By Hadi Jaafarawi, Managing Director – Middle East, Qualys
Less is more. We all instinctively grasp the wisdom in the adage, but we do not all live by it. According to IBM, the average enterprise has more than 45 security tools deployed to monitor and protect its stack and once an organization reaches 50 security tools, it begins to encounter a deterioration in its defense capabilities.
And so, as the regional threat landscape continues to heat up and new business dynamics such as hybrid work and DevOps emerge, the less-is-more logic leads us to an inevitable conclusion. We must consolidate our security systems into cloud-native, single-pane suites — for manageability, for uniformity in our operations, for quicker response times, and for scalability. And there is an added advantage to cloud-based security solutions. Because they offer all traditional tools on a single console, CISOs (and their teams of threat hunters and analysts) reduce their dependency on multiple vendors and reduce costs in the process.
In pursuit of the ideal security environment in which we minimize the incidence of false positives and reduce alert fatigue, “platformization” and a consolidated set of cloud tools allow us to build a capabilities arsenal that can return confidence to stakeholders. A comprehensive suite has 10 main elements.
1. Cybersecurity asset management (CSAM)
You cannot protect what you cannot see. Gaining broad and deep visibility of every asset in today’s hybrid digital estates presents a considerable challenge. Monitoring tools must be able to probe on-prem and cloud-based devices and applications in real time.
Complexity increases in an ICS environment, where asset-monitoring tools from both the IT and OT sides must work together seamlessly. Cybersecurity asset management (CSAM) combines endpoint protection, vulnerability management, cloud security, incident response, continuous controls monitoring, and security policy enforcement.
2. Threat and vulnerability management (TVM)
Threat and vulnerability management identifies and fixes the security gaps that would otherwise often go undetected. New vulnerabilities are reported almost daily, which places an enormous burden on security and IT teams.
Effective vulnerability management combines patch management, vulnerability scanning, and risk assessment, with some more advanced solutions including vulnerability management, detection, and response.
3. Patch management (PM)
Patches go beyond security vulnerabilities. They also fix bugs and performance issues. Comprehensive patch management will track each new release of an app, but hybrid environments expand the number of endpoints and make it difficult for teams to prioritize patching. Cloud-based, consolidated, automated patch-management platforms overcome such issues and prevent exposing data to malware and ransomware attacks.
4. Endpoint detection and response (EDR)
Because of the proliferation of remote workers, we now have more endpoints than ever before. This is a fundamental concern facing the region’s security professionals. EDR combines real-time data analysis and monitoring of endpoints with heuristic, automated response.
Cybersecurity vendors now offer new EDR that is designed to reduce the incidence of false positives and prevent lateral movement. Multi-vector endpoint protection brings together multiple layers of protection, combining rules-based screening with AI-based techniques.
5. Extended detection and response (XDR)
XDR is a SaaS-based detection and incident-response approach that combines several security tools into a unified platform. XDR allows threat hunters to identify and mitigate modern threats such as ransomware and zero-day attacks.
XDR works through the implementation of proactive prevention, detection, and response, providing visibility across all data sources, including endpoints, networks, and cloud data. Advanced analytics and automation lead to improved protection, detection, and response capabilities, and better productivity for security personnel.
6. Email security
As today’s preferred attack vector, email warrants close attention when enterprises consolidate their security suites.
Now that more and more email is cloud hosted, mail security solutions will help enterprises block email-related threats such as malware, advanced persistent threats (APT), phishing, spam, business email compromise (BEC), and zero-day threats.
7. Compliance
Risk management amid a growing roster of regulatory obligations is becoming a constant pressure for regional CISOs. Security governance and risk management platforms cover international regulations such as the EU’s GDPR and nation-level rules such as the UAE’s Federal Personal Data Protection (PDP) Law.
8. Cloud and container security
According to Deloitte, the outlook for most enterprises around the world when measuring cloud security risks is one of struggle. Between now and 2025, it is projected that 99% of cloud security failures will be the fault of the customer.
The region’s businesses are focused on staying connected with customers and employees, and the cloud is the most effective way to do so. But rapid cloud expansion means more apps, more policies, and more data stored in (and passing through) third-party locations. Yet cloud provides several security benefits over on-premises setups, assuming implementers do not make errors in configuration, monitoring, patching, or authentication.
9. Web application security (WAS)
Web AppSec is what enterprises use to secure the digital experiences ecosystem for customers and employees. Everything from websites to mobile apps falls under this banner, so a sound strategy for Web applications is critical to safeguard data, for the sake of the customer, the business, and any other stakeholders in the value chain.
Nobody wants to be the victim of data theft or business disruptions, and unprotected Web apps are shiny objects to an opportunistic threat actor.
10. IT/OT convergence
Across the region, manufacturing companies are embracing Industry 4.0 to reap value from their data. IT, OT, IoT, supply chain, and production systems are uniting to facilitate the journey. But as the storage and business intelligence of IT merge with the supervision and control of OT, advanced IT technologies such as virtualization, cloud, AI, and agile DevOps, emanate from this convergence and must be protected.
More with less
As we consolidate our security technologies to protect our increasingly complex environments, we go even further that the less-is-more imperative demands and end up doing more with less. We cut costs, we reduce stress for security teams, and we protect what matters most. Consolidation, in the years ahead, should be our watchword.