Sameer Malhotra is cofounder and CEO of TrueFort, a former Wall Street tech exec and an expert in IT infrastructure and cybersecurity.
The role of a chief information security officer (CISO) is expansive and increasingly complex, encompassing an array of duties to safeguard the organization against an ever-evolving cyberthreat landscape.
One of the biggest factors that has caused cluttered and intricate operational environments has been managing numerous security products and platforms. An oversaturated security ecosystem can result in a lack of clarity in threat identification and mitigation, exacerbated by the need to manage multiple consoles and endpoint agents. In other words, an overstuffed “product forest” is a harbinger of inefficiency.
In response, more and more CISOs are aligning their strategies with the “less is more” approach, which promotes operational efficiency through rationalization and optimization of security resources.
The Gordian Knot Approach
An array of security tools, designed to address discrete segments of the operational environment, often results in disparate and uncoordinated security measures. Products that are redundant, underutilized or lying dormant undermine the utility and value of these resources.
An enterprise’s attempt to address this chaotic situation often involves the deployment of a security information and event management (SIEM) system for centralized triage and analytics. SIEMs excel at helping security operations center (SOC) analysts identify known attack techniques, but they struggle in predicting and mitigating unknown malicious activity due to their lack of context around the normal behavior of IT hosts and IOT devices.
SIEM systems also often generate an overwhelming volume of monitoring data and logs, which are not always actionable or easily interpretable. The financial burden of SIEM deployment is substantial, incorporating the cost of the solution, requisite specialist training or hiring and continuous operation and analysis of SIEM data. In many cases, the integration of multiple agents and appliances into a single console, critical for holistic visibility, poses a formidable and costly challenge for organizations that deploy SIEM.
SOAR, APIs And Integrations
One of the most effective ways to realize the “less is more” efficiency paradigm in security operations involves the implementation of a security orchestration, automation and response (SOAR) system.
According to Gartner, SOAR facilitates the collation of inputs overseen by the security operations team, such as alerts from the SIEM system and other security technologies. By employing a blend of human acuity and automated power, SOAR can enable the definition, prioritization and execution of standardized incident response actions through digital workflows.
An optimal SOAR system should be capable of extracting pertinent information from all deployed security products, helping to create a consolidated, “single-pane-of-glass” console. This offers security analysts a comprehensive view of the security landscape, empowering them to perform their tasks more effectively.
Nonetheless, the strength of a SOAR solution is contingent upon its weakest link, often being a poorly secured application or a myriad of such applications. Application attacks are a common attack vector targeting data centers and corporate entities.
Mitigating this threat necessitates that all security products provide open APIs to enable robust integrations between existing agents, associated security products and the SOAR platform. As the use of APIs in security becomes standard practice, this strategy maximizes the value derived from existing technology stacks.
Achieving ‘Less Is More’
Adopting a “less is more” approach can yield numerous benefits across the SOC and the broader organization. The most evident advantages include reduced operational complexity, unified attack visibility and decreased expenditure.
To optimize operational efficiency within the SOC, CISOs must strive to reduce product clutter and the associated complexities, costs and inefficiencies. One way to achieve this is by adopting a “less is more” strategy centered around the deployment of SOAR, extensive API usage and robust integrations.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Read the full article here