Tech
Paid Content : This paid content was written and produced by RV Studios of Red Ventures' marketing unit in collaboration with the sponsor and is not part of ZDNET's Editorial Content.
Home Tech Security

Open and Connected Security is the Future of Cybersecurity

For years, powerful point solutions have been positioned as the solution to our security woes, yet organizations struggle to keep up with the onslaught of sophisticated attacks. A new approach that unifies multiple tools and automates workflows is needed to unlock the potential that the market has delivered.

Eight years ago, hackers stole 110 million customer records from Target. At the time, it was one of the largest data breaches in history. It cost Target hundreds of millions of dollars, and several IT personnel lost their jobs. Target executives wound up testifying in front of Congress.

Target had invested in cybersecurity monitoring tools and had them in place to monitor for breaches. And, according to Reuters, Target's IT security team actually received alerts indicating the presence of malicious software at the very beginning of the attack.
But they ignored those alerts.

This is the truly sad part. It wasn't because Target's team was lax or inattentive. It was because their security monitoring service fired off 100 or more alerts each day, making it almost impossible for security teams to investigate each alert and respond with urgency. Worse, the security monitoring software was able to delete malicious software automatically, but that feature had been disabled, because it spewed out too many alerts when enabled.

The lesson of Target was heard loud and clear by executive teams and IT managers worldwide. Everyone invested in tools to prevent and mitigate breaches. Preventing breaches became so much of a priority that, according to the 5th IBM/Ponemon Cyber Resilient Organization Report, organizations subsequently deployed (on average) 45 unique cybersecurity tools to protect their networks.

The price of all this added security was not inconsiderable. Counterintuitively, the increase in security investment actually caused the cost of a data breach to go up. According to the 2020 IBM/Ponemon Global Cost of a Data Breach study, security system complexity increased the cost of any given breach by an average of $292,000.

Too much prevention, not enough cure

Unfortunately, the increased investment in point solution tools did not make for more effective cybersecurity. In fact, ZDNet reported, "Enterprises that deploy over 50 tools ranked themselves 8% lower in their ability to detect threats, and 7% lower in their defensive capabilities, than other companies employing fewer toolsets."

It seems counterintuitive, but it makes sense that all this tech is making things worse. Each solution adds another data silo, another monitoring dashboard, another burst of notifications and alerts. And each contributes to the overall complexity of the environment.

The current point solution approach isn't working. That's becoming more apparent every day. But the solutions are each doing their jobs. SIEM (security information and event management) has value. As do endpoint detection systems and threat intelligence services. But the signal-to-noise ratio has been monopolized overwhelmingly by the noise.

Still, point solutions are usually necessary. Sometimes, there's only one tool that will monitor a certain piece of gear, scan a given cloud service, or look for a specific situation unique to your business. But, as we've seen, they spew out too much data, increasing the fog of war.

Open solutions break down silos

It's time for a new, aggregated approach. We want to centralize and normalize essential input into a single dashboard environment so we can monitor signals overall, without the overwhelm that comes from 40 or 50 apps all sending out cries for help at the same time.

As we move forward in this series of articles, we're going to look at powerful new solutions that coordinate and integrate all these signals. We'll explore how to resolve the challenges of proprietary point solutions by moving to a more open paradigm.

One such industry initiative is Open Cybersecurity Alliance. Co-founded by IBM Security, this industry association of 20+ security vendors aims to build an open ecosystem where cybersecurity products can interoperate without the need for customized integrations.

The key is to use open solutions that allow data-sharing and provide APIs to query and request information. You'll want to look at both point and integrated solutions that are open and able to communicate with one another.

This strategy is uniquely suited for hybrid environments. You'll probably be managing some legacy, on-premises applications, plus multiple cloud SaaS and IaaS applications. That makes your threat surface multi-cloud, so your defense will need to be, as well.

Even before the pandemic hit, cloud and mobile were taking root in enterprise environments, but Covid-19 escalated digital transformation tremendously. According to Gallup, 58% of Americans worked from home either full or part time in October 2020. When compared to the 16% who worked from home either full or part time just a year before, the magnitude of change is evident.

The entire paradigm of walled-garden, on-premises security is obsolete. Where trust used to be granted inside the walls of a headquarters building, that's no longer practical or relevant. Instead, we're moving into a world of Zero Trust security, where every device, every transaction, every packet, and every individual must be checked and re-authorized continually.

IT teams don't exist in all the home offices of all our teams. In fact, we have very little visibility into any of those working environments. As such, we must assume that every device is infected with malware and protect our networks accordingly.

Never trust, always verify

One solution that aims to address these challenges is IBM Cloud Pak for Security.

IBM Cloud Pak for Security aims to help you solve most of the issues we've described. It provides a central, integrated, open approach to managing cybersecurity with a single pane of glass interface that allows you to drill into the point solutions, use data gathered from them, and aggregate data into new tasks and automations – bringing together disparate Data Security and Security Operations Center teams.

On its website, IBM Cloud Pak for Security is described as, "The security platform that connects current and future security tools, leveraging open source and open standards, and aggregates the data that each generates, leading to deeper insights and enabling automated responses."

If you have too much data to organize and sift through, if you're missing incoming threats or taking too long to respond to high-risk events, if your security teams are overwhelmed with events and notifications, and if you have data scattered in silos, IBM Cloud Pak for Security can help.

To learn more about IBM Cloud Pak for Security, please visit www.ibm.com/products/cloud-pak-for-security.

Editorial standards