by Trevor Smith, EVP at Brite
Global information security spending continues to grow by double digits year over year and is expected to reach $124b in 2019. The combination of the digital transformation, emerging threats and new regulations are forcing organizations to focus on improving security practices. As a result, a portion of that spend has been on tools that are seldom fully utilized or actively managed. Most of these tools generate alerts, information and logs that cannot be effectively monitored with existing staff or are inefficient with the other tools and processes. In this blog we will highlight four areas to consider ensuring you maximize your security investments.
There will always be more tools, a different approach, a new way to solve a problem. The number of tools should be relevant to the business and to the resources available. A tool may help an organization fill a check box to pass an audit, but it does not elevate the security posture unless implemented correctly, continuously managed, reviewed and re-evaluated. If we take a SIEM for example. While most organizations understand the need for a SIEM, very few have successfully implemented a platform and gained continuous value without expending a disproportionate amount of resources – including valued staff.
Unless specifically dedicated, existing staff have a challenge of only using a tool during implementation and yet are expected to be experts during an incident. Most IT staff today are multi-tasking across multiple platforms, limiting their exposure and proficiency with a tool. On the other hand, with some large organizations where resources are abundant, dedicated resources manage a single or small set of tools. This generates another issue of information siloes. While the platform may be well maintained, the myopic view limits the incident response time and effort. In either situation, there is a need to tie solutions together, to correlate details to be better informed and to assist in a swift response.
Once the proper tools are accurately implemented and staff can effectively manage them, then along comes orchestration. The goal of orchestration is to tie security tools together and leverage the individual capabilities to generate a better combined outcome. The sum of the parts is greater than the individual parts. In many cases, organizations don’t need to add another tool, but link current investments together to improve security posture, heighten situational awareness and shorten incident response. The leading companies in the cybersecurity industry have realized that cooperation and in many cases coopetition can benefit their platform adoption and result in a better outcome for the customer.
Organizations can create incredible efficiencies by automating tasks. Tasks can start out simple such as checking system OS compliance or end point security installed. Combined with orchestration, automations can become even more valuable. For example, by interacting with Vulnerability Management, scans can be set off for transient devices. Or a CMDB can be populated in real time to keep the details current.
When organizations try to solve a problem, they typically look for new and innovative tool or capability. At Brite we help our customers focus on an outcome. How can you strengthen your security posture with existing tools and staff or what can complement existing processes? With our managed security services, we are able to combine People, Process and Technology to deliver reliable service level agreements at a predictable cost.