A new report by Forrester Research makes the point that speed, proactivity, and collaboration are key elements of cybersecurity, enabling a cohesive attack surface defense. But they must be supported by automation and security system unification.
On the other side of the coin, those failing to organize a collective defense experience financial and security repercussions.
Security leaders, therefore, must address any lack of unification, slow access to data, and functional silos. Otherwise, threat responses may be either too slow, or fail altogether.
Data Access Thwarts Defense Efforts
Forrester reported these findings from a survey of more than 300 cross-industry security leaders. The survey found data access often thwarted efforts at defense and remediation, that security personnel are primarily responding to incidents (rather than taking proactive steps to prevent them), and that information silos remain the norm.
Some of the report’s key findings:
- 24% of respondents report unfettered access to all threat intelligence/indicators of compromise (IOCs), security operations data, incident response artifacts, and vulnerability data
- 71% said direct access to these systems is a struggle
- 64% report that sharing cyber threat intelligence between their security operations center (SOC), incident response, and threat intelligence teams is limited
- 41% rely on other teams to access incident response artifacts and security operations data, and that collaboration is a challenge
- Security monitoring is implemented by 86%
- Incident response is implemented by 40%
- Cross-team collaboration is a strain for 55%
- 47% struggle with data silos in the cybersecurity team
- Slow response to cyberthreats is faced by 60%
- 51% have high mitigation costs and/or increased spending
- Security orchestration, automation, and response (SOAR) technologies are of interest to 83%
- 28% plan to implement SOAR solutions this year
Read more on eWeek: Five Levels of Response Automation for Corporate Cybersecurity
Incident Response Woes
The survey noted that improved threat detection and incident response was ranked highest as an organizational cybersecurity objective for the next 12 months, followed by automation of security processes and unification efforts.
Unfortunately, the bulk of the firms surveyed said implementation of more advanced threat management toolsets and functions is lagging. This is one of the factors crippling efforts to address increasingly dynamic attack surfaces.
Instead of fighting the bad guys, it can appear that individual teams within the organization are waging turf wars.
The underlying issue, then is that organizations not only use disparate security tools that don’t interoperate well — they also have disconnected processes and teams. Collaboration desperately needs to improve to remove friction from day-to-day tasks. Instead of fighting the bad guys, it can appear that individual teams within the organization are waging turf wars.
This dates back to the old days when storage, development, applications, compute, networking, database, and security were completely separate teams, often operating at cross purposes.
These days, team specialization is less pronounced, but rivalries can still get in the way. And existing processes sometimes inhibit closer cooperation. All of this hinders the improvement of threat detection and incident response.
Read more: Best Threat Intelligence Feeds of 2021
A Lack of Synergy Between Security Tools and IT
Efforts at automation sometimes run afoul of the cultural and process tangles that may exist in some organizations.
That is likely one of the reasons why 60% of security leaders indicate they struggle to automate incident response playbooks and to engage in cross-industry threat intelligence sharing. Similarly, 53% found it challenging to orchestrate security tool output.
As attack surfaces grow and gain dimension across the market, organizations must have a coordinated and collective defense.
“The bottom line is that lack of synergy between security tools and teams within IT has a negative impact on the use of time and resources,” said Sophie Baboin, an analyst at Forrester.
“As attack surfaces grow and gain dimension across the market, organizations must have a coordinated and collective defense,” said Baboin. “Grave business impacts loom if data access obstacles — including the fixation on both incident response and silos — are allowed to persevere.”
Forrester recommends that organizations consider the implementation of SOAR, carving a pathway toward a unified security platform, and stronger usage of threat intelligence.