The economics of security is changing where CISOs are seen opting for fewer solutions, to help analysts identify genuine threats.
The volume of data breaches and hacks has made the business leaders realize that every organization is at risk of a breach, and a successful attack can result in significant reputational and financial damage. This resulted in businesses investing in a lot of tools and solutions to protect themselves against every type of attack.
However, a shift in the market is observed as CISOs are moving away from buying more solutions. They are instead focusing on simplification and consolidation of their security stacks.
Experts have seen that when a CISO joins a company, they inherit a set of solutions that create more noise than security teams can manage. Since the first generation of security, tools were single-point solutions that protected a single vector; organizations had procured dozens of these, stitched them together and created a patchwork of solutions to protect their business from critical attacks.
Such solutions make decisions based on a single point of intelligence where they tend to err on the side of caution and raise an alert each time something unusual is noticed. However, these solutions do not have any standard degree of certainty of the malicious and end up raising false alarms. Because of this, more security alerts are generated that the security teams could ever hope to investigate. This makes real threats a needle in a haystack and affects the job quality of employees charged with investigating alerts.
According to ESG research, a typical business employs between 10 and 50 different security tools. All these together generate an average of 17,000 alerts each week, which security teams work on, out of which, only, 16% are considered reliable. However, the massive volume of alerts means investigating most of the false positives that take up to 21,000 hours of the workforce, which costs an organization more than $1 million a year.
There’s no doubt to the patchwork approach to protection, but with changing times, CISOs are now looking to reduce the noise and improve the efficiency of the overall security posture.
Organizations have now started working towards rationalizing the security solutions and cutting down to the ones that give credible information and context to attacks. This is changing the economics of security. Single point products are not being opted for anymore and demand fewer solutions that reduce the noise, and help analysts identify true threats are preferred.
Experts believe that the cybersecurity industry will consolidate into three core layers.
- Log collection and aggregation
- Identity and Access Management
- Cyber threat detection and response
The last layer that is the cyber threat detection and response layer can access every segment of the technology stack and conduct cyber threat detection and autonomous response. This level of accuracy means that CISOs and their teams will face fewer false positive alerts, giving them time to tackle real threats.
Cyber-attacks are growing in both sophistication and volume, and when it comes to stopping them – less is more. The higher the number of security solutions higher the noise. This overwhelms the analysts who are responsible for protecting an organization. Simplification and consolidation are the best means for delivering greater efficiency and accuracy.