When it comes to layered defense and security tools, less is often more just as more can sometimes be less. The average enterprise uses 75 security products to secure their network. That's a lot of noise and a lot of monitoring and testing for security practitioners.
To make sure that the security tools not only work but work in harmony with each other, some security professionals recommend taking a closer look at the layers of the security ecosystem to eliminate redundancies that contribute to alert overload.
There is a lot of threat intelligence information out there, and Stephan Chenette, CEO, AttackIQ said all of that threat information can be overwhelming. "They need to use the threat information to determine what is applicable to their organization and tailor it to their industry. Risk has a number of factors, not only the impact to organization but also the real probability of the threat," Chenette said.
Security teams need to distill down all of that threat intelligence and find what matters in relation to their business because most enterprises aren't regularly testing all of their security tools, "The alerts that matter are being missed," Chenette said.
The security industry has long touted defense in depth as the solution to thwarting off attacks, but the reality is that more layers don't prevent attacks, said Chenette.
For many enterprises there is a disconnect between the products they are buying and their effectiveness. "Many people are putting firewall, IPS, and antivirus in place thinking that intelligence is actually going to help them," Chenette said.
What is more effective is taking that threat intelligence and running attack tests and attack models to identify potential blind spots. "Defenders think in lists but attackers think in graphs," Chenette said. In order to build the best defense in depth strategy, the organization needs to start looking at what’s at risk and what’s at stake and then determine how to create security around those assets.
"Hope is not a strategy," said Chenette, so in order for companies to improve their security strategy, they need to realize that technology can fail. "Controls fail over time, and the worst outcome is that there is a breach because they had a control in place that should’ve detected," Chenette said.
It's important to know what security controls are in place, whether the controls are even working, and whether those are the right controls for the realistic threats.
With an average of 75 security tools in play, redundancy exists. "Many organizations are hiring security experts to manage redundant products and manage alerts that don’t mean anything. The goal of continuous testing is to find the core amount of security products. To truly have a smart strategy and resilient architecture," Chenette said.
Sign up for CIO Asia eNewsletters.