March 21, 2018
More Vendors, Greater Complexity
March 21, 2018
We’re pleased to be partnering with Cisco for this blog. Scroll down to download the Cisco 2018 Annual Cybersecurity ReportProfessionals at organizations both large and small are facing many challenges each day as attackers adapt their techniques at a continuously faster pace. Often, what increases the risk of these external threats are organizational challenges, preventing the purchase and implementation of the correct safeguards or blocking responders from moving quickly.According to the Cisco 2018 Security Capabilities Benchmark Study, of which data has been included in Cisco’s 2018 Annual Cybersecurity Report (ACR), budget, interoperability, and personnel are the key constraints to managing security.That said, those factors can cause ripple effects across an organization as a whole, forcing management to make difficult decisions that may compromise security. For example, a manager may choose to implement a new tool or technology in lieu of hiring new personnel. Similarly, that manager may choose to implement tools from multiple vendors due to budget constraints.In these cases, it’s hard to determine whether the addition of more technology helps or hurts organization given the constraints. What findings from the Benchmark Study indicate, however, is that utilizing more vendors tends to increase risk.Cross-Section ComplexityWhen organizations implement a cross-sectional mix of products from a variety of vendors, typically this makes for a more complex environment that obfuscates the security landscape, despite what many think. Meaning, more devices or services does not lend to greater visibility.Cisco researchers have found, “In complex security environments, organizations are more likely to deal with breaches. Of organizations using 1 to 5 vendors, 28 percent said they had to manage public scrutiny after a breach; that number rose to 80 percent of organizations using more than 50 vendors (figure 51).”Not only is using multiple vendors risky, but it can also lead to confusion as professionals try to orchestrate their alerts across the various platforms where legitimate threats can go unnoticed. Respondent data indicates that nearly half (49 percent) of legitimate alerts are not remediated.If using multiple vendors is riskier and more challenging to manage, the question then becomes, why do organizations do it? This is a valid question especially when you consider organizations used more security vendors in 2017 (figure 44).“The best-of breed approach, in which security teams choose the best solution for each security need, is one key reason. Security professionals who practice the best-of-breed approach also believe it’s more cost-effective,” indicates research from the Benchmark Study.The Integrated ApproachWhen comparing the best-of-breed approach to an integrated framework, 72 percent say they buy best-of-breed- because they meet specific needs. While this can be true, traditionally, an integrated approach can be easier to implement, monitor, and maintain. Likewise, those who leverage an integrated approach experience less orchestration issues and receive straightforward alerts, so they can respond more quickly.These findings indicate that buyers of security solutions must ensure that solutions work together to reduce risk and increase efficacy. The security ecosystem must be balanced with how you do your business to properly reduce the risk introduced by new technologies and threats. Understanding the complete security ecosystem and how its many components work together, is critical for visibility and protection.Organizations who use an integrated approach have a better understanding of what safeguards they have in place as well as how each component works together.Cisco’s infrastructure and systems track threats across networks, data centers, endpoints, mobile devices, virtual systems, web, and email, and from the cloud, to identify root causes and scope outbreaks. The resulting intelligence is translated into real-time protections and integrates across the network, endpoint, cloud, internet, and email for a more effective security posture.With an architecture of products designed to fit and work together, Cisco keeps organizations of all sizes safer, allowing them to respond faster and deliver automation.
To read the complete Cisco 2018 Annual Cybersecurity Report, click here to download. Additionally, you can earn a badge and a Certificate of Completion when you pass the ACR 2018 Assessment, available here. Simply apply code ACR2018 to take the assessment free.