Over the last five years, organizations have been increasing their security spend, while the average time to detect a breach has increased. Similarly, in working with organizations, our teams have not found any correlation between increased maturity of cybersecurity programs with deeper adoption of leading cybersecurity frameworks and the time it took to breach an organization.
Today, 90% of data breaches begin with a phishing attack. According to a recent presentation by Microsoft’s Vasu Jakkal at the 2022 RSA conference, on average, it takes an attacker 1 hour and 42 minutes from the moment a user clicks on a phishing email to access private data within an organization’s network. We also know that the methods used five years ago to compromise an organization are still used today to compromise a client’s environment. These techniques go after known access, hardening and configuration weaknesses. Protiviti’s Attack and Pen testing team reports that over 70% of year one pen test clients also did not see the attack occurring.
So why are organizations still not able to detect and prevent cybersecurity breaches, even with increased security budgets and new tools? The answer is that cybersecurity attacks are still and frequently attributed to conflicting business and employee experience priorities. This is resulting in lower security standards or controls and misaligned security tools often creating blind spots and false sense of security in the environment.
Integrated solutions enhance the efficiency and effectiveness of the cybersecurity professional
A common approach to meet these challenges is to implement additional point solutions, increasing the spend and headcount of cyber security teams. Lack of comprehensive cybersecurity products, albeit best in class, resulted in medium-size organizations having, on average, 55 different security applications and tools to combat security threats. That is 55 different cybersecurity point solutions that need to be integrated for an organization to not only have a true picture of its threat landscape but to also protect that landscape from security threats.
With so many tools, cybersecurity teams are often resource-constrained, struggle with integration, causing blind spots and fragmented visibility of the organization’s environment and resulting in slower (or missed) detection and response to security attacks.
Security solutions integrated by design
To appreciate the benefits of a consolidated security stack, imagine an enterprise resource planning (ERP) – but for security. Rather than directing limited resources on integration and maintenance of security products, organizations now can focus on proactive cyber-attack detection, mitigation and timely response.
Microsoft has invested heavily in integrating its security suite over the years and has become a market leader. Microsoft’s security suite is a sole solution that requires little customization while delivering near-real-time visibility a “single pane of glass” along with normalized threat intelligence and native security automation and response.
Organizations can take a gradual approach to adopting Microsoft security tools, but the ultimate benefit comes from deploying all Microsoft security product families to achieve interoperability and unified vision of the environment.
What is the next best step?
With pressure to add more value – and function optimally even with unfilled positions – security leaders are forced to uncover new efficiencies. Reassessing an organization’s security architecture and supporting technology is an important way to gain efficiency and prevail over the constant advances of bad actors.
Leaders can start by asking themselves:
- Are point solutions in the current security technology portfolio operating well together?
- Are security operations teams supported by technology that provides a consolidated view of metrics and data from across the security stack?
- Are there point solutions in the environment that duplicate Microsoft functionality the business already owns?
Organizations should consider the benefits of an end-to-end security suite, and the potential it holds to support more efficient security operations. Further, they should assess how efficiencies that come with an integrated security stack can improve their organization’s security posture by providing their security teams with a single pane of glass view of cybersecurity threats enabling immediate visibility and response to security threats. As a reminder, we now have less than two hours to respond!