Amit Singh
In the ever-evolving landscape of cybersecurity, where the tenacity and ingenuity of attackers continue to outpace even the most heavily invested mature organizations, the paradox of vulnerability persists. Despite substantial financial commitments, cyberattacks remain debilitating, exploiting cyber hygiene issues and circumventing legacy defenses. A critical examination of this paradox reveals a key culprit: the complexity of security capabilities in modern organizations.
“Modern and mature organizations often have a more complex infrastructure with numerous connected systems, applications, and devices with a large number of employees who are susceptible to cyber-attacks through phishing or social engineering,” observes Amit Kulkarni, Executive Vice President and Head Cybersecurity Business, Allied Digital Services.
Even with sufficient funds and maturity, organizations often struggle to defend against sophisticated cyber threats due to their reliance on outdated security models. Traditional firewalls and VPNs, for instance, can create blind spots in encrypted traffic, leaving networks vulnerable to attacks. Attackers exploit weaknesses like weak passwords, unpatched systems, and phishing emails to gain unauthorized access and launch ransomware, malware, or data theft, adds Sudip Banerjee, CTO, APJ, Zscaler.
According to PwC, Cyber risks are cited as the biggest threat faced by Indian organizations, with 38% of respondents feeling highly or extremely exposed to it. Dhananjay Ganjoo, Managing Director, India & SAARC, F5, attributes this vulnerability to IT system complexity, human-related risks, supply chain security issues, delayed upgrades, advanced persistent threats, low security awareness, financial constraints, and the rapid growth of cyber threats.
Additionally, the emergence of large language models (LLMs) like ChatGPT in 2023 signals a continuing trend into 2024, with AI-driven attacks becoming more sophisticated, bypassing security controls such as multi-factor authentication (MFA) and zero-trust frameworks. “Moreover, there has been a shift towards exploiting zero-day vulnerabilities and credential theft tactics, with cybercriminals employing more sophisticated bypass methods like stealing cookies and session cookies as organizations adopt multifactor authentication. Deepfake videos and vishing attacks will remain prevalent,” says Harish Kumar GS, Head of Sales, India and SAARC, Check Point Software Technologies.
“On the other side, an increased number of security vendors and specialized point solutions have made it difficult to create a unified secure environment with the best possible product implementation with interconnection and management, highlights Kulkarni of Allied Digital.
“The higher number of security tools organizations use today slows down the response as the ability to detect and respond gets more complicated as a lot of these tools do not have integration capabilities amongst each other. The lack of effective playbooks and automated orchestration of response also hinders effective response to cyber threats in these environments,” seconds Nityanand Shetty, CEO, Essen Vision.
Further, the commercial rollout of 5G, industry 4.0, and the proliferation of IoT devices have heightened the need for robust cybersecurity, particularly in India, where organizations face an average of 2146 weekly attacks compared to 1239 globally, as per Check Point’s Threat Intelligence Report for India.
A multitude of security tools
The first layer of the cybersecurity challenge lies in the complexity introduced by the sheer number of security tools organizations employ. Averaging 31.58 tools, these measures are intended to fortify organizations against a diverse range of cyber threats. However, the unintended consequence is the creation of a complex quagmire where the lack of correlation among these tools generates visibility gaps. This maze not only complicates the security landscape but also diminishes the ability to detect and respond to cyber threats effectively.
“Organizations conventionally prefer to select multiple vendors/ products to avoid dependency on one vendor and have different layers of protection from different sets of product owners with best-of-the-class products for certain segments of the requirement,” says Kulkarni of Allied Digital.
Industry experts emphasize that the extensive use of disparate security tools introduces challenges in terms of integration and coordination. The noise generated by these tools further complicates matters, making it difficult for security teams to differentiate between routine security operations and potential threats.
In fact, implementing the security tools as per best practices and integrating disparate security tools to share data and orchestrate response actions can be complex and time-consuming. Compatibility issues, lack of standardized protocols, and vendor-specific APIs can hinder seamless integration, limiting the effectiveness of automated response workflows and threat intelligence. “Each security tool typically generates its own set of logs, alerts, and data. With a plethora of tools in place, security teams are inundated with a vast amount of information from disparate sources, making it challenging to gain a comprehensive view of the organization’s security posture and effective detection and response to cyber threats,” highlights Kulkarni of Allied Digital.
The complexity of modern cybersecurity environments often results in fragmented data and alerts that are difficult to correlate and analyze, impeding effective detection and response capabilities. “This fragmentation causes delays in investigation and remediation processes, increases the risk of human error, and limits the agility and scalability of security operations. To overcome these challenges, organizations should adopt a cloud-native platform integrated with AI, providing comprehensive visibility across users, devices, applications, and workloads,” adds Banerjee of Zscaler.
Critical delays in threat response
A recent Cloud Threat Report has brought to the forefront a critical issue plaguing organizations—the prolonged time it takes security teams to resolve alerts. Averaging six days, with a significant portion exceeding the four-day mark, this delay is untenable in a threat landscape where attackers are swift and opportunistic.
”As per many surveys, the average dwell time, the amount of time an attacker is present in the network before either acting or being discovered, is in the range of 6 months. This is a huge threat to organizations,” says Vivek Srivastava, Country Manager, India & SAARC, Fortinet.
Kulkarni of Allied Digital points out the consequences of delayed threat response. “In case of the extended response time, there is a risk of the attacker gaining unlimited lateral access within the infrastructure. This may lead to extended downtime or exfiltrate valuable data, such as customer records, intellectual property, or financial information, leading to regulatory fines, legal liabilities, and damage to brand reputation.”
“Attackers often escalate their tactics if they perceive that their initial attempts are not being addressed promptly. An extended response time may embolden attackers to launch more sophisticated attacks or expand their scope, exacerbating the impact on the targeted organization,” adds Ripu Bajwa, Director & General Manager, Data Protection Solutions, Dell Technologies India.
Experts say that CISOs need to move past the previous focus on preventing access by attackers and start assuming they have already been breached and put emphasis on detection tools. “According to the ESG analysis, organizations that implemented Fortinet Security Operations solutions realized significant savings and benefits. The time to identify threats was reduced from 168 hours (21 business days), if detected at all, to less than an hour and often only seconds using Fortinet EDP technologies,” details Srivastava of Fortinet. The time to triage these threats was reduced from eight hours to 10 minutes, and the time to contain them dropped from 4.2 hours to one minute based on Fortinet’s integrated approach, he adds.
The extended response time is not merely a symptom but a systemic issue that can be traced back to the difficulties organizations face in deploying automation and orchestration. In environments saturated with poorly integrated security tools, the automation of responses becomes a formidable challenge. The consequence is a setback in reducing the mean time to detect and respond to cyber threats—a critical metric in the realm of cybersecurity.
Lack of automation and orchestration
Organizations relying on a multitude of poorly integrated security tools find themselves grappling with the complexity of orchestrating responses.
“The synergy required for effective automation and orchestration is severely compromised in environments where security tools operate in silos. The lack of integration hinders the swift deployment of responses, prolonging the overall threat response time,” explains Shetty of Essen Vision.
In a landscape where time is of the essence, the setback in deploying automation and orchestration becomes a critical factor. The inability to automate routine responses and orchestrate a coordinated defense significantly hampers an organization’s ability to thwart cyber threats effectively.
“Poorly integrated security tools can create a significant set of challenges like limited data exchange between the tools, incomplete visibility, slower response time, and increased human interventions,” adds Kulkarni of Allied Digital.
“Integrating various tools with their different features and capabilities can become a nightmare for any security leader. In our opinion, no matter what security philosophy an organization adopts, it’s critical that all individual solutions work together to deliver layered protection and comprehensive visibility with control,” says Debasish Mukherjee, Vice President, Asia Pacific and Japan, SonicWall. Furthermore, organizations need to from time to time take stock of their cybersecurity tools to ensure that there is end-to-end visibility and the ability to share intelligence across the unified security framework. These tools need to provide real-time and consolidated threat information that can then form the basis of informed security policy decisions.
“Lack of thorough visibility and tight integration of various security solutions results in solutions around automation/orchestration being rendered nearly ineffective. This has given rise to the precedence of new-age solutions built around breach attack simulations, threat intelligence, XDR, and SOAR which are tightly integrated, thereby considerably reducing the time to detect/respond to attacks,” shares Cherian Thomas, Director, Wysetek Systems.
“The Security Orchestration Automation and Response (SOAR) platform essentially acts as an open platform that helps an organization automate its response to a cyber-attack or a threat to an attack by orchestrating the chain of actions. SOAR reduces the time taken to address a cyberattack and remedy a gap in cybersecurity,” says Bajwa of Dell Technologies.
When compared to traditional methods, SOAR does not require an IT analyst or have a prerequisite of data science skills in an individual while initiating a response to a cyberattack. In SOAR, the response to an attack is automatically initiated when it detects an anomaly. Thus, it can reduce response time and control the damage caused by a cyberattack.
The unified approach
As organizations embark on rapid digital transformation initiatives, the need for a streamlined and effective cybersecurity strategy becomes paramount. Siloed security solutions, often implemented in a piecemeal fashion, prove to be inadequate in providing comprehensive protection.
“The rapid pace of digital transformation demands a cybersecurity strategy that can keep up. Siloed solutions not only introduce complexities but also hinder the scalability required to adapt to the evolving threat landscape,” notes Shetty of Essen Vision.
Enter the unified security offering—a consolidated cybersecurity stack that serves as a singular point of contact during crises. The core principle is to streamline operations, enhance visibility, and provide seamless integration. This unified approach emerges as a beacon of hope in the convoluted landscape of cybersecurity.
A unified security offering addresses the challenges posed by disparate security tools and siloed solutions. By consolidating security measures, organizations gain a holistic view of their cybersecurity posture. The increased visibility allows for more effective threat detection, while seamless integration facilitates a coordinated and swift response to cyber threats.
“We are increasingly seeing enterprises embarking on a journey of consolidation and enhanced integration as far as security is concerned. A consolidated security architecture uses a multi-layered approach that protects various IT attack surfaces such as applications, databases, Cloud, networks, endpoints, and identity,” shares Thomas of Wysetek Systems.
As per Gartner, adopting a cybersecurity mesh architecture will reduce the financial impact of security incidents by an average of 90%. “This level of interconnectivity between the tools can be achieved only if they are from one vendor,” highlights Kulkarni of Allied Digital. “Despite the risk of getting monopolized by one vendor, enterprises are going for vendor consolidation. This provides them benefits such as seamless integration and interoperability, improved security effectiveness, better automation capabilities, simplification in operations and management, better team management due to consolidation is skills, and finally cost optimization,” he adds.
“According to a recent Gartner survey, the trend of organizations pursuing a vendor consolidation strategy has surged from 80% in 2022 to an impressive 97% in 2023. This sharp increase underscores a widespread industry realization that a consolidated cybersecurity approach not only simplifies security operations but also enhances the effectiveness of an organization’s overall security posture,” states Srivastava of Fortinet.
“We are also witnessing a notable trend towards cybersecurity vendor consolidation within enterprises, as working with numerous vendors and solutions is impractical and ineffective. Consolidation streamlines security operations, enhances efficiency, and saves budget, akin to purchasing a comprehensive vehicle rather than individual components,” seconds Kumar of Check Point.
Realizing the benefits
The unified approach is a paradigm shift in cybersecurity. It’s not just about consolidating tools; it’s about creating a cohesive and integrated defense strategy that adapts to the dynamic nature of cyber threats.
A unified security provides broad visibility throughout the whole IT infrastructure, breaking down barriers and allowing for a holistic view of the organization’s security posture. “This improved visibility enables faster threat detection and more effective incident response. Secondly, a single security system simplifies integration by ensuring smooth communication among various security components,” shares Ganjoo of F5.
“Interoperability, better visibility, reduction in false alarms, improved functionality, data centralization, effective sharing of threat intelligence among tools, smooth orchestration, and an improved MTTR in case of any breach, are some of the key advantages of a unified security platform,” adds Shetty of Essen Vision.
The benefits of a unified security offering extend beyond streamlined operations and enhanced resilience. Organizations that have successfully transitioned to consolidated security stacks report substantial cost reduction and improved results in their cybersecurity efforts.
Not only does it reduce the total cost of ownership by minimizing the expenses associated with managing and maintaining disparate security tools, but it also yields better results in terms of threat detection and response.
“The cost-effectiveness of a unified security offering is evident in both the short and long term. A global manufacturing company that switched to a unified security offering from Zscaler, resulting in significant benefits: The company was able to streamline its security infrastructure by reducing the number of security tools from 40 to 4 and consolidating security vendors from 15 to just 1,” discloses Banerjee of Zscaler.
This consolidation allowed the company to save over $2 million per year in security costs and achieve an impressive 300% return on investment within three years. “They experienced an 80% improvement in visibility and control, gaining better insights into their network, cloud, and endpoints, and a 50% improvement in overall security performance. The company’s mean time to detect and respond to threats decreased by 90%, enabling it to swiftly address security incidents, which reduced by 70%,” highlights Banerjee.
Decoding the future of cyber resilience
The year 2024 stands as a pivotal moment—a moment where organizations are not just combating cyber threats but evolving their entire approach to cybersecurity. The path to cyber resilience is not a static one; it is a dynamic journey that requires adaptability, integration, and a unified mindset. As we decode this future, the message is clear: the era of consolidated security stacks is upon us, heralding a new age of cyber resilience.
As we peer into the future of cyber resilience, it becomes evident that technologies like AI/ML, Blockchain, automated threat response, and zero trust architecture will play a pivotal role in fortifying organizations against the ever-growing sophistication of cyber threats.
“We expect zero trust to be mandated in a wide range of industry use cases which will start a robust effort to develop real zero trust architectures for various industries. And with it, certifications will emerge to check solutions that only embrace parts of zero trust and do so in fragmented point solutions. Zero trust only works as a comprehensive architecture for IT systems. In 2024 we will see new zero trust certifications begin to separate real zero trust from marketing gimmick,” shares Bajwa of Dell Technologies.
As organizations step into the future of cyber resilience, the emphasis on reducing complexities and embracing consolidated security stacks becomes more pronounced. This isn’t just a technological evolution; it’s a strategic shift that positions organizations to not only withstand the challenges of today but thrive in the face of the unknown threats that tomorrow may bring.
In conclusion, the unified defense strategy, facilitated by consolidated security stacks, is the cornerstone of the evolving cybersecurity landscape. As we chart the course for the future, the fusion of adaptive technologies, strategic methodologies, and a commitment to continuous improvement will be the guiding forces in building a cyber-resilient world. The era of unified defenses is not just a response to the challenges of today; it is a proactive stance against the uncertainties of tomorrow.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Box Item:
Pros and Cons of Multi-Vendor Security Strategies
Ripu Bajwa, Director & General Manager, Data Protection Solutions, Dell Technologies India
While a multi-vendor approach in security can offer certain benefits such as diversity of solutions and reduced dependency on a single vendor, it can also present several challenges and negative impacts for businesses:
Complexity and Integration Issues: Managing security solutions from multiple vendors can introduce complexity into the IT environment. Integration between different security products may not always be seamless, leading to interoperability issues, gaps in coverage, and increased administrative overhead.
Increased Cost: Procuring and maintaining security solutions from multiple vendors can be more expensive than opting for a single-vendor approach. Licensing fees, support contracts, training costs, and integration expenses can add up, potentially straining the organization’s budget.
Difficulty in Management and Monitoring: With multiple security tools in place, it can be challenging for security teams to effectively manage and monitor the entire environment. Each solution may have its own management interface and reporting mechanisms, making it harder to gain a holistic view of the organization’s security posture.
Vendor Management Overhead: Dealing with multiple vendors requires significant effort in terms of vendor management. This includes vendor selection, contract negotiations, vendor relationship management, and coordination of support activities. This overhead can divert resources and attention away from core security objectives.
Increased Vulnerability Surface: Each security solution introduces its own set of potential vulnerabilities. Managing multiple vendors means having to track and address vulnerabilities across various products, increasing the organization’s overall attack surface and potentially exposing it to more security risks.
Fragmented Support and Accountability: When issues arise, the presence of multiple vendors can lead to finger-pointing and a lack of accountability. It may be unclear which vendor is responsible for resolving a particular issue, leading to delays in incident response and resolution.
Training and Skill Requirements: Security personnel need to be trained on the use and administration of each security product, which can be time-consuming and resource-intensive. Maintaining proficiency across multiple platforms may also require additional investment in ongoing training and certifications.
Overall, while a multi-vendor approach can offer flexibility and diversity in security solutions, businesses need to carefully weigh the potential drawbacks. It is essential to strike a balance between leveraging best-of-breed solutions and minimizing the negative impacts of a fragmented security landscape for more efficient results.