14 July 2022

By Martin Riley, director of managed security services at Bridewell Consulting

With high-profile cyber attacks on the rise, enterprises are under pressure to strengthen security. As organisations transform and their attack surface grows, many make the mistake of investing in more and more security tools. However, not only is this costly, often there is usually little consideration for the integration between technologies and gaps in the coverage this creates. And if not managed correctly, this can actually increase risks and hinder the security teams’ progress in the long-term.

There’s no silver bullet when it comes to cyber security. Many enterprises are prepared to spend big to acquire security technologies, but often neglect investing in the ongoing development of people required to maintain, operate, and continually improve these technologies. Not only does this cause security teams to be stretched too thinly across disparate and poorly developed solutions, but it makes it difficult to keep up with changes in technology and new features.

It also increases the complexity of monitoring, managing, operating and optimising a technology stack, making it harder to secure crucial business data. The average time to detect and contain a malicious attack still remains at 315 days - often a result of disjointed security architecture and noise levels from traditional security monitoring, meaning IT teams cannot respond effectively.

Having too many disconnected security tools also impacts data and processes. Each tool produces large amounts of data, and if all are acting in silo, can cause challenges over visibility, integration and control of data. According to new research from Panaseer, the shift to cloud and remote working has driven a 19% increase in the number of security tools organisations must manage.

Also, the more integrations and endpoints an organisation has, the greater number of things to secure, making it easy for security holes to creep in. Enterprises do not want new technology to be the entry point for a data breach so correct controls need to be put in place to secure the data while it flows across the network and to also protect it where it resides.

With complexity and management of multiple tools high, many enterprises recognise the need to consolidate. However, to effectively bring security tools together, there are some key considerations.

First, time needs to be set aside to ensure technologies are consolidated safely, and that capabilities and content created in existing tools are retained and ported across where appropriate. Security Information and Event Management (SIEM) technologies are a prime case where organisations do not want to lose existing custom use cases and analytics.

Second, the right technology needs the right people to use it effectively. It takes time to transfer skills from one technology set to another and additional training may be required to explore and develop new skills.

Finally, legacy methods of working need to be left behind. Consolidation presents an opportunity to identify where technology can relieve operational challenges by using automation to drive efficiency and streamline security operations. For example, old-fashioned technology stacks often produce multiple alerts, which in-house teams have to review and apply their own intelligence to before arriving at a response. With the right technology stack, like Extended Detection and Response (XDR), enterprises can automate detection and increase the ROI of security operations while also strengthening cyber resilience.

MDR combines human analysis, artificial intelligence and automation to rapidly detect, analyse, investigate and actively respond to threats. It can be deployed rapidly and cost-effectively as a fully outsourced service or via a hybrid security operations centre (SOC) and helps to develop a reference security architecture that enables organisations to safeguard on-premise systems, cloud-based applications and SaaS solutions. It also enables companies to quickly respond to new threats, reducing cyber risk and the dwell time of breaches.

If organisations are smart in their choice of solution - for example, choosing a Microsoft-based solution - enterprises can leverage existing investments in Microsoft 365 licensing to consolidate vendors and technologies, such as SIEM, endpoint protection, cloud security and identity-based solutions. Each solution on its own incurs significant costs and can lead to over £100k a year in costs savings.

The most effective MDR services are those that utilise Extended Detection and Response (XDR) technology to enable detection and response capabilities across network, web and email, cloud, endpoint and most crucially, identity. This ensures that wherever the cyber-attack comes from, users, assets and data remain safeguarded.

To be effective in today’s modern environment, security teams need a solid grasp of all technologies used, whether hybrid, on-premise or cloud-native, and understand how to implement effective security controls across all environments. The problem is many enterprises lack security professionals with the depth of security knowledge and technical capability to develop more advanced capabilities required for effective MDR or running a cloud-native modern SOC.

By working with a security partner to implement MDR and consolidate security vendors and tools, enterprises can reduce complexity and simplify operating processes, leaving security teams free to expedite their knowledge and skills growth and maximise cyber security ROI.