Intelligent CISO Issue 57 - Page 33

PREDICTIVE INTELLIGENCE

10 elements of security consolidation that allow us to do more in the ‘ less is more ’ era

Hadi Jaafarawi , Managing Director – Middle East , Qualys , discusses the 10 key elements of a robust ‘ platformisation ’ approach to cybersecurity so that we can do more with less . ess is more . We all

L instinctively grasp the wisdom in the adage , but we don ’ t all live by it . According to IBM , the average enterprise has more than 45 security tools deployed to monitor and protect its stack and once an organisation reaches 50 security tools , it begins to encounter a deterioration in its defence capabilities .

And so , as the regional threat landscape continues to heat up and new business dynamics such as hybrid work and DevOps emerge , the less-is-more logic leads us to an inevitable conclusion . We must consolidate our security systems into cloud-native , single-pane suites – for manageability , for uniformity in our operations , for quicker response times and for scalability . And there is an added advantage to cloud-based security solutions – because they offer all traditional tools on a single console ,
Hadi Jaafarawi , Managing Director – Middle East , Qualys
CISOs ( and their teams of threat hunters and analysts ) reduce their dependency on multiple vendors and reduce costs in the process .
In pursuit of the ideal security environment in which we minimise the incidence of false positives and reduce alert fatigue , ‘ platformisation ’ and a consolidated set of cloud tools allow us to build a capabilities arsenal that can return confidence to stakeholders . A comprehensive suite has 10 main elements .
1 . Cybersecurity asset management ( CSAM )
You cannot protect what you cannot see . Gaining broad and deep visibility of every asset in today ’ s hybrid digital estates presents a considerable challenge . Monitoring tools must be able to probe on-prem and cloud-based devices and applications in real time .
Complexity increases in an ICS environment , where asset-monitoring tools from both the IT and OT sides must work together seamlessly . Cybersecurity asset management ( CSAM ) combines endpoint protection , vulnerability management , cloud security , incident response , continuous controls monitoring and security policy enforcement .
2 . Threat and vulnerability management ( TVM )
Threat and vulnerability management identifies and fixes the security gaps that would otherwise often go undetected .
New vulnerabilities are reported almost daily , which places an enormous burden on security and IT teams .
Effective vulnerability management combines patch management , vulnerability scanning and risk assessment , with some more advanced solutions including vulnerability management , detection and response .
3 . Patch management ( PM )
Patches go beyond security vulnerabilities . They also fix bugs and performance issues . Comprehensive patch management will track each new release of an app , but hybrid environments expand the number of endpoints and make it difficult for teams to prioritise patching . Cloudbased , consolidated , automated patchmanagement platforms overcome such issues and prevent exposing data to malware and ransomware attacks .
4 . Endpoint detection and response ( EDR )
Because of the proliferation of remote workers , we now have more endpoints than ever before . This is a fundamental concern facing the region ’ s security professionals . EDR combines real-time data analysis and monitoring of endpoints with heuristic , automated response .
Cybersecurity vendors now offer new EDR that is designed to reduce the incidence of false positives and prevent lateral movement . Multi-vector endpoint protection brings together multiple layers www . intelligentciso . com
33