When it comes to cyber security, complexity can be the enemy of safety. To protect themselves against the myriad threats of today, mid-market companies often rely on dozens of security tools and platforms. These products may work well alone, yet when operating together they hinder security efforts, with one of the main failures being the lack of intelligence-sharing capabilities between services. Without the ability to distribute intel in real-time, defenders are put at a competitive disadvantage against cyber criminals.
IBM’s most recent Cyber Resilient Organisation Report revealed that the average company uses 45 cyber security products and found that “response efforts were hindered by the use of too many security tools”. “The number of security tools that an organisation was using had a negative impact across multiple categories of the threat lifecycle amongst those surveyed,” IBM wrote. “Organisations using 50+ security tools ranked themselves 8% lower in their ability to detect, and 7% lower in their ability to respond to an attack than those respondents with fewer tools.”
Security teams are already time-pressed and overloaded with ‘fake news’ – false alerts which fill up their working hours with wasted effort. If the point security products cannot talk to each other and share threat intel effectively, they are effectively fighting with one hand tied behind their backs.
Vendors have started to build cyber intelligence sharing mechanisms into their products, but a tendency towards “coopetition” rather than full cooperation means they often compete as much as they collaborate. For businesses, this means that attack intelligence picked up by a cloud security solution may not be automatically shared with a separate product from another vendor that is protecting cloud, web and email. This failure of communication is not just a nuisance, but a security risk. If security services can’t talk to each other, they can’t work together properly.
Hackers don’t just give up when they see that one door is closed. Instead, they regroup and seek other ways of getting past defences. Today, we’re seeing more and more cross-channel attacks that highlight the risk of failing to use cyber security protection that shares intelligence effectively across multiple entry points.
Roughly 90% of breaches start with a phishing email. Falling victim, and handing over the credentials that allow hackers to mount an attack, is more common than you might think. Installing a modern, multi-layered email security system is the obvious response to this threat, offering a defence against phishing, malware, targeted attacks, and CEO fraud.
Yet cross-channel attacks can easily bypass these protections by drawing victims out of the protection of email security and into dangerous territory on the web or in the cloud. Cross-channel attacks don’t end in the inbox, but instead, tempt people away from the protection of email security systems and onto malicious apps or websites. If the various services that make up an organisation’s digital defences cannot communicate properly, what chance do they have of defeating an attack that uses more than one channel?
The IBM Cyber Resilient Organisation Report hints at a solution to the intelligence-sharing problem when it says: “The use of open, interoperable platforms as well as automation technologies can help reduce the complexity of responding across disconnected tools.”
Security platforms incorporating many different products and services are one way of tackling the threat intelligence deficit, offering control and confidence across channels. Platforms use just one interface, which allows organisations to gain holistic visibility of their defences. They should start by protecting their biggest attack surface – web, cloud, and email.
Automation is a bare minimum requirement of platforms, which should distribute intel without relying on manual work from a human. Today’s security platforms should also be autonomous: they need to be smart enough to tackle new, emerging threats, rather than just performing rote automated tasks.
Mid-market businesses have laboured for too long under the burden of point products that cannot communicate with each other. Autonomous integrated security platforms are finally lifting this weight and allowing the flow of information that’s needed to protect against modern threats.
Please let us know if you'd like to receive more information about this topic and one of our specialists will be in touch.
Gartner infographic.
Critical cyber security challenges.
How XDR is changing the game.
The insider threat that caused the security vs usability conundrum.
How a consolidated approach works.
Key insights and recommendations from Gartner.
Find out in this recorded webinar
The what, why and how of SASE
5 steps for defence
What they are and how to get them right
and how to overcome them
"The biggest cyber threat facing the UK"
The perimeter is no longer “entombed in a box”
Freedom. Visibility. Protection.
with this all-in-one solution
The state of the UK’s cyber security response
View white paper
Zero Trust and Beyond
How to protect your users with email security
Easing alert fatigue
Protect your data in the cloud
Things to consider
And the heightened insider threat
9-5 attention no longer cuts it
If it's left behind the cybersecurity curve
Protect your data in the cloud
Share this story
If you’d like more information about how to make your cybersecurity posture more efficient and holistic, let us know.
Let us know what you think about the article.
Let us know what you think about the article.
We're a community where IT security buyers can engage on their own terms.
We help you to better understand the security challenges associated with digital business and how to address them, so your company remains safe and secure.