By Fady Younes
Multi-vendor security environments and an unmanageable number of security alerts are causing cybersecurity fatigue in IT security specialists, and harming organization’s ability to protect themselves
Keeping up with cybersecurity is one of the biggest challenges facing CIOs today. Managing cybersecurity, and your organization is safe from the latest threats requires investment in skilled resources and time.
Managing cybersecurity is made more difficult by the need to support a complex environment of multiple security products from multiple vendors. Today’s businesses need to protect many different aspects of their operations and getting the best protection for each can require deploying best-of-breed solutions from different vendors. Typically, businesses have addressed new threats by adding another solution to their network, whether that solution can integrate with the existing IT environment or not. Managing multiple security solutions, with multiple sets of alerts, and ensuring there are no gaps in coverage, is a major challenge for CISOs.
In Cisco’s sixth annual CISO Benchmark Report, released in 2020 most organizations reported that they found managing a multi-vendor environment to be challenging, with 28% saying it was “very challenging”. Just 17% of respondents said it is easy to manage a multi-vendor environment down from 26% in 2017.
The report found that while the majority of organizations (86%) are using between 1 and 20 different security technologies, 13% said they are using over 20, and 4% of companies report using a staggering 50 or more different security solutions.
Managing so many different vendors is not just a burden on time and resources for the IT department, but can also become a factor in reducing the effectiveness of cybersecurity protection as well. Dealing with integration issues and a high volume of security alerts can distract security engineers from tackling other challenges they face, such as public cloud issues, mobile device management and dealing with patching and update cycles in a timely fashion.
Failure to integrate multiple security solutions can also leave gaps in coverage, or create a situation where the IT team doesn’t properly understand what protection a particular solution is providing or how it works, impacting visibility and awareness into the true security state of the network.
An overly-complex IT environment has also been identified as a factor in ‘cybersecurity fatigue’. Forty-two percent of respondents to the CISO Benchmark report said they are suffering from cybersecurity fatigue, defined as virtually giving up on proactively defending against malicious actor. Ninety-six percent of those who reported suffering cybersecurity fatigue cited managing a multi-vendor environment as being a cause of their burnout.
It is easy to see how complex environments can easily overwhelm the IT team. From 2017 to 2020, the percentage of respondents reporting that they receive over 100,000 security alerts per day rose from 11% to 17%. Only around one-third (36%) say they get less than 5,000 alerts per day. High volume of alerts is clearly a factor in cybersecurity fatigue, with 93% of sufferers saying they get over 5,000 alerts per day.
Addressing these overly-complex security environments is essential for IT departments that want to take back control of their security environments. One of the key trends highlighted by the CISO benchmark is vendor consolidation – since 2017, the number of CISOs saying they are using 20 or less vendors has increased by 7%, and there has been a 6% decrease in those saying they use 21-50 solutions. Reducing the number of vendors can bring clarity to the security environment and help ease the burden on the IT team.
Another strategy for gaining more control over your security landscape is automation. CISOs are looking to automate security processes such as asset discovery, vulnerability remediation, detecting anomalous activity, and especially managing the volume of alerts and updates. Human intervention is still required to set up and monitor automated processes, but it clearly offers a solution – 77% of respondents to our CISO Benchmark study said that they are planning to increase automation to simplify and speed up response times in their security ecosystems.
To really manage the complexity of IT environments with multiple vendors, CISOs are looking for solutions that can integrate, automate and consolidate their entire estate into one manageable whole. Cisco’s SecureX platform is one such solution, an open, scalable, cloud-based platform, that integrates security solutions from multiple vendors, and enables organizations to add in best-in-class functionalities direct from Cisco to meet new threats and requirements.
A single platform with integrated threat and security management gives the security team full visibility into their IT environment across network, endpoint, cloud and applications, and allows them to work smarter by automating and prioritizing security alerts, to reduce the impact of cyber fatigue.
By integrating all of its security solutions under one platform, including solutions from multiple vendors, a business can preserve IT investment, at the same time as gaining a better understanding of any duplication or unused capabilities, allowing them to eliminate redundancies and optimize usage of existing solutions and further streamline the environment.
Security challenges are not going to get any less complex, but with the right strategic approach, security environments do not have to become more complex. Removing the burden of complicated multi-vendor security environments can reduce cyber fatigue, and give the CISO the time to work smarter, streamline defense and focus on prevention as well as detection and remediation.
(Fady Younes is the cybersecurity director, Middle East & Africa, Cisco).