Pen, paper and ink alone do not make a novel. In the same way, anti-malware, firewalls and SIEM tools alone do not make an enterprise secure. Too many organizations think that buying lots of security solutions and deploying them will make them secure. However, just having a security tool running does not make an enterprise secure. Let’s take a look beyond tools to the way security teams can take a more holistic approach. 

Why Enterprise Security Tools Aren’t Enough

Having some kind of digital defense is better than having nothing, and most security solution providers have some very sensible vanilla set-up solutions. However, these security systems are nothing more than tools, usually focused only on a narrow segment of the risks an enterprise faces.

Those tools can’t work alone. Their makers do know this: over the years most of them have become very good at producing data feeds that can be fed into SIEM and other tools in an attempt to weld different views together to spot more subtle forms of attack.

Even this approach is incorrect. For example, I have circuit breakers in my house to protect my family from an electrical fault; however, if I ignore a frayed or worn-out cable, there’s still a high risk of damage. I cannot just assume the safety measures will protect me from all ills. In the world of enterprise security, using software that is past its end-of-life date and no longer capable of being patched generates huge risks for the business.

Plot and Characters: How to Train Beyond Tools

When writing a novel, one of the most important aspects is to know who your characters are and what they want. In cybersecurity, the equivalent is making sure your people can do their jobs. Teams can be lulled into the false idea that the answer to every risk is another tool. With more and more security tools hitting the market every week, it is easy to think that way. While you do need some tooling, a sound defensive strategy aligned to meet the overall needs of the business is more important.

In addition, teach the security operations team to be curious and thorough. Measure them not on the number of tickets they process every day but on how well they answer the questions of who, what, when, how and why.

5 Security Tools You Do Need

To answer those questions well, the same cybersecurity assessment tools we needed 20 years ago are still just as important. Don’t forget: 

  1. Up-to-date asset database — including patch levels
  2. Data discovery — to know what and where your critical data is
  3. Network visibility — to know who and what are on your systems
  4. Identity governance — with as much automation as possible
  5. Access management — even more important in these days of zero trust architecture

Some organizations still don’t know where their critical data is or what data is critical. With the cloud making it easier for anyone to spin up new infrastructure, this problem is only going to get worse.

Bringing Enterprise Cybersecurity Together 

So, what is to be done? Remember, enterprise security is not about deploying and maintaining tools. It is about knowing how your business runs, what data and apps are vital for it to add value to its customers, fostering a strong risk management strategy to protect those assets and using the tools you have to see what is going on.

Having a pen and paper on your desk will not produce a blockbuster novel by itself. Likewise, having a handful of security tools, even those considered market leaders, will not make your enterprise secure. Armed with the knowledge of your critical data and systems and a security strategy, you have what you need to protect what matters.

More from Security Services

The One Place IT Budget Cuts Can’t Touch: Cybersecurity

If IT spending is slowing, will business leaders follow a similar approach for cybersecurity budgets? Probably not. Gartner predicts that end-user spending on both security technology and services will see an annual growth rate of 11% over the next four years. And the market is anticipated to reach $267.3 billion in 2026. Many security professionals agree that security spending cuts aren’t likely. Given the current threat landscape, strong security has quickly become a business imperative. Security has become the highest…

Defining the Cobalt Strike Reflective Loader

The Challenge with Using Cobalt Strike for Advanced Red Team Exercises While next-generation AI and machine-learning components of security solutions continue to enhance behavioral-based detection capabilities, at their core many still rely on signature-based detections. Cobalt Strike being a popular red team Command and Control (C2) framework used by both threat actors and red teams since its debut, continues to be heavily signatured by security solutions. To continue Cobalt Strikes operational usage in the past, we on the IBM X-Force…

What is a Red Teamer? All You Need to Know

A red teamer is a cybersecurity professional that works to help companies improve IT security frameworks by attacking and undermining those same frameworks, often without notice. The term “red teaming” is often used interchangeably with penetration testing. While the terms are similar, however, there are key distinctions. First and foremost is the lack of notice from red teams. Pen testing may be scheduled in advance to assess the ability of specific security measures to handle a simulated attack; red team…

What is a Blue Teamer, and How Can They Protect Your Data?

Modern-day cybersecurity isn't just about preventing and responding to threats; it's about setting up defenses that can detect and respond to suspicious activity before it can do any damage. But to adequately protect an organization's systems, a team of cybersecurity professionals needs to work together to put their security protocols to the test. To do this effectively, teams are divided into two distinct groups: red and blue. The blue team comprises various specialists, including security analysts, penetration testers and incident…