaborate across security functions. It also becomes more challenging for managers and security leaders to maintain organization-wide visibility and govern effectively. Moreover, since many security tools deployed by organizations cannot exchange data or interoperate in a reliable manner, it becomes difficult to execute collaborative activities across teams. With this, it is abundantly clear why organizations need to break down security silos.
Adding the Secret Sauce with Cyber Fusion
The number of security tools may not shrink anytime soon. But besides the number of security tools, a more pressing issue is the operational divide between the various teams that use those tools. The aforementioned SANS 2019 SOC Survey also highlights the “silo mentality between security, IR and operations” as a top challenge in the full integration and utilization of a centralized security operations setup. However, organizations can establish more collaborative processes and use their tools in a much more efficient way by adopting cyber fusion.
Cyber fusion provides a novel approach for security operations wherein diverse security functions are housed under one roof. With key personnel from all core security functions working side by side, it enables the two-way exchange of information and actions between different teams. This improves collaboration across teams and makes it easier to find and address loopholes in existing processes.
Cyber fusion is also a boon for security managers and executives. It provides unparalleled visibility over the threat with information on all kinds of threats in a single place. Thus, a cyber fusion-powered platform becomes the single source of truth for decision-makers within the organization. This helps them track all the meaningful metrics, and set shared goals and incentives for all security functions.
With a centralized cyber fusion-powered platform, organizations can also leverage security automation and orchestration to create a large number of integrations between various tools. And by utilizing automation-powered playbooks, security teams can drive many different security actions straight from a single platform. This helps security teams get rid of many bottlenecks and inefficiencies in their existing processes and manage and respond to threats much faster. Apart from this, it also enables security teams to collate and analyze all the available threat data from various security tools in one place. This allows them to more effectively analyze the behavior of known threats and prepare countermeasures for a proactive response.
The Bottom Line
Security operations are an integral part of every organization today. The fragmentation of security operations is an issue that can make or break the security posture of any organization. Cyber fusion can be the perfect antidote to the troubles organizations face from a siloed operational landscape in cybersecurity.
Posted on: February 19, 2020