The cybersecurity industry remains fragmented, with some organizations having as many as 85 security tools from 45 different vendors. Many of these technologies have been acquired over multiple years to address specific challenges across the complex threat landscape. Each new product needs to be properly installed, configured and managed over its life cycle — and many of these technologies sit in silos, which limits their ability to deliver more effective security.
At the same time, highly collaborative cybercriminals are launching sophisticated attacks that are hard to see and stop, and traditional security practices are unsustainable. That’s why security teams must adopt a new strategy that is rooted in collaboration — an approach that connects the dots across products, people and processes for faster, more effective threat detection and response.
External and Internal Pressures
Every day, we hear about new breaches that impact organizations’ reputations, bottom lines and supply chains. What’s more, these breaches affect customer sentiment, particularly incidents that expose personally identifiable information (PII).
With the number of Internet of Things (IoT) devices forecast to reach 20.4 billion by 2020, according to Gartner, keeping these devices secure will become an even greater challenge. Cybercriminals will undoubtedly continue to collaborate on the Dark Web to obtain and exchange this high-value PII and use social engineering to steal records to the tune of trillions of dollars.
Compliance mandates will also be a top priority and challenge for organizations. The General Data Protection Regulation (GDPR), for example, will go into effect on May 25. This mandate doesn’t just impact European countries — any organization that process, stores or uses data related to European Union (EU) citizens must be compliant.
Organizations are also struggling to cope with the growing skills gap in cybersecurity, both in terms of the sheer quantity — there will be 1.8 million unfilled positions over the next few years — and the associated expertise. This lack of resources is compounded by the growing number of disparate security tools and alerts. Still, many organizations attempt to integrate these products themselves by purchasing even more solutions.
Advanced Threat Detection and Response
There is somewhat of a misconception around product coverage in many of today’s organizations. Are you really protected by simply checking the box and having an array of products across endpoints, networks, users and cloud? It’s absolutely critical to have that coverage, but it needs to be in conjunction with products integrating together to deliver best-of-suite solutions that translate into more effective security.
Here are some key questions to consider:
Are your security products working together across teams — or do your IT and security teams work in silos?
Are those same products working together across all your locations and heterogeneous platforms?
Do your security tools integrate in a manner that provides the security operations center (SOC) with real-time visibility and control across the diverse threat landscape?
Is your organization moving away from compliance-based security and moving toward a more threat-aware, risk-based security approach?
Security must become more agile to account for the diverse threat landscape while enabling organizations to thrive. This includes a deeper integration of technologies to deliver repeatable use cases centered on better threat detection and response.
As a foundation for integrated security, organizations should leverage a security intelligence platform that can apply real-time analytics and correlate the massive amount of threat information across users, endpoints, networks and cloud. This comprehensive platform must be able to sense, track and prioritize the most significant alerts that pose the greatest risk to enterprise data.
Additionally, security leaders should infuse artificial intelligence (AI) into their strategy to aid analysts in threat investigation, enabling them to rapidly and confidently understand scope and veracity of threats, including links to broader malware campaigns. This is critical against the backdrop of the cybersecurity skills shortage and the troves of untapped threat intelligence data that AI platforms can ingest, analyze and understand at unprecedented speed and scale.
The above factors can significantly aid security analysts, but what does your incident response plan look like? An orchestration layer that is architected in with a security information and event management (SIEM) solution can help bridge the gaps across people, processes and technology to enable organizations to rapidly respond to threats with confidence.
A dynamic security analytics platform that embeds AI and integrates orchestration across the diversity of threats (as well as people and processes) can help set the foundation for a strong security strategy. Collaboration is the glue that integrates disparate point products in a manner that extends their security capabilities beyond what each technology could provide on its own.
At the product level, more open collaboration is critical to the evolution of security technology. Over the past few years, IBM has invested in technologies and partnerships to achieve this goal. One powerful collaborative platform is the IBM Security App Exchange, an ecosystem for the entire security community, including IBM and its partners and vendors, to develop and share applications that integrate with IBM Security solutions. To date, the App Exchange has 140+ partner and IBM apps and over 100,000 downloads. These apps are extensively tested and validated before they are published on the App Exchange.
An example of the value of the IBM Security App Exchange is the recent launch of the Cisco ISE App for QRadar, which gives security analysts insights into risky users and devices, resulting in faster threat detection, containment and policy enforcement. This app enables analysts to rapidly drill down from QRadar into ISE pxGrid for deeper, faster analysis of policy violations and then remediate affected users and devices — all in a single integrated dashboard.
To learn more about the ISE + QRadar app and how collaborative defense in depth can strengthen your security, watch the IBM Security + Cisco webinar on-demand.