Reduce Complexity to Bolster Your Cybersecurity Home Insights Blog Reduce Complexity to Bolster Your Cybersecurity August 31, 2020 Reduce Complexity to Bolster Your Cybersecurity With cybersecurity technologies, less is often more… Many organizations rely on a number of unintegrated cybersecurity tools – in some cases, as many as 40 – as well as several different vendors. But is this practice sustainable? Is it even counter-productive? As Check Point’s Lloyd Tanaka explains, nearly 70% of surveyed security leaders now see consolidating around fewer vendors as a way to improve security in their organizations. Recent studies shed light on a compelling inflection point for cybersecurity professionals. Organizations battling cyber threats, for years and even decades, have created complex labyrinths of security technologies. Dimensional Research has confirmed the security leader experience, as nearly half of surveyed organizations use between six and 40 point security products. Organizations have routinely addressed newly discovered attacks, exploits and vulnerabilities by adding point products from disparate vendors. Faced with a complex maze of cyber technology, security professionals are questioning if this practice is not only unsustainable – is it counter-productive? Battling sophisticated threats requiring real-time response is already complicated. Committing valuable security team resources to tedious administration that can result when housing assorted, multiple point products is inefficient at best. The Dimensional Research study offered other key findings: 27% of larger organizations use between 11 and 40 different vendors’ products 98% of organizations manage their security products using multiple consoles, creating visibility silos 79% of security professionals say working with multiple vendors presents significant challenges 69% agree that prioritizing vendor consolidation would lead to better security 90% of organizations have seen increasingly sophisticated cyber threats during the past three years Sustainability is a key factor Budgets and people resources are finite, especially in cybersecurity. Supporting too many technologies is costly. Teams are often stretched thin and getting effective results from new tools requires training. If an organization is using, say, 15 products, are they benefiting from even 50% of the tools’ capabilities? Probably not. As noted above, managing multiple products requires the use of multiple management consoles, which impedes establishment of a holistic view of the organization’s threat landscape. Clear visibility is key for accurate incident response: you can’t rectify what you can’t see. Managing security events using a mix of consolidated and standalone consoles is inherently complex. Nearly 80% of security professionals said that not only is it difficult working with multiple products, but dealing with multiple vendors also poses challenges. To understand why this is a challenge, you only need to consider the management overhead of maintenance, version upgrades, contract renewals and other activities tied to the solutions times the number of products, be it six, 15, 40 or more. Additional challenges including training staff, setting and managing policies, complex deployments and the manual work required when there’s no integration between solutions. Why it’s time to consolidate security Nearly 70% of surveyed security leaders now see consolidating around fewer vendors launch as a way to improve security in their organizations. McKinsey explains: “Today, companies have substantial assets and value manifested in digital form, and they are deeply connected to global technology networks – even as cyber attackers become ever more sophisticated and adaptable to defenses. At most companies, boards and senior executives acknowledge the serious threats that cyberattacks pose to their business. What they are not sure of is how to create a strategy that helps them understand and address the threats, in all their forms, today and in the years ahead. And they’re asking for such a strategy every day.” Consolidation could be the missing piece of a revamped cybersecurity strategy. Greater integration that accompanies consolidation can improve security, minimizing the functional gaps between the protection that each product delivers. Reduced time, cost, and resource savings with integrated management could be better utilized to improve cybersecurity performance. Using many security point solutions each with its own standalone interface complicates security administration and management. Having to monitor several diverse interfaces to respond to alerts can cause threats to be missed. Consolidation framed in a pre-built security architecture or framework can offer these additional benefits: Shared threat intelligence Streamlined, one-click sourcing to add new protections On-demand deployment with a single interface Smooth compliance updates, reports, and audits Support with fewer service calls Impact of COVID-19 What isn’t yet known is what the widespread repercussions from the coronavirus pandemic will have on your near- and long-term cybersecurity strategies. The pandemic has already impacted security, as offices have closed and workforces migrated to remote. Opportunistic threat actors launched over 700,000 coronavirus-related cyber attacks in late April and cyber criminals targeted COVID-19 research firms with vaccine-related malspam, cyber scams and phishing campaigns in order to steal user credentials or direct traffic to phony websites. It’s too early to know the full impact of the pandemic and what a post-COVID economy will look like. According to Gartner, global customer spend on information security was estimated to hit $146 billion in 2020.* Will cyber budgets expand or contract considering the impact of an economic slowdown? In this crisis, it’s fair to ask, “How can we best be prepared for whatever is next?” In the current environment, Maya Angelou’s axiom could apply: “Hoping for the best, prepared for the worst, and unsurprised by anything in between.” Whether the industry is bracing for a cyber pandemic or the world is able to revert to a “new normal,” consolidating security makes good sense for all organizations to consider. * “Information Security and Risk Management End User Spending,” Gartner, July 2020 By: Lloyd Tanaka Content Marketing Manager | Check Point Software Lloyd Tanaka is the Content Marketing Manager at Check Point Software. His responsibilities include content strategy development which includes the conceptual framework and business case for content targeting CISOs and other information security executives. He manages a team of content strategists, producers, and operations specialists. He has spent several decades in various security software marketing and content roles. He resides in the Bay Area. Share: SecOps Partner Series Copyright © 2021 Optiv Security Inc. All rights reserved. No license, express or implied, to any intellectual property or other content is granted or intended hereby. This blog is provided to you for information purposes only. While the information contained in this site has been obtained from sources believed to be reliable, Optiv disclaims all warranties as to the accuracy, completeness or adequacy of such information. Links to third party sites are provided for your convenience and do not constitute an endorsement by Optiv. These sites may not have the same privacy, security or accessibility standards. Complaints / questions should be directed to Legal@optiv.com RELATED INSIGHTS BLOG July 16, 2020 Assessing the Needs for Today’s Modern Security Gateways This guide offers tips to assess requisite capabilities for modern security gateways. See Details Read more about Assessing the Needs for Today’s Modern Security Gateways BLOG November 06, 2019 Cyber Threats, Unintegrated Tools and Alert Fatigue Nearly a third of cybersecurity professionals say they ignore alerts because so many are false positives. See Details Read more about Cyber Threats, Unintegrated Tools and Alert Fatigue How Can We Help? Let us know what you need, and we will have an Optiv professional contact you shortly.