Originally published in PC World, December 18, 2018, by Brett Raphael, Managing Director of Australia & New Zealand, CrowdStrike
Gartner’s latest global forecast for spending on information security products and services shows spending across the world is set to increase this year to more than $114 billion, but there is a difference between simply buying software and actually utilizing it correctly. Many organizations are making the costly mistake of assuming that simply buying security products creates a unified defense for their networks.
While businesses are investing heavily in endpoint security tools, constraints on staff availability and skills may mean that many of those tools aren’t applied as well as they should – and many are purchased but never even implemented or integrated within the company’s broader security strategy. Complex solutions and lack of skills are leaving businesses defenseless to modern cyber-attacks.
Creating expensive blind spots
Organizations are making the mistake of believing that purchasing multiple products will stop breaches when it most likely increases the likelihood of an attack. Defense-in-depth is an approach to cybersecurity in which a series of products are layered to protect data, but time and time again this approach has failed to stop a breach. The problem is that each layer is a different technology that works within its own silo. This makes it difficult to share that intelligence between tools in an effective way and complexity grows as more layers are added.
Beyond the high costs of this approach, the traditional defense-in-depth security strategy is an outdated model and organizations must look to transform their approach to enterprise security. Organizations now have IT infrastructures that incorporate mobile devices, remote access and usage of cloud-based resources and services. Organizations need to shift to the cloud for simple solutions, that provide better management and visibility into how tools are performing in actually stopping breaches.
As network environments become more complex, it becomes increasingly difficult for those responsible to successfully protect it. A survey from CrowdStrike revealed that many companies had not managed to configure and use the products they purchased, with 24% of respondents stating they had not implemented all the security tools purchased by their organization, with respondents citing time and resource constraints.
Part of what may explain this worrisome trend is that cybersecurity professionals are becoming much harder to find and the ones that are currently employed are facing an avalanche of work. Among the skills shortage, cybersecurity job fatigue is becoming a new problem facing the industry, with many security professionals facing long hours and high-stress levels.
Companies are looking to technology to help create a solution to staffing problems, with artificial intelligence (AI) and machine learning being leveraged to bridge the gap. AI and machine learning can support teams of security analysts by looking for threats to the business and alert the team to investigate or respond when anomalies occur.
Machine learning-based security solutions can handle billions of security events, finding threats early on through a combination of correlation, pattern matching, and anomaly detection. In cybersecurity, speed and scale matter and this is exactly where AI adds a significant advantage. AI can offload work from human cybersecurity engineers, and advances in machine learning technology mean that AI applications can also automatically adapt to changes and identify new threats.
A simple, powerful solution
Businesses need to step back from traditional procurement-driven security strategies to consider how they might implement a holistic endpoint defense capable of blocking attacks in real time. Organizations buy into the idea that “more is better”, believing that having a broad range of products will secure their networks. However, modern attackers have learned how to bypass traditional prevention solutions, such as legacy antivirus (AV).
Most security solutions rely on identifying signatures and known threats, or they look for indicators of compromise (IOCs) but the problem with IOCs is they can’t capture new methods of attacks such as malware-free, or
Another key point that shouldn’t be ignored is maintaining good cyber hygiene. Basic hygiene remains a significant challenge with numerous examples highlighting patching deficiencies that led to a significant breach.
Layering multiple products make new challenges for security teams and are the root cause of many of the recent breaches. No one sets out to undermine security but introducing various products can create blind spots in your security posture, leaving your organization vulnerable to cyber-attacks.