There is a big problem facing the cyber security industry right now, and it might not the be one you were expecting to hear – there are too many security products! At last count there were more than 1,800 security vendors in the US alone, with an average of nine new vendors appearing every month. Add in vendors in Europe, Israel and other parts of the world and the total number is near to 3,000.
Unpicking the problem
The problem lies in the fact that – despite there being such a high number of point product vendors – almost all of them address only a small area of the overall threat spectrum. With the market now so oversaturated, the sector is experiencing product chaos. Even highly experienced security professionals are unsure what many vendors’ solutions actually do, which ones they need, and how to differentiate between them; let alone how to implement and manage them when they have finally made a decision.
As most security products only address a limited subset of threats, organisations are forced to use multiple products in order to ensure they stay protected. The average enterprise uses between 25 – 30 security products, with this number rising to up to 100 for bigger organisations. The list of deployed solutions began with firewalls, VPNs, IDS/IPS, web and email content security, and gateway and endpoint AV, and has grown exponentially since then.
Drowning in alerts
Each security product creates multiple security alerts every day. To put into perspective just how unmanageable the volume of alerts currently is, research revealed that 92 percent of organisations receive more than 500 SOC alerts every day, with only four percent of alerts being investigated by analysts. Security teams have become overwhelmed by security alerts, and with it, presented with the challenge of how to decipher which of the hundreds are worth investigating. It is unsurprising that genuine threats are slipping through the net.
Therefore, this increasing volume of security products has not only increased the cost and complexity of the security ecosystem, it has simultaneously decreased its overall agility and effectiveness. The saying ‘too much of a good thing’ comes to mind!
As each point product is essentially a security black box, integration is difficult. Security teams are having to monitor separate admin interfaces and dashboards, which creates a huge drain on efficiency.
Rather predictably, the security industry’s answer to integrating point products was to add yet more point products in the form of SIM/SEM – or SIEM – solutions. This additional layer promised to put security operations staff back in control by generating meaningful actionable alerts, but has instead brought its own set of problems. Many organisations struggle to extract value from their SIM/SEM deployment, and instead just have yet more alerts to attempt to investigate and analyse.
What is the solution?
Simply put, the security industry needs to stop adding yet more management layers, and instead define a properly integrated, automated approach that actually removes the problem (rather than adding to it).
Here at Censornet, that is exactly what we have done. Our Unified Security Service (USS) is a single, simple, integrated platform that can incorporate email and web security, cloud application security (CASB) and multi-factor authentication. In other words, it’s the ‘single pane of glass’ that cyber security professionals have long been seeking.
But further to this, it also opens the way for the industry to move to another level, shifting integrated security products from reactive to proactive, and enabling attacks to be prevented. Automatically.
Once all security products are integrated within a single platform, there’s no longer a barrier to sharing and exchanging short-term security state data on users, user actions, devices and content, so that any single product could, in theory, automatically take action based on observations drawn from other products. The industry is on the verge of a beautifully simple solution that will have the power to stop even the most sophisticated cyber threats – reacting to and preventing attacks in real-time.
And it’s about time too.
‘Point Product and Alert Overload’ takes a critical view of the security industry’s continued failure as data breaches continue at sky high levels. With a plethora of security solutions, why do IT teams feel so ill equipped to tackle the evolving threat landscape? And what will the next generation of security products do to fix the problem?