Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Julian Martin of Mimecast takes the helm and helps navigate through the waves of cyber complexity by applying an integration mindset.
The complexity afflicting cybersecurity teams far and wide is well-documented. From widespread staffing shortages to bloated tool sprawl, cloud-based hybrid enterprises are navigating a sea of complications when defending against highly sophisticated threats. In response, the concept of tool consolidation has emerged as a hot-button buzzword– the silver bullet for finding a simplified solution to the complexity problem. But beneath the surface and beyond the untrained eye, the situation isn’t really that simple.
Sure, it may make sense in theory. By reducing the amount of spawl in their stack, organizations can enhance the efficiency of strained security teams AND cut spending simultaneously. With fewer tools to manage, IT analysts capitalize on the power of additional bandwidth to strengthen their security posture. A lower cyber spending rate helps weather the headwinds of our current macroeconomic climate. The CISO and CFO both ride off into the sunset happily ever after. Everybody wins. End scene.
However, in reality, we’re not exactly talking about a movie script here– and finding real solutions to cyber complexity will require more than short-sighted consolidation. Merely eliminating business-critical tools in the spirit of addition by subtraction isn’t the remedy that some within the cybersecurity community have made it out to be.
Navigating Cyber Complexity
The Optimization Approach
Getting rid of a few redundant tools here and there is one thing, especially when they are outdated or underutilized. But it’s important to remember that the myriad best-in-class products within an overarching architecture were designed, selected, and purchased for a reason: to protect critical business functions or processes susceptible to attacks. Those functions and processes stay in the crosshairs of cyber threats even after the “non-essential” tools protecting them have been consolidated.
In most cases, the missing link is rooted in disparate systems lacking integration and interoperability. If an organization trims its security arsenal from 30 tools to 20, but the 20 remaining products are all siloed and unable to seamlessly integrate, consolidating is hurting their cause more than helping it. Maybe the reduction delivered value from a resource allocation or monetary standpoint, but if analysts are still juggling 20 different admin consoles and platforms simultaneously, the organization is no less susceptible to a major breach than it was before.
Optimization, not consolidation, is the most effective approach to navigating the complexity of the cyber threat landscape. Rather than placing all your eggs in one basket via consolidated single-platform solutions that are more laborious and time-intensive than they seem, optimizing the existing tech stack with an integration-first mindset offers a clear roadmap for maximizing efficiency and ROI. By ensuring all tools within the stack are fully configured, integrated, and interoperable, organizations can make impactful progress toward simplification that doesn’t sacrifice security.
Cultivating an Optimized Framework
Optimized security architectures start with investing in best-of-breed vendors offering interoperable solutions that align the security stack with an organization’s unique risk profile. It also generates a holistic lens of the entire attack surface viewable through a single pane of glass, empowering analysts to centralize defenses through cross-functional threat intelligence sharing, AI-enabled automation, and continuous data connectivity that safeguards high-priority attack vectors.
- Threat intelligence sharing: Enables quick recognition of threats through machine learning analytics tools, allowing analysts to respond with immediate defense measures.
- AI-enabled automated workflows: Eliminates tedious manual tasks to streamline human workflows by accelerating and improving fundamental facets of network detection and response.
- Shared/integrated tool data: Generates real-time visibility into an organization’s entire security environment to promote the creation and delivery of targeted alerts.
Let’s use email as an example, a primary attack vector of the modern cloud-based hybrid enterprise. Verizon’s newly released Data Breach Investigations Report found that business email compromise attacks nearly doubled in 2022 with a median average of $50,000 in losses per breach. Considering more than 90 percent of attacks enter the network through email, it’s critical to share that telemetry data across the entire security stack and inform its corresponding XDR, SIEM, SOAR, and SAW products of the incoming threat. Without interoperability, the likelihood of that malicious threat slipping through the cracks is much higher. But when the solutions are all integrated, it creates a digital bridge between the first and last line of defense – automating the protection, detection, and response facets of NIST’s security framework to strengthen defenses where they’re needed most.
It’s a standard operating procedure for organizations to undergo a refresh cycle of their security stack every 3-4 years in alignment with the licensing structures of modern security products. During those transitional periods, it’s important to stray away from a consolidation-first mindset and instead focus on opportunities for optimization. Engage prospective vendors on the breadth of their interoperability, as well as their ability to integrate with both your existing stack and outsourced MDR providers. Performing these types of integration maturity reviews fosters more opportunities for optimization, which is the only real way to cope with the ever-growing cyber threat landscape. When it comes to navigating an evolving era of cyber-attacks, defenders – and tools – can always find strength in numbers.
- Navigating Cyber Complexity with an Integration Mindset - July 21, 2023
Julian Martin
Julian Martin is the VP of Technology Alliances at Mimecast, where he helps manage and develop the company’s ecosystem and technology alliance strategy. With 20 years of experience in the IT security industry, he joined Mimecast in 2008 to establish the channel program and support partner recruitment for the EMEA/US region.
