Since the cyber security sector first emerged, network defenders have been locked in a perpetual arms race with their adversaries. This translates into a continuous quest for more security solutions. But "more" doesn't necessarily mean "better." In fact, it can mean more suppliers, more connections, more security solutions to manage and potentially more gaps for threats to hide in.
According to PwC, complexity has driven cyber risks and costs to new heights. If left unchecked, this could have disastrous consequences for your organization. The focus should instead be on simplifying security solutions through cloud platforms, vendor consolidation and managed services.
Why IT environments are becoming more complex
Aside from a new breed of cloud-native startups, most organizations are built on IT foundations that may be decades old. Layer upon layer of new solutions, systems and services have been added to this legacy technology. The past two years in particular saw an explosion in digital investment, including:
- Public cloud infrastructure: In a report on public cloud services, worldwide end-user spending on public cloud services is forecast to grow by 20.4% in 2022 to $494.7 billion, up from $410.9 billion in 2021, according to the latest forecast from Gartner, ® Inc. In 2023, end-user spending is expected to reach nearly $600 billion.1
- Distributed endpoints: The pandemic saw an explosion in unmanaged home working endpoints connecting to corporate networks. As the hybrid workplace evolves, this dynamic will continue, potentially exposing organizations to cyber threats. Worldwide, hundreds of billions are also spent on Internet of Things devices, many of them for use in corporate environments.2
- Application infrastructure: Complex modern app architectures built with microservices, containers and Kubernetes, which is an open-source system for automating deployment, scaling, and management of containerized applications, may contain hundreds of millions of lines of code and billions of dependencies. That makes cyber risk monitoring and incident management increasingly challenging.
- Supply chains: Globalization has made complex supply chains the norm. This is matched by the growing volume of digital partnerships and connections organizations now have—exploited in standout cyber attacks like those targeting SolarWinds and Kaseya.
All of these factors have combined to continually expand the corporate cyber attack surface over recent years. One recent estimate claims the average security team is responsible for managing over 165,000 assets today, including cloud workloads, devices, network assets, applications and data assets. At the same time, threat actors continue probing, hoping to find new ways to compromise these networks and assets.
Nation state and cyber crime tactics are increasingly converging, driving up cyber risk for organizations and democratizing sophisticated attack tools and techniques to a much larger set of actors. Ransomware affiliate groups, for example, regularly use multistage advanced persistent threat attacks. They might circumvent perimeter security with breached or brute-forced passwords and then move laterally without setting off alarms by using legitimate tools like Cobalt Strike. Automation is heavily used in tactics like credential stuffing, scanning for exposed cloud systems and even mapping attack pathways.
Why simplification matters
Too often, unengaged board leaders react to these challenges by investing in additional point solutions. This creates a surfeit of siloed security solutions that are often left under-used. It means more user interfaces for security teams to manage and maintain, and more coverage gaps that threat actors can exploit. The administrative overhead is particularly acute in the context of severe industry skills shortages, which number over 2.7 million professionals globally.
This tool bloat can overwhelm security operations (SecOps) analysts tasked with critical threat detection and response. Organizations run an average of 29 discrete security solutions and operations tools, with that number rising to almost 46 for companies with over 10,000 employees. Yet threat responders often have no way to prioritize the alerts pumped out by such tools, drowning them in noise. One study found that 51% of SecOps analysts feel emotionally overwhelmed by the volume of alerts they have to manage.
The benefits of simplifying security solutions
Security solution simplification matters. By reducing the number of vendors and products your teams have to manage, the organization can benefit from:
- More cohesive threat protection, detection and response across all IT layers (endpoint, email, server, networks and cloud)
- Less time "swivel-chairing" between screens, which means more productive teams
- Cost savings on maintaining multiple siloed products
- A foundation for more strategic and proactive security, rather than reactive investment in point solutions
How to simplify security
There's no single, definitive path to more streamlined security, but a good rule of thumb is to look for platform-based approaches, cloud-deployed solutions and comprehensive cyber risk monitoring offerings. These could include:
- SASE: The secure access service edge (SASE) model combines a software-defined wide-area network with cloud security such as zero trust network access, data loss prevention and secure web gateways. Delivered as a single cloud service, it cuts complexity and cost as well as cyber risk. Verizon's Advanced SASE offering simplifies management and policy enforcement for all network users and devices.
- NDR: Network detection and response (NDR) is an increasingly indispensable tool for spotting the early warning signs of a breach, enabling teams to act quickly to remediate. Unlike other monitoring solutions, it doesn't require complex log configuration or formatting. Network packets can be mined for behavioral metadata out of the box with minimal fuss. Cloud deployment also reduces operational overheads and logs can be collected from existing network security products.
- MDR: Managed detection and response (MDR) effectively outsources extended detection and response (XDR) to an expert third party. It's designed to collect and prioritize remediation alerts from across the network, endpoint, server and other layers of the IT environment.
- Cyber risk monitoring: Cyber risk monitoring combines detailed threat intelligence with internal monitoring, dark web analysis and more to identify changes in your organization's security posture and any gaps that need to be filled. As a third-party service, cyber risk monitoring takes the heat off security teams to pinpoint where their time would be best spent.
No one can overstate the importance of cyber security. But by reducing complexity can your organization optimize its existing resources and drive truly effective and continuous risk management.
Learn more about how Verizon can streamline and simplify your security strategy.
The author of this content is a paid contributor for Verizon.
1GartnerPress Release, Gartner Forecasts Worldwide Public Cloud End-User Spending to Reach Nearly $500 Billion in 2022, April 19, 2022.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
2IDC, Worldwide Semiannual Internet of Things Spending Guide, June, 2021.