IT security teams are struggling to cope with 'information security debt' brought about by a glut of siloed tools and technologies, and must look to consolidate with a focus on threat detection and risk management, according to 451 Research.
Seen exclusively before publication by Infosecurity Magazine, the analyst firm’s latest report, A Data-Centric Approach to Endpoint Security, details the operational inefficiencies which have grown from the proliferation of endpoint products many organizations are now saddled with.
Sponsored by Digital Guardian, it claims that two-thirds of large global enterprises now have as many as five separate endpoint solutions in place, with the figure rising to 10 in 10% of cases.
Some of these products might even rely on multiple agents, compounding the challenges for security teams in making sense of the multiple streams of data and insights generated by these solutions, the report says.
Given the skills problems already faced by the industry, it’s not hard to see how under-staffed teams are struggling to manage such an environment, with the so-called information security debt overwhelming IT departments and allowing threats through.
The good news is that consolidation has finally begun, in a bid to drive more value from security investments, improve detection and provide richer intelligence and context for security operations.
However, the report warns that “not all consolidation approaches are created equal”, and any efforts must move beyond economic or operational efficiency considerations.
The focus should therefore be on creating an endpoint security environment which empowers security teams with real-time event data, enabling them to detect sophisticated threats which “leap with comparative ease from network to endpoint and application to data”, says 451 Research.
The ideal is to have a single, unified console generating insights and applying analytics to this real-time data to offer actionable intelligence which can be used to stop attacks before they have a chance to impact the organization, it continues.
This proactive, data-driven approach also requires tools which can communicate effectively with each other, feature a risk evaluation element and provide endpoint visibility at a process level, the report concludes.
“Attacking endpoint security product proliferation does not have to be a major project,” 451 analyst, Eric Ogren, told Infosecurity Magazine.
“There is no reason why any organization should have five security products on their endpoints. Set a hard limit at two or three and work to enforce that limit. You’ll have less to manage and your security profile will actually improve."