The cybersecurity industry remains fragmented, with some organizations having as many as 85 security tools from 45 different vendors. Many of these technologies have been acquired over multiple years to address specific challenges across the complex threat landscape. Each new product needs to be properly installed, configured and managed over its life cycle — and many of these technologies sit in silos, which limits their ability to deliver more effective security.

At the same time, highly collaborative cybercriminals are launching sophisticated attacks that are hard to see and stop, and traditional security practices are unsustainable. That’s why security teams must adopt a new strategy that is rooted in collaboration — an approach that connects the dots across products, people and processes for faster, more effective threat detection and response.

External and Internal Pressures

Every day, we hear about new breaches that impact organizations’ reputations, bottom lines and supply chains. What’s more, these breaches affect customer sentiment, particularly incidents that expose personally identifiable information (PII).

With the number of Internet of Things (IoT) devices forecast to reach 20.4 billion by 2020, according to Gartner, keeping these devices secure will become an even greater challenge. Cybercriminals will undoubtedly continue to collaborate on the Dark Web to obtain and exchange this high-value PII and use social engineering to steal records to the tune of trillions of dollars.

Compliance mandates will also be a top priority and challenge for organizations. The General Data Protection Regulation (GDPR), for example, will go into effect on May 25. This mandate doesn’t just impact European countries — any organization that process, stores or uses data related to European Union (EU) citizens must be compliant.

Organizations are also struggling to cope with the growing skills gap in cybersecurity, both in terms of the sheer quantity — there will be 1.8 million unfilled positions over the next few years — and the associated expertise. This lack of resources is compounded by the growing number of disparate security tools and alerts. Still, many organizations attempt to integrate these products themselves by purchasing even more solutions.

Listen to the podcast: Collaboration — The Secret to More Effective Security

Advanced Threat Detection and Response

There is somewhat of a misconception around product coverage in many of today’s organizations. Are you really protected by simply checking the box and having an array of products across endpoints, networks, users and cloud? It’s absolutely critical to have that coverage, but it needs to be in conjunction with products integrating together to deliver best-of-suite solutions that translate into more effective security.

Here are some key questions to consider:

  • Are your security products working together across teams — or do your IT and security teams work in silos?

  • Are those same products working together across all your locations and heterogeneous platforms?

  • Do your security tools integrate in a manner that provides the security operations center (SOC) with real-time visibility and control across the diverse threat landscape?

  • Is your organization moving away from compliance-based security and moving toward a more threat-aware, risk-based security approach?

Security must become more agile to account for the diverse threat landscape while enabling organizations to thrive. This includes a deeper integration of technologies to deliver repeatable use cases centered on better threat detection and response.

As a foundation for integrated security, organizations should leverage a security intelligence platform that can apply real-time analytics and correlate the massive amount of threat information across users, endpoints, networks and cloud. This comprehensive platform must be able to sense, track and prioritize the most significant alerts that pose the greatest risk to enterprise data.

Additionally, security leaders should infuse artificial intelligence (AI) into their strategy to aid analysts in threat investigation, enabling them to rapidly and confidently understand scope and veracity of threats, including links to broader malware campaigns. This is critical against the backdrop of the cybersecurity skills shortage and the troves of untapped threat intelligence data that AI platforms can ingest, analyze and understand at unprecedented speed and scale.

The above factors can significantly aid security analysts, but what does your incident response plan look like? An orchestration layer that is architected in with a security information and event management (SIEM) solution can help bridge the gaps across people, processes and technology to enable organizations to rapidly respond to threats with confidence.

Collaborative Defense

A dynamic security analytics platform that embeds AI and integrates orchestration across the diversity of threats (as well as people and processes) can help set the foundation for a strong security strategy. Collaboration is the glue that integrates disparate point products in a manner that extends their security capabilities beyond what each technology could provide on its own.

At the product level, more open collaboration is critical to the evolution of security technology. Over the past few years, IBM has invested in technologies and partnerships to achieve this goal. One powerful collaborative platform is the IBM Security App Exchange, an ecosystem for the entire security community, including IBM and its partners and vendors, to develop and share applications that integrate with IBM Security solutions. To date, the App Exchange has 140+ partner and IBM apps and over 100,000 downloads. These apps are extensively tested and validated before they are published on the App Exchange.

An example of the value of the IBM Security App Exchange is the recent launch of the Cisco ISE App for QRadar, which gives security analysts insights into risky users and devices, resulting in faster threat detection, containment and policy enforcement. This app enables analysts to rapidly drill down from QRadar into ISE pxGrid for deeper, faster analysis of policy violations and then remediate affected users and devices — all in a single integrated dashboard.

To learn more about the ISE + QRadar app and how collaborative defense in depth can strengthen your security, watch the IBM Security + Cisco webinar on-demand.

Watch the webinar: Cisco Security Integrations with IBM QRadar SIEM & IBM Resilient

More from Intelligence & Analytics

RansomExx Upgrades to Rust

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the…

Moving at the Speed of Business — Challenging Our Assumptions About Cybersecurity

The traditional narrative for cybersecurity has been about limited visibility and operational constraints — not business opportunities. These conversations are grounded in various assumptions, such as limited budgets, scarce resources, skills being at a premium, the attack surface growing, and increased complexity. For years, conventional thinking has been that cybersecurity costs a lot, takes a long time, and is more of a cost center than an enabler of growth. In our upcoming paper, Prosper in the Cyber Economy, published by…

Overcoming Distrust in Information Sharing: What More is There to Do?

As cyber threats increase in frequency and intensity worldwide, it has never been more crucial for governments and private organizations to work together to identify, analyze and combat attacks. Yet while the federal government has strongly supported this model of private-public information sharing, the reality is less than impressive. Many companies feel that intel sharing is too one-sided, as businesses share as much threat intel as governments want but receive very little in return. The question is, have government entities…

Tackling Today’s Attacks and Preparing for Tomorrow’s Threats: A Leader in 2022 Gartner® Magic Quadrant™ for SIEM

Get the latest on IBM Security QRadar SIEM, recognized as a Leader in the 2022 Gartner Magic Quadrant. As I talk to security leaders across the globe, four main themes teams constantly struggle to keep up with are: The ever-evolving and increasing threat landscape Access to and retaining skilled security analysts Learning and managing increasingly complex IT environments and subsequent security tooling The ability to act on the insights from their security tools including security information and event management software…