Rationalizing the Security Stack for More Effective Protection

Written by

Most IT security professionals believe the answer to strengthening their organization’s security posture is to buy more solutions. The idea that more tools equals better protection is a widely-held misconception, however; this approach can, in fact, be costly and inefficient – particularly given the current cybersecurity skills shortage.

Indeed, around half of the respondents to a recent survey of security professionals working for SMEs believed their organization’s investment in cybersecurity had resulted in an overall net loss for the business. With the survey suggesting that security professionals within these businesses are struggling with their workload, it’s perhaps unsurprising that SMEs are becoming increasingly common targets for cyber-criminals. 

There are arguments to be made, therefore, that rather than investing in ever more solutions, businesses should instead be rationalizing their cybersecurity stack, and concentrating only on those tools that deliver reliable, efficient and cost-effective output. 

The burden of false positives
A typical business will employ anywhere between 10 and 50 different security tools. Between them, they will generate a huge number of alerts, each of which security teams will have to react to as fast as possible. 

Many of these tools are single-point solutions; typically erring on the side of caution, they will raise an alert each time they see something unusual. Without any degree of certainty that the activity they’ve identified is actually malicious, many of the alerts they raise will be false positives.

Single-point solutions can raise 17,000 alerts in a typical week, only 16 percent of which will be reliable. This can have a significant impact on a business. An average of 21,000 hours is spent investigating false positive alerts each year, at an annual cost of about £1 million per company.  

Organizations are at risk of being overwhelmed by the sheer volume of false positives these multiple single-point solutions generate - and the drain on precious time, resource and money they represent. For this reason, they are now increasingly looking toward employing fewer, multi-point products that provide greater context around potential threats and – most importantly – turn down the noise. 

By helping security professionals distinguish what’s important, rather than just bombarding them with alerts, AI and Machine Learning can offer the solution they need. There are, however, additional considerations.

Anomaly detection alone isn’t enough
AI and Machine Learning are capable of processing large quantities of data with incredible speed and accuracy. In doing so, they are able to quickly find patterns that would remain elusive to human operators for far longer – if they were even able to see them at all. 

While it’s certainly a valuable means of identifying malicious activity, anomaly detection on its own is not enough. Put simply, it doesn’t address the issue of the number of false positives. What’s more, should an organization deploy nothing other than an anomaly detection tools, there’s a strong possibility it could actually make matters worse, creating even more noise in which attackers could hide. 

For an AI solution to separate genuine threats from benign irregularities, a number of additional factors are required beyond just anomaly detection. Greater accuracy needs greater context, for one thing. AI-powered “intelligent” solutions must therefore observe behavior across an organization’s entire digital estate in addition to specific “just-in-time” intelligence gathered from beyond the corporate firewall. 

With input from multiple perspectives, security teams will enjoy a level of accuracy that will allow them to discount anomalous yet legitimate or non-malicious behaviors that traditional tools would otherwise alert them to. 

In this way, rather than using several solutions each based on a single point of intelligence, a single AI-powered solution based on multiple points of intelligence is able to provide the context necessary to reduce the volume of false positives. Not only will this save time and money but – importantly - it will allow already stretched security teams to focus on more valuable work as opposed to constantly fighting fires. 

Ability offsets costs
Faced with a widening skills gap and ever tighter budgets, security professionals, especially within SMEs, are always looking for more effective – and cost-effective – ways to protect their organizations from external threats. Contrary to popular belief, though, the frantic adoption of more tools is likely to weaken a company’s security posture as well as resulting in needless expenditure for the business. 

No matter the maturity of its security stack, it’s vital that an organization’s IT and security teams work with the C-suite to rationalize their existing technologies, to better protect their business and deliver a greater return on investment. 

The cost of advanced AI security solutions can be offset by their ability to automate the detection of threats and to augment the role of security professionals. Their true value lies in saving precious time and resource by separating the signal from the noise and only flagging the genuinely malicious threats.

This is part of a blog series provided by CyLon, who find, grow and invest in the world’s best emerging cyber businesses, via its tailored acceleration programs in London and Singapore. Since 2015 CyLon has supported more than 80 companies and has a portfolio of international companies valued at more than £400m. 

What’s hot on Infosecurity Magazine?