The Need for Security Tool Integration and Consolidation
Organizations of all sizes face serious security threats
There are more cyber security threats facing US organizations than ever before. These threats come from sophisticated hacker rings, nation-state sponsored attacks, and terrorist organizations. It seems like every week, another major data breach makes headlines.
Some of the largest data breaches in 2016 include:
US Office of Personnel Management: Hackers made off with 22 million personnel records stolen in an attack that went undetected for 343 days.
The Hacking Team: 400GB of corporate data was stolen that included uncovered security vulnerabilities.
Ashley Madison: This online dating site for married people affected 32 million users. Their data was posted online.
It is not just large organizations that are at risk. According the National Small Business 2015 Year-End Economic Report, 42% of small businesses have been hacked. The average cost per attack is $7,115.26. If bank account information was accessed, then the cost jumps to $32,020.56 per attack.
Small and medium-sized businesses are a prime target for cyber criminals. After all, SMBs tend to lack the budget and resources that large organizations have to protect themselves and their customers. Yet, they still store data that is highly valuable to criminals.
How do SMBs protect themselves from cyber security threats?
A report from the Ponemon Institute says that companies with 1,000 employees or more spend an average of $15 million per year fighting cybercrime. Smaller organizations cannot come close to that kind of investment. So what do smaller organizations do?
Most organizations have the basic security tools installed. They have anti-virus and anti-malware installed on their PCs and servers. They add firewalls to segment their networks from the public internet. And they have spam filters to help secure their email.
These tools have their specific functions and are very important. Unfortunately, they are simply not enough to fully protect a company’s assets and data. They leave too many security holes. Then when an attack does occur, IBM reports that it takes an average of 256 days to be detected. Once a threat is detected, it can take between 7 to 175 days to contain the data breach.
SMBs add more security tools
Forward-thinking companies, or organizations that have survived a data breach, add tools that help them log network and application activity so they can be notified when a data breach occurs. The most common tools are Security Information and Event Management (SIEM) products. The challenge with SIEM solutions is that they are difficult to implement, configure, monitor, and manage. In fact, the average SIEM implementation takes 15.2 months.
The logs that SIEM solutions create are a challenge to monitor and manage. A full-time employee could be required just to analyze these event logs. Then, they have to be able to determine if an anomaly has occurred and decide how to react to it.
These security tools are a management nightmare
Now, SMBs has an estimated 8 to 10 different security platforms. The systems come from multiple vendors and do not communicate with each other. These tools may not be aware that the other security systems exist on the network at all.
Each one of those tools has its own management consoles, they require frequent updates, and staff has to be trained to be proficient in each one—the same staff that is already stretched thin while being asked to add additional value to the business.
Security tools that are not monitored and managed correctly creates a security problem. These tools require definitions and application patches to be up to date or they become susceptible to zero-day vulnerabilities. A zero-day vulnerability is a security hole in software that the vendor does not know exists. Hackers exploit this vulnerability before the vendor issues a patch. It is reported that in 2015, a new zero-day vulnerability was discovered every week.
The security answer for SMBs
As hackers become more sophisticated, organizations have to be more diligent in their security practices. That requires hiring highly-trained security professionals. The problem is that these professionals are hard to find—and can demand a salary to match.
Security is one of the IT functions that can benefit the most from working with a managed security services provider (MSSP). An MSSP has the resources to invest in the latest technologies that are beyond the budgets of many SMBs. The MSSP also has a staff of dedicated security personnel. Critical updates and patches do not get missed and data breaches are detected as quickly as possible.