Without doubt, security issues must be keeping CISOs awake at night. 2020 is the year when numerous staff started regularly working from home and wanting access to all the usual applications and data that they could access when at the office, and customers stopped coming to your shop or office and wanted to buy your products or services online.Â
TheÂ IDC COVID-19 Market Impact Survey 2020Â found that 56%Opens a new window of organizations are â€œscaling up their online presence.â€Â Plus, hackers ramped up their attacks by pretending to send information about vaccines and tax refunds, and much else that might tempt people. The 2019-style environment that you thought was completely secure, now may not be.
Now is the time to take a look at your security environment and see whether it really is offering you the security that you need. But there’s a problem with that. And the problem is that for, perhaps, the last 20 years, people have been purchasing software solutions that will suit the needs of particular applications. As a consequence, most sites have a legacy of point solutions. A survey of 400 global security leaders carried out by Check Point at the end of 2019 found that:
- 49% of all organizations use between 6 and 40 point security products
- 27% of larger organization use between 11 and 40 different vendors’ products
- 98% of organizations manage their security products with multiple consoles, creating visibility silos.
Speaking at theOpens a new window rel=”nofollow noopener” title=”Opens a new window” target=”_blank”> 2019 RSA ConferenceOpens a new window , Matt Chiodi, Chief Security Officer of Public Cloud at Palo Alto Networks, gave slightly different figures, saying that small organizations are using on average between 15 and 20 security tools, mid-sized businesses are using 50 to 60, and large organizations or enterprises are using over 130 tools on average. This kind of complexity can result in security mistakes being made, which, clearly, needs to be eliminated.
This is a situation that exists in other areas of IT. People choose a point solution that offers just the solution they want to a problem that they are experiencing or anticipate experiencing. There’s usually never time to look at the bigger picture to see whether a different product would solve more than one problem and remove the need for multiple point solutions.Â
At the same time, there is a natural avoidance of bloatware, a product that offers so many facilities that will never (or hardly ever) be used. And that’s why so many sites find themselves with so many security solutions. Each one was selected by part of the organization as a way of best protecting the proprietary data and networks that they looked after.
Now is clearly the time to take a holistic view of security. It’s a time to examine exactly what products are in use and exactly what they are being used for. It’s time to see how many people know how to use the products â€“ all the facilities that it offers, not just the few features that are used frequently. It’s time to think seriously about those visibility silos that 98% of organizations (as mentioned above) suggest they have. It’s time to see whether consolidation would be an opportunity to do more with less â€“ or not.
This tool sprawl is often the reason that silos between teams are created. And, up until now, there has been little appetite at many organizations to do anything about it. However, the â€œ2020 SANS Network Visibility and Threat Detectionâ€ report found that 68% of respondents now want to reduce the number of security tools they have in use. Now would seem to be the ideal time to move away from running multiple separate consoles and the challenges that presents, along with the separate silos, and consolidate security solutions. It’s also a chance to move away from products that are no longer being updated.
Now is also the time to examine exactly what those point solutions do â€“ what problem they actually solve. And the reason for this is obvious. There is no point consolidating security solutions if the new software can’t do the job of the old software, or can’t do it in a way that makes the product easy to use and easy to identify any breaches. This kind of force fitting of software solutions won’t make your IT more secure than it was before.Â
Consolidation shouldn’t result in the loss of features, capabilities, and/or coverage provided by the existing solution. It also makes sense to look at the security must-haves suggested by analyst firms like Forrester. This can be compared with your in-house list of security needs. Another good place to start is with industry or compliance frameworks such as NIST, SOC, HIPAA, COBIT, etc. Compliance will ensure that the most common weak points are protected from hacker attacks.
So, let’s look at how security tools consolidation can help you â€˜do more with less’.
1. Better security
Having lots of different security tools really does increase the attack surfaces an organization offers up to potential attackers. A basic security measure at any site is to keep the attack surface as small as possible. Consolidating security software seems an obvious way to reduce the attack surface and keep a site secure. Clearly, the consolidated security software must offer, at least, the same level of security as the old point solutions did.
2. Save money
Saving money is not the ultimate aim of consolidation, but it can be one of the benefits. Each of the many point solutions in use will have a cost, and rationalizing on fewer products should result in less money being spent and lower maintenance costs. It’s important to ensure that whatever niche reason the original software was bought for is still being satisfied with the consolidated tool. Also, less training will be required because fewer pieces of security software will be in use.
3. Easier management
Consolidation usually results in fewer consoles being used and they can all be located in a single data centre rather than multiple locations. Networking becomes simplified and more efficient. Backups, maintenance, etc can be performed more efficiently. With the reduction in the number of security solutions being managed, management not only becomes easier, but more flexible.
4. Fewer personnel requiredÂ Â
Consolidation of consoles means that fewer people will be needed to use them and those people can all be trained to use the software, so companies are no longer reliant on single individuals to use a piece of security software. It should also improve the service offered.
Consolidating security software is an opportunity to move to a more automated approach. With automation, you should be able to eliminate false positives, ie when the software mistakenly identifies a security issue, and more quickly respond to an actual security threat. This increase in response time is due to the software not needing to delegate tasks to people, but respond in the way it has learned to respond. Machine learning can accelerate threat detection. With high priority threats, staff can be alerted immediately.
6. Faster identification and response
Consolidation removes the issue of point solutions not easily sharing information they may have detected. It means that threats can be picked up and either dealt with immediately by the software or sent to a manned console, where an appropriate response can be given. There is no delay where information from one console needs to be checked with a second piece of software on a different console. The new security software will be integrated.
Putting it all together, consolidation means that the security stack (the idea that security must be an integrated set of services) can be modernized and rationalized resulting in better security for an organization and also allowing them to do more with less.
What are some of the risks associated with security tool sprawl? Comment below or let us know onÂ LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!