Businesses that are trying to solve the hyper-convergence of technical and business problems by purchasing tools to mitigate risk, "are instead ending up with a lack of mitigation and a lot more telling me I have a problem," said Stan Black, CSO, Citrix.
Black said, "What we are all talking about now are complex attacks going after this ecosystem of technologies and trying to find the weakest link." The bad actors know that they can find a weak link, likely long before the enterprise. Once they get in, they progress.
"They end up with a multi front attack on the network. Cryptolockers have an inherent immediate need for security teams to focus on thwarting them," said Black. "They launch one of those and in concert launch a secondary attack with other malware that is their primary. They are using the window to come in and probe, send phishing emails, or change binary codes as they learn more about your response to these attacks," he continued.
Many of the issues with layered defense appear on different fronts. An IT help desk gets a call, then the security operations team starts seeing red flags on their screens. The events occur on different fronts, and they are not talking to each other.
"We need a common set of logs. Each group traditionally has captured their own logs for their unique purposes. We need to be moving toward a common language so that we can have a high fidelity look back to see an increase in persistence and nature. By using the same set of logs we are now able to work in concert and have full clarity of what other teams are seeing," Black said.
Black attributed the high number of security tools in an average enterprise security architecture to multiple acquisitions and growth over time. Rarely is the merging of security infrastructures a top priority during an M&A; thus, larger enterprises end up with a lot of redundancy in security tools.
"There are two ways to remove the problem," said Black. "Either find significant overlap between one problem and another--there's likely upwards of 50% overlap--or find which tools provide the highest level of fidelity and actionable information, and then remove or significantly reduce all others over time."
While some products do individually add value to the overall ecosystem, managing all of the security technology has become very complicated, said Geoff Webb, vice president of solutions strategy at Micro Focus.
Most enterprises are looking at their many layers of defense in depth and realizing that they have added many different tools to protect against many different types of attacks. "The security team's ability to manage and develop the architecture that is compromised," said Webb, "because it's difficult to understand exactly what’s happening."
Sign up for CIO Asia eNewsletters.