Managing an Expanding Number of Security Applications Through a Single Pane of Glass
As threat vectors expand, how are you managing your growing number of security applications? See how XDR solves the challenge.
Over the long history of protecting computer systems from cyberhackers, the average organization now has dozens of security applications guarding its enterprise. On average, organizations have 67 security applications installed on each enterprise device, with 10% of the devices having over 100 security applications installed, according to a study by Absolute Software.
While the whole may be greater than the sum of its parts, managing the entire range of applications is a struggle for most organizations. For example, each application has an average of 14 different software versions and more than 800 builds and patches to manage.
It's a little like an arm’s race, with organizations now struggling to keep up and stay ahead of attackers and the new methodologies they're using. The size and complexity of the attack surfaces are growing exponentially. But the more security layers you add on top, the greater the management burden for the security teams. What’s needed now is a single pane of glass to manage, use and benefit from the multitude of security devices protecting today’s cyber estates.
The evolution of cybersecurity tools
With the breadth and depth of cyberattacks looming, companies that are serious about protecting their systems, technologies and data are taking a strong defensive posture and enlisting a wide range of cyber tools to battle cyberthreats old and new.
Here’s a brief overview of cyberthreats throughout the history of computing to help explain how we got to where we are today.
Endpoint attacks: In the early years of computing, endpoint threats were primarily targeted at a single system that was unfortunate enough to obtain and execute malware. Organizations could overcome most of these threats by simply deploying user education and trusted file sourcing.
Today, endpoints are commonly seen as the initial foothold into an environment, but not the destination. After a successful installation of malware, a motivated attacker will try to pivot throughout the organization to find something deeply valuable or hidden to attack.
Network attacks: In the past, hackers targeted exposed services, such as unsecured management ports and critical services. Then they conducted man-in-the-middle and localized denial-of-service attacks.
Now, network attacks focus more on what is intentionally exposed. These have extended to include insurmountable volumes of internet traffic that can crush a desired target, even if they have DDoS mitigations in place.
Social engineering attacks: Next in the long evolutionary line of cyberattacks is social engineering. With this tactic, hackers originally focused on indiscriminate spam and phishing campaigns with the hope of disclosing credentials or downloading malware.
Now, social engineering is still a primary vector, but it’s much more sophisticated. It’s used to target victims with carefully crafted messaging that can fool even the most cyber-literate. Why have we not solved this problem? Email is the problem. Anyone in the world can contact anyone else in the world without any initial vetting. Imagine if the CEO’s office had a door that opened to the public street. Email access is like that today.
Cloud architecture attacks: This is a modern attack vector, and we are still in the early days of cloud architecture. Initial attacks were more academic and bespoke to the limited number of cloud-knowledgeable threat actors. Now, the attack patterns have been established and are more accessible to low-skilled attackers.
Although we have developed many cloud security tools and practices to safeguard and better secure our environments, we still need to expand the talent pool to stay informed about concepts such as workload segmentation, insecure APIs, managing service trust relationships, and aligning with ever-evolving best practices and capabilities.
Because cloud security is not yet mature, you’ll see many niche security vendors in this space, and few all-encompassing solutions. However, it’s expected that in the near future, larger traditional security vendors will acquire small cloud security vendors to build out their portfolios.
DevOps-based attack patterns: We’re seeing the evolution of these attack patterns through code repo hijacks, API and service credential exposures. The landscape of these attacks is shifting, as evident in tactics like the hijacking of code repositories to expose API and service credentials. In addition, certain supply chain attacks artfully mask breaches by mimicking routine operations.
AI and machine learning threats: This is another new area we’re watching closely. AI will likely need to be battled with other AI-capable protections to combat more sophisticated and adaptive attack patterns. Machine learning brings new life to brute force tactics by throwing mass computation at the unique cocktail of assets and protections that make up any given enterprise. Companies will want to give AI-powered detection and deception technology another look so they can learn and adapt at the speed of future aggressors.
Managing each of the parts for a stronger whole
It’s not surprising that cybersecurity remains the top concern for business leaders in 2023, according to The 2023 Cybersecurity Research Report. Security is the top concern of 63% of the leaders surveyed, compared to digital transformation (57%), economic concerns (48%) and the talent shortage (43%).
Today, we have plenty of cybersecurity solutions. But we also have a critical challenge and questions to address, such as:
- How do we take the additional threat vectors and create a single experience for viewing and analyzing all the different technologies and their requirements?
- How do we bring that all together in a single easy-to-use dashboard so CISOs can make sense of it?
The ultimate objective for every organization should be to bring these diverse cybersecurity technologies together under one single pane of glass. We need to create as much visibility as possible into different workloads to help keep them secure and a single view of everything would be the best way to achieve that goal.
This is exactly what extended detection and response (XDR) solutions bring to the table. XDR solutions collect and automatically correlate data across multiple security layers — emails, endpoints, cloud workloads, servers and networks. Using security analysis, XDR provides clearer insight into multiple security tools and supports faster threat detection, investigations and response times.
XDR solutions are designed to:
- Collect data: Gather security-related data from multiple sources, such as network devices, cloud services and endpoints.
- Correlate data: Combine data from multiple sources, identify the context of a security incident and prioritize security threats.
- Detect threats: Employ machine learning, behavioral analytics, threat intelligence, sandboxing, and other processes to detect and identify security threats.
- Respond to threats: Upon detection of a threat, XDR takes automated or manual action to contain, investigate and remediate it.
- Investigate and remediate: Facilitate security analysis to resolve security incidents.
The 2023 Cybersecurity Research Report
About the Authors
Manager, Global Cloud Security Solutions
Scott Schlueter
Scott Schlueter has over 20 years of experience in information technology across diverse industries including higher education, enterprise and managed IT, and healthcare. As an Information Security expert specializing in security architecture and risk-based strategies maximizing security goals, he has become a dynamic leader and articulate communicator with a talent for building business processes with an emphasis on automation and fostering relationships among business units and principles. He is a certified information security professional with extensive experience in enterprise project management, mergers and acquisitions, and maximizing effectiveness of security controls.
Read more about Scott Schlueter