January 27, 2021 By Gavin Kenny 3 min read

Pen, paper and ink alone do not make a novel. In the same way, anti-malware, firewalls and SIEM tools alone do not make an enterprise secure. Too many organizations think that buying lots of security solutions and deploying them will make them secure. However, just having a security tool running does not make an enterprise secure. Let’s take a look beyond tools to the way security teams can take a more holistic approach. 

Why Enterprise Security Tools Aren’t Enough

Having some kind of digital defense is better than having nothing, and most security solution providers have some very sensible vanilla set-up solutions. However, these security systems are nothing more than tools, usually focused only on a narrow segment of the risks an enterprise faces.

Those tools can’t work alone. Their makers do know this: over the years most of them have become very good at producing data feeds that can be fed into SIEM and other tools in an attempt to weld different views together to spot more subtle forms of attack.

Even this approach is incorrect. For example, I have circuit breakers in my house to protect my family from an electrical fault; however, if I ignore a frayed or worn-out cable, there’s still a high risk of damage. I cannot just assume the safety measures will protect me from all ills. In the world of enterprise security, using software that is past its end-of-life date and no longer capable of being patched generates huge risks for the business.

Plot and Characters: How to Train Beyond Tools

When writing a novel, one of the most important aspects is to know who your characters are and what they want. In cybersecurity, the equivalent is making sure your people can do their jobs. Teams can be lulled into the false idea that the answer to every risk is another tool. With more and more security tools hitting the market every week, it is easy to think that way. While you do need some tooling, a sound defensive strategy aligned to meet the overall needs of the business is more important.

In addition, teach the security operations team to be curious and thorough. Measure them not on the number of tickets they process every day but on how well they answer the questions of who, what, when, how and why.

5 Security Tools You Do Need

To answer those questions well, the same cybersecurity assessment tools we needed 20 years ago are still just as important. Don’t forget: 

  1. Up-to-date asset database — including patch levels
  2. Data discovery — to know what and where your critical data is
  3. Network visibility — to know who and what are on your systems
  4. Identity governance — with as much automation as possible
  5. Access management — even more important in these days of zero trust architecture

Some organizations still don’t know where their critical data is or what data is critical. With the cloud making it easier for anyone to spin up new infrastructure, this problem is only going to get worse.

Bringing Enterprise Cybersecurity Together 

So, what is to be done? Remember, enterprise security is not about deploying and maintaining tools. It is about knowing how your business runs, what data and apps are vital for it to add value to its customers, fostering a strong risk management strategy to protect those assets and using the tools you have to see what is going on.

Having a pen and paper on your desk will not produce a blockbuster novel by itself. Likewise, having a handful of security tools, even those considered market leaders, will not make your enterprise secure. Armed with the knowledge of your critical data and systems and a security strategy, you have what you need to protect what matters.

More from Security Services

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Ermac malware: The other side of the code

6 min read - When the Cerberus code was leaked in late 2020, IBM Trusteer researchers projected that a new Cerberus mutation was just a matter of time. Multiple actors used the leaked Cerberus code but without significant changes to the malware. However, the MalwareHunterTeam discovered a new variant of Cerberus — known as Ermac (also known as Hook) — in late September of 2022.To better understand the new version of Cerberus, we can attempt to shed light on the behind-the-scenes operations of the…

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

12 min read - As of December 2023, IBM X-Force has uncovered multiple lure documents that predominately feature the ongoing Israel-Hamas war to facilitate the delivery of the ITG05 exclusive Headlace backdoor. The newly discovered campaign is directed against targets based in at least 13 nations worldwide and leverages authentic documents created by academic, finance and diplomatic centers. ITG05’s infrastructure ensures only targets from a single specific country can receive the malware, indicating the highly targeted nature of the campaign. X-Force tracks ITG05 as…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today