Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging.
We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. Today, cybersecurity has taken a seat in core business strategy discussions as the risks and costs have risen dramatically.
For this reason, 75% of organizations seek to consolidate the number of cybersecurity vendors they use. Driving factors include heightened concerns about operational complexity and a need to improve risk mitigation, according to Gartner research.
Security comes first
John Watts, VP analyst at Gartner, commented, “Security and risk management leaders are increasingly dissatisfied with the operational inefficiencies and the lack of integration of a heterogenous security stack. As a result, they are consolidating the number of security vendors they use.”
Gartner found that organizations want to consolidate their security vendors to reduce complexity and improve risk posture. Surprisingly, cost or procurement factors aren’t the main drivers of consolidation. With consolidation, 65% percent of surveyed organizations expect to improve their overall risk posture. But only 29% of respondents expect reduced spending on licensing.
Meanwhile, some entities have not pursued security vendor consolidation yet. They cite time constraints and rigid vendor partnerships as impeding factors. But trends in regulation, as well as rising cyber threats, make swift action all the more important.
How to consolidate cybersecurity
Two security solutions are notably effective at achieving consolidation: secure access service edge (SASE) and extended detection and response (XDR). The Gartner survey found that 41.5% of respondents planned to have implemented SASE within their organizations by the end of 2022, while 54.5% had plans to adopt XDR by the end of 2022.
“Security and risk management leaders must consider XDR and SASE as compelling options to start their consolidation journey,” said Dionisio Zumerle, VP analyst at Gartner. “SASE provides secure enterprise access, while XDR focuses on detecting and responding to threats through increased visibility on networks, cloud, endpoints and other components.”
Gartner researchers found that 57% of organizations resolved security threats faster after implementing an XDR strategy. Meanwhile, over half of the surveyed organizations use SASE projects to simplify network and security policy management and improve security posture.
Explore QRadar EDR
Old habits die hard
Despite the results of the survey, security leaders often find it difficult to embrace these improvements. Inherited architectures are a common obstacle that takes additional time to remedy. Speaking recently at the Gartner Security & Risk Management Summit in National Harbor, Leigh McMullen, Gartner VP analyst, said, “A lot of cybersecurity technology is driven by the technology choices of other parts of the enterprise.”
Nevertheless, vendors are trying to help organizations embrace centralized security solutions. Part of this may be due to looming mandates by the federal government that insist on weaving security into core products.
Despite economic headwinds, CISOs and IT decision-makers do have access to additional funding. And many seek to maximize the value of their existing security tools, as per Nuspire research. The overarching goal is to create a more streamlined and simplified security environment.
How XDR helps consolidate cybersecurity
Extended detection and response (XDR) is an open cybersecurity architecture that integrates security tools and unifies security operations across multiple security layers, including users, endpoints, email, applications, networks, cloud workloads and data. With XDR, disparate security solutions can interoperate for threat prevention, detection, investigation and response.
XDR establishes visibility between security tools and layers. This makes it easier for security teams to detect and resolve threats faster and more efficiently. XDR also facilitates the ability to capture more complete, contextual data for making better security decisions and preventing future attacks.
According to IBM’s Cost of a Data Breach, organizations with XDR deployed cut data breach lifecycles by 29 days and lowered breach costs by 9% on average compared to organizations without XDR.
How SASE helps consolidate cybersecurity
Secure Access Service Edge (SASE) is a cloud-native security solution that provides seamless and secure access to any application from any location or device. SASE combines security with wide area network (WAN) infrastructure. With SASE, software-defined wide area networking (SD-WAN) converges with cloud-delivered network security technologies, such as a cloud access security broker, firewall-as-a-service and zero trust network access. And it’s all packaged into a single, cloud-delivered service model.
SASE helps protect and safeguard network access and enables centralized and consistent access management to apps. This means rather than fighting against the challenges of remote work, SASE leverages it.
SASE provides a network access solution based on zero trust methods which can replace VPN connectivity. The result is a flexible and scalable cloud-delivered access solution that can adapt to employees working in and out of the office. At its core, SASE improves consistency within operations through convergence. SASE scales remote access infrastructure capacity, reduces latency that comes from a growing hybrid workforce and consolidates and decommissions legacy technologies.
SASE can also help enable edge computing to receive branch-to-cloud protection, and it can be used to integrate edge computing security. This, in turn, further enables other business drivers, such as IoT and 5G.
With SASE, a reduced number of unintegrated tools in the IT and security stack make up for limited technical on-site resources. With fewer tool requirements, companies reduce the cost of hiring experts. It also takes the burden off overworked IT teams.
Together or separate, but united
As per Gartner, the majority of surveyed organizations want SASE and XDR to work together. Still, some security and risk management leaders may opt to keep them distinct from one another but with interoperable capability. This approach was validated by 46% of surveyed organizations. As per Gartner experts, the SASE / XDR distinction allows for flexibility to select best-of-breed functionality.
In order to navigate an increasingly complex security landscape, a large part of the solution will be found in simplification. Consolidation makes security insight, strategy and response easier for security teams. And this gives them the upper hand in reducing the damage caused by adversary TTPs.
Freelance Technology Writer