By Dana Mitchell, Director, Cybersecurity Solutions Group, Microsoft Canada
In the last 10-12 years the security vendor market has dramatically evolved. A decade ago, there were just a few firewall and IPS vendors, a couple identity & AV players, a handful of Security Information and Event Management (SIEM) leaders, and the market was largely made up of niche vendors, which were just starting to get acquired by organizations like CA, IBM, HPE and Symantec. Fast-forward to dozens of high-profile threat attacks later, a highly digitally-connected ecosystem and billions of dollars in investments, and we have a security vendor market in the hundreds and growing. Each of these large and small vendors are looking to both help customers in this evolving threat landscape, but also take a share of the cyber security budget, which globally is forecasted to be $170.4 billion in 2022. While this creates a great opportunity to solve problems, it also introduces challenges for organizations in how they manage these siloed technologies and the individual vendors that provide them.
Organizations now have an abundance of vendor options across each category. For the consumers of these capabilities, their choices across each category have also exploded even with vendors being acquired. Take the SIEM Market as an example. Ten years ago, there were just handful of options who were in a heated battle between RSA (who had just recovering from a phishing-attack of their own) , ArcSight (recently acquired by HP), Q1 Labs (whom in 2011 got acquired by IBM), and Splunk for the SIEM market. Today there are many of those same players, plus UEBA and SOAR vendors entering the SIEM space, and organizations like Microsoft introducing a cloud native SIEM/SOAR. As of 2020, Gartner has over 16 vendors in their Magic Quadrant for SIEM, demonstrating the volume of vendors in the ecosystem today versus 10 years ago. This is happening across every security vendor category, along with the added complexity of new categories being formed all the time to address new risk vectors by threat actors.
Remote work increases security concerns
Months into 2021, we are still heavily impacted by the pandemic. With it came COVID-themed attacks, remote work driving security necessity, nation states becoming more active and creative, all the while organizations are continuing to face an accelerated shortage of skilled security professionals (predicted to reach 3.5M globally in 2021). All these factors are driving more and distinctly different needs, but for many security teams, they are spending too much time being system integrators, piecing point tool solutions together. This stitching is taking time way from being able to investigate these merging threats and time crafting targeted responses. With 75 per cent of IT leaders expecting IT budgets to remain flat or decrease in the next 12 months (study by CIO), these same organizations are having to manage more with less budget, and often with fewer staff.
Bringing together these additional requirements, as well as the reductions in budget and staff, does not allow many organizations the ability to continue with the same methodology in conventional security tools. Since joining Microsoft just over a year ago, 85 per cent of the conversations I have had with CISOs in Canada touch on the benefits for their organizations on an integrated security platform and the impact this approach could have on shifting resources and impact to business requirements. Doug Howell, Director for IT for the Little Potato Company, recently reflected on the impact this integrated solution has had on their organization, “People are our greatest asset, so as much as possible, we want to keep our people as productive as possible with security that doesn’t get in our way.” Howell elaborates that “having a platform and tools that work well together make IT work efficient, allowing us to spend time on more activities that drive business value and impact.”
Integrated platform approaches have many benefits, including:
- Reduce risk with integration – A consolidated tool set can improve organizations’ security posture by reducing complexity, and reduce the gaps that patchwork can fail to cover the breadth of workloads, cloud and devices your organization runs on.
- Increased efficiencies – Integrated solution provides security teams more efficiencies to leverage automation & AI technologies, which is well suited to take on more repetitive tasks, such as noise monitoring and low-level event handling. This can reduce human time spent on chasing dead ends, and that by combining signals and automating response catches threats that would otherwise go unchecked. Add this to the incremental time gained from not having to spend time stitching tooling together, ultimately reducing response time and more quickly detecting and responding to threats.
- Cost Reduction – By eliminating the complexity of managing multiple disparate security solutions, also eliminates management of multiple disparate vendor relationships and contracts. Procurement can reduce costs by up to 60 per cent, in addition the costs savings of individuals’ time in both procurement and security teams managing, on average, 40 separate vendor relationships.
While organizations believe what they have works or that their walls are protected because they’ve piled point solution on top of point solution, we’d encourage IT teams and leaders to evaluate what’s really working for them, how their teams are spending their time and how they could optimize for transformation of work, which is happening as we speak. Microsoft offers several resources for organizations interested in evaluating internally the capabilities and financial benefits of integrated security platform solution.
To learn more about building a holistic security strategy, click here.