Complex and Fragmented Systems are the Enemy to Security
Businesses have complicated networks these days. Private clouds, public clouds, as-a-Service systems, shadow IT, BYOD programs, legacy platforms, older devices, and new software are just a few of the systems security teams manage. Couple that with the fact that many of these systems have their own siloed security programs—and that many internal teams don’t share the threats they receive with one another—the fragmentation is enough to create a legitimate security threat, rather than solve one. We all want to keep our companies’ information safe. Which begs the question: how did we get here?
In-Depth Security: When Complexity Creates Chaos, Not Security
In the past, it was a common belief that having multiple layers of security would provide extra layers of protection. After all, if one layer fails, there are many more waiting to pick up the slack. But what we have found with this type of “in-depth security” is that the complexity it creates is a threat to security itself. The more complex the system, the harder it is to process and manage all the alerts or breaches taking place. A study of North American and United Kingdom companies showed 70 percent of security professionals felt there was too much data to take action on it all, and only 27 percent felt their companies were effective in using the data to pinpoint threats. While the layers created a type of “obstacle course” for hackers, it’s not an insurmountable one. In the end, in-depth security creates more problems for businesses than it does for the hackers themselves.
So, what’s to be done about it?
Threat Intelligence: Simplifying Complex Security Systems
The truth is, most companies today are running on highly complex—highly fragmented—security systems. Even the 123 black lists we use to create safe information spaces do not generally overlap with one another. That means anyone using just one of those lists to identify threats would be highly susceptible to damage. The trick, then, is to de-fragment the systems, and create a simpler, aggregated infrastructure that both collects and analyzes security threats. Basically, we need to consider a move toward threat intelligence.
I know, another security buzz word. And I’m not completely endorsing it, either. I wrote a piece this past summer, Intelligently Using Threat Intelligence, which states many companies simply don’t understand threat intelligence enough to use it wisely. I am in no way advocating that every enterprise in America needs to drop their current security protocols and spend millions on a high-tech threat intelligence program. What I do think, however, is that we need to do a better job of simplifying, automating, and aggregating the information on threats and breaches we have so that security teams can use it more wisely.
A Smarter Path to Security
Companies today need to consider the following to keep their networks and information safe:
Break down the siloes: Just as it’s possible for a company’s people to work in siloes, it’s equally possible for their data to reside in siloes, as well. When dedicated teams focused on deployment, malware, or incident response fail to log and share information across lines, it creates a reservoir of wasted knowledge that the rest of the company will never benefit from. Work to aggregate data and knowledge as much as possible.
Simplify solutions: Are the dozens of software and as-a-Service systems your company is using all necessary? Doing a sweep of un-needed or redundant applications will also sweep out unnecessary security layers, making it easier to detect real threats.
Automate when possible. Recent research shows more than 30 percent of companies ignore more than half of the security alerts they receive due to sheer volume. Clearly, there is too much information about security breaches for it to be manually evaluated. As I recommended in my piece Not All Threats are Considered Equal, consider artificial intelligence to help evaluate risks and collect information, freeing up time for your security personnel to focus on true threats.
Go further. Don’t just process and dump the information you get. It’s OK if you can’t hire a threat intelligence team. But consider consulting with a threat intelligence specialist or as-a-Service provider to make sense of the data you gather. Doing so will help you make forward-facing decisions that keep your information safe.
Security threats will always be a danger in this increasingly technological world. And with so much happening digitally, we have even more to lose. Help your teams succeed by keeping your systems as simple as you possibly can, and making the best possible use of your data and resources. It may not be possible to avoid the potential of security threats, but it is possible to avoid more of them.
Additional Resources on This Topic
Intelligently Using Threat Intelligence
Not All Threats are Created Equal
Artificial Intelligence and Automation: Predictions for the Future