Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Protect assets from ransomware, trojans, rootkits and more.
Intelligence and visibility across AWS, O365, DevOps and more.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Originally posted on Security Boulevard on September 17, 2019
Remaining competitive means staying abreast of—and even ahead of—the latest technologies that empower business. As the network expands and creates new and greater vulnerabilities, organizations know they need to enhance their security posture. But the landscape has become so complex that it’s increasingly difficult to know which security solutions are necessary and appropriate. And that means many organizations end up buying technology that isn’t a good fit, wasting money and time but not improving their security. However, there are ways to determine which solutions or services are appropriate and will help keep the network safe.
A primary factor in this solution confusion is that vendors don’t always show all their cards. There’s a lack of transparency in the industry—and a lack of understanding about how many people, assets and resources a company really needs to realize a return on investment from many of today’s security technologies. Understaffed IT and security teams create more security risk than most companies realize.
Companies buy security technology and often fail to understand what it truly takes to effectively implement and operate that technology. This is the total cost of ownership (TCO), and for many security technologies, the TCO is higher than customers initially understand.
At the same time, cybercrime continues to grow in volume, variety and sophistication.
Hackers are increasingly well-funded and well-educated, and know all too well how to buy and sell the spoils of cybercrime on the black market. This leads to increasingly sophisticated threats from increasingly sophisticated threat actors.
The amount of budget an organization allocates to IT security does not automatically correlate with how successful they are at security, according to Gartner. A company may be spending the same amount as its peer group but may have different goals (e.g. regulatory compliance versus increased security) or have a different risk profile or risk tolerance. Gartner has found that security spending typically ranges from 1% to 13% of an organization’s total IT budget.
There are also so many security solutions to choose from that it can be difficult to select the right technology for your security strategy. In fact, studies have found that companies are using as many as 70 different security vendors and products as they struggle to determine how to achieve the healthy balance between security and functionality. But despite all of these tools being used, there are still gaps.
A problem all too common these days is shelfware—owning or licensing software that you don’t actually need or use. A study by Osterman Research found that 30% of businesses buying new security tools often end up under-using those technologies or stop using them altogether.
This can happen when an organization focuses on compliance over actual security and risk mitigation. Other times, it’s the result of failing to understand the true cost of implementing and using the technology they purchased. Another reason, as Osterman and Gartner research have shown, is the chronic shortage of skilled security personnel required to manage and operate this technology.
In short, some of these tools go unused because they ultimately were not suitable for the organization or lacked the personnel to make use of it. Companies must look deeper into what they need and what that will require.
The first step in creating a strategy that avoids the digital arms escalation is to truly understand the TCO of the technology you are assessing. Security solutions often get purchased based on features and capabilities, but that ignores the matter of staffing and training. Many of the options out there require more full-time employees dedicated to using them, which can drive up costs quickly—and that’s if you can find the employees with the right skill sets.
One in every three Security Operations Center (SOC) jobs is vacant, according to CyberSeek. Turnover is often a key reason for these vacancies. Retaining them often can be harder than hiring them initially. A talent gap is a seller’s market—skilled workers can command high salaries in this environment. Organizations need to include additional salaries into their cost analysis for a security solution.
It takes the right mix of people, intelligence and tools to build your own SOC. Ideally, it is an integrated solution that can withstand the test of time and scale quickly. Many that have tried will agree this is easier said than done. Chief information security officers (CISOs) across industries frequently bemoan the lack of time and budget needed to find the right candidates. Recruitment becomes their full-time job in some cases, and that can mean their real job—ensuring their organization’s security—falls by the wayside.
As well as hiring those hard-to-find personnel, here are the advanced security tools you would need to start building your own SOC today:
To staff a facility on a 24/7 basis requires a minimum of 10 to 12 people. Employees get sick, take holidays and sometimes resign unexpectedly, and to ensure you always have round-the-clock coverage, you need a lot of people.
However, just because you don’t have the full-time, dedicated staff needed for one solution doesn’t mean you’re out of luck. There are MSPs and other security solutions that can provide the tools you need while also supplying skilled individuals. Many MSPs have strong partnerships with SOCs, for instance. That’s far more affordable for many organizations than trying to establish a whole SOC themselves.
Many times, organizations go into a security buying decision with a “set it and forget it” approach. They buy a solution, check off the appropriate boxes and move on. Companies that fall into this trap will forever be racing to catch up as new threats arise and new solutions abound. And no matter how many tools you’re using, be it 10 or 70, none of it matters if detection and response isn’t a key element.
Today’s security solutions have a big job to do, and this often requires a bigger budget than initially assumed. It sometimes requires hiring more people with hard-to-find skills. Crunch the numbers to see if this solution will work for you or if it makes more sense to outsource. You don’t have to start from scratch if that isn’t the best approach for your organization.
Chris Braden is a veteran sales and channel executive, bringing over 20 years experience building, leading, and executing successful programs around the world. In his current role as the Vice President, Global Channels and Alliances, he is responsible for eSentire's global channel program, overseeing strategic partner recruitment, international expansion, and growth with current partners through an improved enablement program. He is a 2019 CRN Channel Chief recipient.