While many would have been hoping for calmer waters in 2023, it seems unlikely. In January, the World Bank warned that the global economy could tip into a recession, forecasting GDP growth of 1.7%. – the lowest figure outside the 2009 and 2020 recessions since 1993.
Between energy price spikes, inflationary pressures, tax hikes, labor shortages, and supply chain crunches, organizations are already bearing the brunt of an increasingly difficult economic backdrop. And as the cost of doing business continues to rise, many will be firmly focused on keeping their finances in healthy shape. For security professionals, that is likely to lead to stricter budgets.
Promisingly, business leaders increasingly recognize the importance of cybersecurity, a recent Gartner survey revealing that 88% of boards of directors see it as a business risk. However, that doesn’t mean that CISOs won’t be unaffected as organizations work to scale down their expenses. Just like every other department, any security-centric outgoings will be placed under the microscope.
This will present challenges; however, in many cases, it will also offer up opportunities – namely, in the form of some overdue spring cleaning, providing security teams with the motivation to update, optimize and improve their overall security strategies.
Organizations typically have somewhere between 10 and 50 security solutions. And while all of these would have served a purpose at some point in time, many will now be redundant, badly underutilized, or have overlapping capabilities with other applications.
In this sense, the enforcement of stricter security budgets is not all bad news. Indeed, it provides the perfect opportunity for CISOs to consider how they can consolidate the cybersecurity technology stack.
From an operational perspective, this makes a lot of sense. If an organization does have 50 solutions on its books, then training each and every professional to utilize the full extent of that toolkit is no easy or quickly attainable feat. Further, those that are tasked with monitoring and maintaining every platform will likely find themselves overwhelmed, ultimately contributing to potential stress and burnout.
The majority of CISOs have identified the upsides of downsizing already. According to Gartner’s Top Trends in Cybersecurity 2022 Vendor Consolidation report, three quarters (75%) are now pursuing a vendor consolidation strategy, up from less than a third (29%) in 2020.
Reducing complexity: From siloed to converged security setups
Interestingly, motivations for this don’t always necessarily revolve around cost. While such a strategy will naturally help to cut expenses associated with licensing, training, and maintenance, the report highlights a focus on the merits of reducing complexity and improving risk posture too.
The appreciation for a consolidated security stack is clear. However, enterprises looking to explore this avenue will need to consider the optimal approach.
Critically, issues in the security stack tend to arise when firms adopt disparate solutions. While Security Information and Event Management (SIEM) can alert security professionals of nefarious activities, they won’t typically include the tools required to pick up and respond to each different threat quickly and effectively.
As a result, companies will begin to look outside for other tools such as Security Orchestration, Automation and Response (SOAR), or User and Entity Behaviour Analytics (UEBA) to automate analyses and responses where possible. This can leave firms with an extensive portfolio of siloed and even conflicting systems that become extremely difficult to integrate.
To prevent such a dynamic from emerging, it is important to prioritize the creation of a converged security setup. By thinking about the bigger picture over individualized tools for specific purposes, organizations will immediately begin to eliminate the complexities associated with managing entirely different security products.
The number of solutions, vendors, and integrations will be dramatically reduced, eliminating the burdens placed on security teams. Further, efficiencies of scale will also be unlocked, offering analysts a transparent and centralized overview to surface and review important alerts with greater context.
In every sense, a much fuller picture is painted for analysts, costs included. Expenses on tools can be easily controlled, while insights into how often each solution is used can also be surfaced, providing indications of relevancy, importance, and total cost of ownership.
Ultimately, we’re talking about combining technologies as a way of reducing complexity to improve outcomes. By converging the SIEM with UEBA, organizations will benefit from machine learning and AI behavior-based analysis; by converging it with SOAR, they will benefit from automatically incorporated threat intel, business context, and entity risk observations.
From enhanced security performance and improved analyst productivity to greater cost transparency, those organizations that successfully consolidate their security stacks in 2023 should stand to benefit in a multitude of ways.
Tim Wallen is the Regional Director, UKI & BeNeLux, at Logpoint.