The importance of synchronizing isolated security solutions

The growing number of isolated security solutions that make up a large part of a modern organization’s security stack is a major headache for enterprise cybersecurity teams. Existing solutions don’t have the ability to gather contextual insights, and analysts don’t have the time or resources to aggregate large amounts of data points collected across channels.

This results in an inability to predict and fully understand the scope of flagged threats. And that makes organizations vulnerable.

To hedge their bets, attackers try to attack an enterprise through multiple attack vectors. This strategy has become much easier as companies continue to adopt new SaaS apps, web apps, cloud collaboration tools, and shared cloud storage drives.

As the number of vulnerable channels continues to grow, so does the number of security solutions, making interconnection of an organization’s cybersecurity solutions essential for the continued and efficient protection of the organization.

With the increasing sophistication and frequency of cyber attacks, security professionals rely on a constantly growing number of cyber defense tools. Organizations use on average 45 different cybersecurity tools to keep their systems secure, and many companies are committing even more than that.

With such an inflated list of solutions, they often undermine each other. Security teams using more than 50 tools are 8% less effective at detecting an attack and 7% less effective at responding to an attack. It is clear that isolated security solutions leave companies vulnerable.

In addition, as the arsenal of disconnected solutions continues to grow, it becomes less and less sustainable for security personnel to jump from one threat defense tool to another. The silos of all these solutions obscure the enterprise’s holistic view of its security posture and key aspects of context analysis. And think about the overhead that many of these tools require for configuration and management.

Sixty percent of cybersecurity professionals give in their current security tools do not enable their security team to operate at maximum efficiency. 84% estimate their organization has lost up to 10% of revenue in the past 12 months due to security breaches.

These percentages will continue to rise as security teams respond to increasing threats with a greater number of tools, especially as they scramble to protect the newer attack vectors. With every new workplace tool (or personal tool like WhatsApp) used by users, vulnerabilities that are not covered by traditional enterprise security solutions increase. As reliance on new cloud-based workplace tools increases and hybrid working becomes the norm, business operations will become more complex and isolated security data will in turn become more problematic.

Consolidation, consolidation, consolidation

There is no panacea for dealing with threat actors. However, it is vital that cybersecurity professionals consolidate their tools to simplify communication and manage incidents quickly and effectively. As much as possible, security professionals should be able to view the activities and data of cyber and IT applications from a single platform. That way, they can holistically assess the organization’s security situation and close gaps with ease.

While the cybersecurity industry is moving towards consolidation with the emergence of effective comprehensive detection and response (XDR) tools, the market is still a long way from reaching full maturity. In the meantime, there is still a need for tailor-made solutions that deal with different threats and attack vectors.

Therefore, some degree of synchronization between these different tools is essential. The industry is already seeing this in the form of multi-vendor partnerships that integrate different tools into a single platform.

Get rid of isolated security

For example, enterprise platforms like Salesforce partner with third-party vendors to bolster cybersecurity capabilities, allowing users to integrate their niche app security into their broader network security. Cybersecurity EDR vendors, such as SentinelOne and CrowdStrike, partner with a variety of third-party vendors to provide customers with coverage compatible with their own solution, improve their customers’ security posture, and unify management.

Security leaders must push the vendor community to provide highly integrated solutions that deliver actionable insights from connections, as well as contextual analysis across seemingly disparate issues to prevent and remediate malicious activity. Built-in compatibility between different solutions will also reduce the manual workload of security teams and allow them to spend their time more effectively dealing with cyberthreats. This should be supported by machine learning (ML) and artificial intelligence (AI) to further reduce the manual workload.

A mishmash of isolated and disconnected solutions can cause more problems than it solves. A cybersecurity team’s lack of ability to see the whole picture (and more) is a major vulnerability for enterprises, hampering a team’s ability to prevent and respond to threats. This is especially true when threats operate at multiple levels, which is increasingly the case.

In today’s economic climate, cost-cutting measures affect all businesses and a security team’s time has become even more precious. It is therefore essential for the safety of an organization that their time is spent as efficiently as possible.

As the industry braces for an increasingly complex wave of threats, breaking down silos and building synchronicity is critical to its success.

Yoram Salinger is CEO of Perception Point.