The cybersecurity industry remains fragmented, with some organizations having as many as 85 security tools from 45 different vendors. Many of these technologies have been acquired over multiple years to address specific challenges across the complex threat landscape. Each new product needs to be properly installed, configured and managed over its life cycle — and many of these technologies sit in silos, which limits their ability to deliver more effective security.

At the same time, highly collaborative cybercriminals are launching sophisticated attacks that are hard to see and stop, and traditional security practices are unsustainable. That’s why security teams must adopt a new strategy that is rooted in collaboration — an approach that connects the dots across products, people and processes for faster, more effective threat detection and response.

External and Internal Pressures

Every day, we hear about new breaches that impact organizations’ reputations, bottom lines and supply chains. What’s more, these breaches affect customer sentiment, particularly incidents that expose personally identifiable information (PII).

With the number of Internet of Things (IoT) devices forecast to reach 20.4 billion by 2020, according to Gartner, keeping these devices secure will become an even greater challenge. Cybercriminals will undoubtedly continue to collaborate on the Dark Web to obtain and exchange this high-value PII and use social engineering to steal records to the tune of trillions of dollars.

Compliance mandates will also be a top priority and challenge for organizations. The General Data Protection Regulation (GDPR), for example, will go into effect on May 25. This mandate doesn’t just impact European countries — any organization that process, stores or uses data related to European Union (EU) citizens must be compliant.

Organizations are also struggling to cope with the growing skills gap in cybersecurity, both in terms of the sheer quantity — there will be 1.8 million unfilled positions over the next few years — and the associated expertise. This lack of resources is compounded by the growing number of disparate security tools and alerts. Still, many organizations attempt to integrate these products themselves by purchasing even more solutions.

Listen to the podcast: Collaboration — The Secret to More Effective Security

Advanced Threat Detection and Response

There is somewhat of a misconception around product coverage in many of today’s organizations. Are you really protected by simply checking the box and having an array of products across endpoints, networks, users and cloud? It’s absolutely critical to have that coverage, but it needs to be in conjunction with products integrating together to deliver best-of-suite solutions that translate into more effective security.

Here are some key questions to consider:

  • Are your security products working together across teams — or do your IT and security teams work in silos?

  • Are those same products working together across all your locations and heterogeneous platforms?

  • Do your security tools integrate in a manner that provides the security operations center (SOC) with real-time visibility and control across the diverse threat landscape?

  • Is your organization moving away from compliance-based security and moving toward a more threat-aware, risk-based security approach?

Security must become more agile to account for the diverse threat landscape while enabling organizations to thrive. This includes a deeper integration of technologies to deliver repeatable use cases centered on better threat detection and response.

As a foundation for integrated security, organizations should leverage a security intelligence platform that can apply real-time analytics and correlate the massive amount of threat information across users, endpoints, networks and cloud. This comprehensive platform must be able to sense, track and prioritize the most significant alerts that pose the greatest risk to enterprise data.

Additionally, security leaders should infuse artificial intelligence (AI) into their strategy to aid analysts in threat investigation, enabling them to rapidly and confidently understand scope and veracity of threats, including links to broader malware campaigns. This is critical against the backdrop of the cybersecurity skills shortage and the troves of untapped threat intelligence data that AI platforms can ingest, analyze and understand at unprecedented speed and scale.

The above factors can significantly aid security analysts, but what does your incident response plan look like? An orchestration layer that is architected in with a security information and event management (SIEM) solution can help bridge the gaps across people, processes and technology to enable organizations to rapidly respond to threats with confidence.

Collaborative Defense

A dynamic security analytics platform that embeds AI and integrates orchestration across the diversity of threats (as well as people and processes) can help set the foundation for a strong security strategy. Collaboration is the glue that integrates disparate point products in a manner that extends their security capabilities beyond what each technology could provide on its own.

At the product level, more open collaboration is critical to the evolution of security technology. Over the past few years, IBM has invested in technologies and partnerships to achieve this goal. One powerful collaborative platform is the IBM Security App Exchange, an ecosystem for the entire security community, including IBM and its partners and vendors, to develop and share applications that integrate with IBM Security solutions. To date, the App Exchange has 140+ partner and IBM apps and over 100,000 downloads. These apps are extensively tested and validated before they are published on the App Exchange.

An example of the value of the IBM Security App Exchange is the recent launch of the Cisco ISE App for QRadar, which gives security analysts insights into risky users and devices, resulting in faster threat detection, containment and policy enforcement. This app enables analysts to rapidly drill down from QRadar into ISE pxGrid for deeper, faster analysis of policy violations and then remediate affected users and devices — all in a single integrated dashboard.

To learn more about the ISE + QRadar app and how collaborative defense in depth can strengthen your security, watch the IBM Security + Cisco webinar on-demand.

Watch the webinar: Cisco Security Integrations with IBM QRadar SIEM & IBM Resilient

More from Intelligence & Analytics

2022 Industry Threat Recap: Manufacturing

It seems like yesterday that industries were fumbling to understand the threats posed by post-pandemic economic and technological changes. While every disruption provides opportunities for positive change, it's hard to ignore the impact that global supply chains, rising labor costs, digital currency and environmental regulations have had on commerce worldwide. Many sectors are starting to see the light at the end of the tunnel. But 2022 has shown us that manufacturing still faces some dark clouds ahead when combatting persistent…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

The 13 Costliest Cyberattacks of 2022: Looking Back

2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…