It seems everything around us is getting smarter: smartphones, smart cars, smart thermostats, smart refrigerators, smart TVs, smart lights, smart homes, etc. – everywhere we go we find ourselves interacting with technology.
In fact, according to Digital 2021: Global Overview Report from Datareportal.com, adults now spend almost seven hours a day interacting with all of their connected devices.
Just as technology is becoming a larger part of our daily lives, businesses also increasingly rely on technology to improve communication, enhance decision making, manage customer relationships, drive go-to-market solutions, and more. Just look at how business leaders are investing; worldwide IT spending is expected to increase to $4.2 trillion in 2021 according to Gartner.
Technology has had a massive, transformative impact on business, but the introduction of modern capabilities and new technologies expands the threat surface significantly. According to the FBI’s 2020 Internet Crime Report, the Internet Crime Complaint Centre received a record 791,790 cybercrime complaints in 2020. Security breaches are not only common, but they are also costly – with the average data breach in 2020 costing businesses $3.86 million according to a new report from IBM and the Ponemon Institute.
Business leaders are taking note. Spending on information security and risk management technology and services is expected to grow 12.4%, reaching $150.4 billion in 2021 according to Gartner. The increased focus on security is good but the approach needs to mature as well if we want to get the most out of our investments. Traditionally, new threat vectors (from introducing new technologies) are addressed by purchasing and implementing new point solutions which can lead to significant security technology sprawl.
In no time at all, the security toolchain is a large stack of firewalls, endpoint detection and response solutions (EDR), Data Loss Prevention solutions (DLP), Network Access Control (NAC), and more. And that stack becomes more bloated as the security landscape becomes increasingly complex. It is common for midsize and large organisations to have fifteen to forty different point solutions in their core security stack, and up to eighty when you evaluate their complete technology portfolio.
There’s a certain logic to the approach noted above: Identify a security gap, deploy a technology solution to mitigate it. Repeat.
However, this “tool-first” approach to security is often at the expense of the two other pillars of a mature security program: processes and people. This approach can cause significant problems over time, creating technology silos between teams, adding exponential complexity to response teams, and reducing program transparency due to a lack of central reporting.
Security analysts, often from the Security Operations Centre (SOC), are commonly assigned to triage the various alerts and other information these tools generate. Tool sprawl forces them to take a “swivel-chair” approach to processing new issues as they come into the SOC. The SOC analyst might have to log into as many as ten different systems just to determine whether an event is real (and requires further action to mitigate) or a false-positive.
This slows down the analysis and exacerbates actual security threats by delaying remediation. The SOC team often lacks the 360-degree visibility it needs to evaluate, contextualise, and respond to security data in a centralised location – a problem that worsens as the complexity of your technology stack and the corresponding threat landscape continues to grow.
These organisations must modernise their approach so that they can achieve the benefits of emerging technologies without introducing unnecessary risks.
The following are three steps to help IT leaders modernise their Security Operations program:
The more technology we have the more dependency we have on ways to aggregate the data and make it intelligent and actionable. A Security Incident Event Management (SIEM) solution is critical to aggregate all the data from the disparate sources into a common system of record where we can leverage workflows to remediate the threat.
The aggregation alone is not enough; build a program that can filter through the thousands of alerts and find the threats that matter. It is critical to building a security “Control Tower” that gives equal consideration to the processes and the technology, consolidating events from your SIEM into a single system of action, that enables the people to identify, triage, and address security threats quickly and efficiently.
The ultimate objective of a security program is to prevent as many threats as possible while also enabling your security teams to take quick and correct action when threats arise. This means that enabling and empowering people with efficient technology that aggregates and enriches data supported by well-defined processes that provide guidance and remove confusion should be the goal.
Connect with our team of experts today to answer your questions about ServiceNow's Security Operations solutions and how to protect your organisation against modern security threats.