Saturation and consolidation are two key terms that will steer conversations in cybersecurity through the course of 2022.
What do we mean by saturation? In this case, it refers to the sheer volume of security solutions available on the market. There is also a trend for organisations’ security setups to comprise of many disparate tools geared towards highly specific analytical and protection requirements.
Solution saturation is, in my view, already a problem in the cybersecurity market. We see reports showing that companies have tens of vendors on their books. Some have up to 70 different security providers’ systems installed at any one time. It can create a series of difficulties for these organisations.
Among the most impactful is cost, especially for those buying up best-in-class versions of everything. These costs are going to add up and churn capital. Furthermore, a complex web of separate security tools can lead to high integration costs over ownership models spanning several years.
Underneath this are costs relating to the workforce. Individuals must read and interpret various dashboards and feed those findings into a central system. It becomes incredibly complex, hampers productivity, and translates into financial expense with multiple different solutions.
Adding to this challenge is the fact that vendors tend to be very proprietary about their information. It makes integrating different security solutions and tools into a neat ecosystem difficult and unlikely to succeed.
Overcoming the complexity issues associated with solution saturation is therefore difficult. It makes it challenging to manage security and mount efficient and effective responses. This can actually leave organisations vulnerable to cyberattacks – despite all the capital they have invested.
Key reasons behind solution saturation
So, how and why is this problem occurring?
There are many factors at play. Firstly, approaches to security are often defined by issues that need solving right here, right now. What solution can I buy to solve this specific malware or ransomware threat? Once that immediate pain has been removed, security teams move on to the next.
A more productive approach is to consider how one solution can be reused or tweaked to solve a new problem. But, all too often, the easier option is to explore the market and buy the next best-in-class tool. One year a company may invest in a new EDR capability. The next, they may acquire a sophisticated intrusion detection system. Once the cycle starts, it can go on for years, become habitual and be difficult to stop.
The cycle recurs because while security leaders may have the funds to buy best-in-class tools, they often lack the expertise (or time and resources) to leverage a product’s highly sophisticated feature set. It is a paradigm that eventually results in a struggle to justify security budgets.
Moreover, some small and mid-sized organisations will find themselves with stringent budgets. It means they are hard pushed to know which tools they can afford not to have while not leaving themselves open to a cyberattack.
The COVID-19 pandemic has added another dynamic. Chiefly, it has become more challenging to bring stakeholders across a business together and collate security requirements, given the shift towards hybrid and remote working models. It makes siloed postures made up of multiple solutions more likely to emerge.
Trending towards consolidation
Thankfully, resolutions are coming on stream to break the cycle of solution saturation and facilitate security consolidation.
As we settle into 2022, we see sizeable portions of the industry shifting towards more unified security setups and away from disparate solutions. These can be delivered by a single vendor or through leveraging open standards to achieve a unified outcome.
Take the perspective of a single vendor. Consolidation of security solutions is a problem riddled with complexity around data science, security science and computer science. It is so complex that few vendors will triumph in this arena. Meanwhile, their prospective customers could resist options that involve uprooting and replacing an arsenal of best-in-class tools they already use.
As a company, we have addressed the need for consolidation by combining the analytical capabilities of security information and event management (SIEM) and the powerful response tools in security orchestration, automation, and response (SOAR).
By combining these solutions, firms can identify, analyse and prioritise security incidents at speed. It enables faster response times to threats and the ability to deliver more with less.
Automated playbooks are deployed to rapidly investigate, contain and remove cyber threats. They eliminate time spent on manual or undocumented methods and providing CISOs with the right info at their fingertips.
The upshot is that we are making cybersecurity automation and consolidation available for organisations of all shapes and sizes.
Security budgets are increasingly part of the challenge
Security budgets are increasingly becoming a boardroom issue. CISOs are being charged with demonstrating that their investments generate value and deliver continuous improvement.
Gone are the days when reams of slides full of technical terminology would impress decision-makers. Today, security teams need to show how they contribute to their organisation’s digital journey, helping it navigate through times of flux, just like we have seen with the COVID-19 pandemic.
As vendors, we have to enable that value to be extracted from consolidated approaches to security. That means we cannot keep all of our IP close to our chests. Yes, we’re all businesses and here to make a profit, but it is also imperative that we work together to address the growing challenges of cybercrime.
LogPoint is the creator of a reliable, innovative cybersecurity operations platform — empowering organisations worldwide to thrive in a world of evolving threats. By combining sophisticated technology and a profound understanding of customer challenges, LogPoint bolsters security teams’ capabilities while helping them combat current and future threats. LogPoint offers SIEM, UEBA, and SOAR technologies in a complete platform that efficiently detects threats, minimises false positives, autonomously prioritises risks, responds to incidents, and much more. Headquartered in Copenhagen, Denmark, with offices around the world, LogPoint is a multinational, multicultural, and inclusive company. For more information, visit http://www.logpoint.com