Over the years, the changing cyberattack landscape has caused security teams to deploy dozens of point solutions. Layer on the associated monitoring tools and consoles from multiple vendors, and the result is unmanageable complexity.
In fact, 86% of organizations are using between one and 20 different security vendors, according to the global Cisco 2020 CISO Benchmark Study. Using all these products has created management headaches, staff fatigue from extra noise around multiple alerts, and an overall lack of visibility into what’s working and what’s not.
The fact is, cyberthreats will continue to evolve and become more sophisticated. Rather than continuing to bolt-on security solutions, organizations need to think strategically and simplify their security environments.
Ways to Simplify
A group of practitioners and Cisco’s Advisory CISOs have offered a series of recommendations toward reducing security complexity. This guidance, along with suggested questions to ask vendors, is compiled in a new report, Simplify to Secure.
At the top of the advice list: integration. Disjointed solutions create inefficiencies and increased management challenges, putting additional strain on over-stretched security teams.
In addition, complexity makes it harder to quickly detect and respond to a cyberattack. For example, Cisco found that those companies using fewer security vendor products experienced less impact from an incident: only 30% of companies using 11-20 products experienced four or less hours of downtime following an attack, compared with 52% of companies that have between two and five solutions.
Wolfgang Goerlich, an advisory CISO with Cisco, says that reducing solutions has multiple benefits. “A vendor rationalization program makes budgets more efficient and effective, while also reducing the amount of downtime that organizations face. Reducing vendor complexity can also help better meet compliance requirements.”
Technology rationalization may sound difficult considering all the things that must be protected, such as applications, cloud, networks, users, and devices. And the effort will take time. Yet, it doesn’t have to be a rip-and-replace effort.
The right security platform capitalizes on existing resources using a platform approach. This allows organizations to build a security ecosystem of integrated solutions that:
- Reduce sprawl. A platform approach can transform the IT infrastructure from a series of disjointed solutions into a fully integrated environment And by shifting the integration burden to the right vendor, organizations can not only build on what they have, but also unify the environment. Over time, the vendor footprint can be reduced by focusing on strategic security solutions that easily integrate.
- Enhance cross-functional team alignment. A platform that offers a customizable dashboard for a single view allows teams to collectively see prioritized alerts and build collaborative workflows. Using metrics and context, security, networking, and IT operations teams can more effectively collaborate.
- Improve security posture. Look for a security platform that delivers built-in automation and analytics. Doing so reduces burdens on security personnel by quickly helping to detect threats, maintain policy and device controls, and coordinate incident response.
A Simplified Platform Experience
With Cisco SecureX, now generally available globally, companies can reduce complexity, strengthen operations, and enable teams to spend more time on higher-value initiatives. It connects the breadth of your security ecosystem and provides a consistent experience that unifies visibility, enables automation, and simplifies analytics. SecureX strengthens security across network, endpoint, cloud and applications.
Find out more about SecureX.