How many security vendors do you have in your environment? 10? 25? 50? Are you finding this number manageable, or is it difficult to monitor and maintain solutions from so many different companies? And what about security alerts? Are you able to investigate all the alerts you’re receiving, or are there just too many to address?
If you’re like many other organizations today, you’re getting inundated with alerts, have too many interfaces to pay attention to, and therefore wish to secure your environment with fewer products and vendors. According to the below figure from our 2020 CISO Benchmark Report, in 2017, 50% of organizations were receiving 5,000 or fewer daily security alerts. Now, only 36% of organizations fall into this category. And the amount of organizations that receive 100,000 or more daily alerts has grown from 11% in 2017 to 17% in 2020 – an albeit small, but still troubling rise. This number should be going down, not up.
Not surprisingly, 81% of respondents in our survey said they find managing a multi-vendor environment to be challenging. And 28% find it ‘very challenging.’
Does any of this sound familiar? Are you struggling to manage a constant deluge of security alerts from multiple products? Are you spending more time being reactive than proactive when it comes to security?
What if instead of stringing various security solutions together, they were all intertwined into a single, unified platform? What if instead of resembling a pile of tangled up shoelaces, your security infrastructure looked more like an intricately woven spider web? A spider web whose various threads connect and work together as a system to efficiently catch prey (aka attackers).
Webs enable a spider to catch prey more effortlessly, without having to chase it down. This serves as a great metaphor for what we’re trying to do with Cisco SecureX. Recently launched at our Cisco Live digital event, Cisco SecureX is a platform designed to help security teams more holistically combat threats while saving time.
Cisco SecureX provides integration between our security portfolio, third-party offerings, and customers’ core infrastructure to dramatically streamline protection. The integrated approach strengthens defenses by fostering automation and reducing the need to manually toggle between various security technologies to figure out what’s going on. Cisco SecureX delivers pervasive visibility across the enterprise to allow for faster threat detection and mitigation, simplified workflows, and better collaboration – without you first having to untangle a pile of mismatched shoelaces.
Embedded and included with all of our security products, Cisco SecureX is not a new offering that you have to buy. Instead, it unites your existing security stack to make each product work better as they share intelligence and automate remediation. And, it provides one view into these products from a single interface to make things clearer and minimize complexity, thus freeing up time for your team to better understand and utilize each of your security products. That way, you can finally get the full benefits from your investments.
With Cisco SecureX, we are responding to our customers’ challenges of having too many alerts and products to manage, and a subsequent desire for simplification. Through our CISO Benchmark Report, we see that the trend of reducing the number of security vendors within the enterprise environment is growing. Today, 86% of organizations are using between 1 and 20 security vendors, and only 13% are using over 20. According to the below chart, organizations continue to use fewer vendors each year.
The Cisco SecureX platform provides broad coverage across your entire network and all threat vectors. It can help reduce redundancies among your security infrastructure and decrease the need to continuously add new vendors and products to the mix. Instead, the open, scalable platform can enable you to simply add new functionality as it becomes available or as new threats arise.
This new approach couldn’t come at a better time, as 42% of respondents in our CISO Benchmark survey say they are suffering from cyber fatigue (defined as virtually giving up on proactively defending against malicious actors). Of those suffering, 93% receive more than 5,000 alerts every day, indicating that complexity appears to be one of the main causes of security burnout.
In fact, our data shows that due to a lack of time and resources, today’s organizations are only able to remediate 50% of legitimate security threats. Think about that. Fifty percent! That’s not a great number.
Here are some better numbers:
All of this leads to stronger, less complicated security.
According to Steve Martino, Cisco’s own CISO, “I need visibility to help my team understand what’s happening in our environment, whether it’s on prem, in the cloud, or wherever it is. If I have to do it through 20 or more vendors, I’m never going to get that visibility across all of it.” Providing that visibility, and more systematic security, is exactly what Cisco has set out to do.
Well, that depends on your environment. Are you operating more like the spider, using your web to catch prey with ease, or are you struggling to stay on top of alerts and visualize what’s going on in your network? If it’s the latter scenario, you may have too many vendors – and it may be time to look into a platform approach instead.
This post is part of a series covering topics and data from our 2020 CISO Benchmark Report. Read previous blog posts here!
The post When it comes to security, how many vendors is too many? appeared first on Cisco Blogs.