The Compelling Benefits of Connected Security
The 2020 IBM/Ponemon Global Cost of a Data Breach study looked at breached data from 524 organizations and interviewed 3,200 IT professionals to build a picture of what a data breach really costs.
The average breach of the companies surveyed cost $3.86 million and took 280 days to contain. A breach that occurred on January 1 would have had free run of the breached network until October 7. Just over half of the breaches were caused by malicious attacks, and 80% involved the exfiltration of personally identifiable information (PII).
Then there are the mega-breaches – those that involved more than a million records. The study differentiated these whales from the average breaches, because they were so extensive and expensive. Smaller mega-breaches cost $50 million to contain, while breaches of more than 50 million records cost $392 million to contain. Of course, dollar cost doesn't begin to cover the long-term impact on reputation, customer confidence, and legal and regulatory damage.
These results were startling, especially since their organizations were already spending more on cybersecurity tools and resources than in previous years. Cybersecurity budgets have been increasing for years now. As we discussed in our first article, organizations have paid for and installed (on average) 40 individual security solutions per company. But the increase in deployed solutions often results in a signal-to-noise ratio that heavily favors the noise. Simply put, companies are not getting the maximum benefit from all these point investments.
Defending against the ongoing onslaught of breach attempts must be a company-wide effort, requiring the participation of chief information systems officers (CISOs), security operations (SecOps) teams, line-of-work IT professionals, corporate leadership, as well as rank-and-file employees who need to be trained about risk avoidance and best practices.
Security professionals need to adopt a centralized mitigation and monitoring approach that involves connected security applications with a single-pane-of-glass dashboard interface. You need that to help you evaluate notifications and events, sift through all the noise, and dive deeply into threats before they become disasters.
Achieving multiplicative value
The idea is simple, but the deployment can be transformative. The various point security solutions you've deployed, whether on-premises or in the cloud, can still gather telemetry. If you use open solutions, that telemetry can be aggregated into a connected security platform that manages and normalizes all that data, adding intelligence and automation while reducing clutter and alerts. Let's look at five key benefits a connected security platform can provide your organization.
1. A comprehensive and holistic perspective on threats
Have you ever seen one of those press conferences where fifty reporters are screaming at once? That's what threat alerts seem like to a SOC analyst , except it's happening all day, every day. With an average of 40 point solutions, threat alerts come through so often that it's very challenging to identify what's important and relevant to your business -- and what's noise.
What if, at the press conference, you had one hand up at a time? Similarly, what if all your incoming threat data was prioritized automatically, providing an organized and comprehensive view across your environments?
2. Substantially faster identification and remediation
With less noise, you can identify serious problems more quickly. The faster you can block, stabilize, and mitigate threats, the less damage they can do. If you can shorten the time attackers live in your systems, you can reduce the amount of data they can exfiltrate.
3. Intelligent evaluation of disparate data sets as a cohesive whole
The problem with data silos is they grow in isolation. Instead of revealing the big picture, you're operating the digital equivalent of the parable of the blind men and the elephant. With a connected security platform, all that data can be evaluated holistically. Not only can your IT professionals cross-check information from many different threat indicators, but you can deploy machine learning to analyze indicators in real-time. Rather than staring at opaque silos, you're able to identify clear insights, predict, and get ahead of impending threats. Having a unified reporting source (as opposed to collating reports from multiple point solutions) helps with compliance needs, as well.
4. Moving beyond infrastructure components
The benefit of deploying open data interchange between tools is that you can create data and insight mashups. Since you're no longer locking all your data in silos, it doesn't matter what system or solution generated the data.
That means you're not stuck working solely in the infrastructure or the security paradigm, but you can factor in signals from all the entities that produce indicator data. Once again, this can lead to more insights, faster action, and reduced liability.
5. Automation to reduce SecOps pressure and reaction time
Almost all point security solutions have some sort of automation. But those automations also exist in isolation, often conflicting or duplicating other automations. Once you aggregate threat data into a comprehensive, centralized platform, your automations can work across your entire network, using multiple inputs as triggers and validators. These aggregated automations can respond at computer speed, blocking and remediating common threats nearly instantaneously.
Even better, every task the automations can take off your team's shoulders is more time freed up to allocate human resources to issues that actually require the intervention of skilled professionals.
Connected security with IBM Cloud Pak
IBM Cloud Pak for Security aims to help you solve most of the security problems we've described. It provides a central, integrated, open platform for managing data security. A centralized and comprehensive interface enables you to view the entire environment, drill into point solutions, use data gathered from them, and aggregate data into new tasks and automations.
IBM Cloud Pak for Security is described as the security platform that, "connects all current and future security tools and aggregates the data that each generates, leading to deeper insights and enabling automated responses."
If your organization is like most, you have too much data to organize and sift through, you're missing incoming threats, and you're taking too long to respond to high-risk events. If your security teams are overwhelmed with events and notifications and if you have data scattered in fragmented silos and need visibility across your environment, IBM Cloud Pak for Security can help.
To learn more about IBM Cloud Pak for Security, please visit www.ibm.com/products/cloud-pak-for-security.