A lot of infosec professionals believe cybersecurity vendors torque the capabilities of their products, a new survey suggests.
Seventy-five per cent of respondents surveyed either agreed or strongly agreed when asked if they feel security technology vendors engage in too much hype and not enough substance, according to the survey done by the Enterprise Strategy Group and the Information Systems Security Association (ISSA).
Released Wednesday, the survey questioned 280 cybersecurity professionals around the world about their buying habits. Seventy-nine per cent came from the U.S. and Canada.
Among the findings:
• respondents said they want more industry co-operation and technology standards such as the MITRE ATT&CK framework for classifying tactics and techniques of attackers, OASIS, and the Open Cybersecurity Alliance, which develops standardized data interfaces for cybersecurity tools.
More than four out of five respondents agreed that open standards are a key requirement for future security technology interoperability. Additionally, more than three-quarters of respondents wanted to see more industry support for open standards;
• respondents said their organizations are actively consolidating security vendors and integrating technologies. They identified numerous problems associated with managing an assortment of security products from different vendors, including increased training requirements, difficulty getting a holistic picture of security, and the need for manual
intervention to fill the gaps between products.
As a result of these issues, says the report, nearly half of organizations are consolidating or plan on consolidating the number of vendors they do business with. Additionally, more than one-third believed their organizations would be willing to purchase most products from a single vendor, especially those who work at smaller organizations;
• respondents think of “platforms” as integrated, heterogeneous architectures based on open standards. When asked for their definition of a cybersecurity technology “platform,” two-thirds said it is an agreed-upon, standard, tightly integrated architecture provided by multiple vendors as an open suite of heterogeneous products;
• endpoint protection platforms have the highest adoption. More than half of respondents said their organizations have deployed an endpoint protection platform (EPP), typically combining next-generation antivirus (NGAV) and endpoint detection and response
(EDR). There was a much lower implementation of other platforms like extended detection and response (XDR), zero trust, cloud-native application protection (CNAPP), and secure access service edge (SASE);
• responses suggest SIEM (security information event management) and SOAR (security orchestration automation and response) are a foundation for platform adoption. Organizations are preparing for broader security platform use by centralizing security data on SIEM systems and bridging different technologies with SOAR-based workflows, says the report. This data indicates that SIEM and SOAR are, and will continue to be, security operations hubs, it adds.
Security technology complexity, limited efficacy of existing products and the global cybersecurity skills shortage are pushing IT leaders to consolidate security vendors, integrate technologies and openly consider security platforms instead of best-of-breed point tools, the report concludes.
It recommends infosec leaders
• push vendors toward industry standards. While there are a few established security standards “most vendors pay little more than lip service to many of these efforts,” says the report. “This lukewarm behavior would change quickly, however, if large companies pushed their security vendors toward more cooperation and industry standards adoption. Standard data formats, APIs, transport protocols, and messaging, it says, would go a long way toward easing the integration burden, which security professionals desire.
• hire or establish a cybersecurity architect role. Defining needs, assessing the current technology stack, and adopting an end-to-end security architecture will require extensive skills and experience across a range of security tools;
• establish best practices for vendor qualification. As organizations buy more security technology from fewer vendors, the report says, they should develop a more comprehensive process for all security technology procurement. This should include a list of vendor security process requirements (i.e., a secure development lifecycle, third-party risk management, security training for developers, cyber-supply chain security best practices, etc.) along with processes for continuous vendor security auditing;
• develop a three-year strategy for security technology integration. A security technology architecture may take years to establish as security teams replace point tools, consolidate vendors and integrate technologies, says the report. This process should start with a solid three-year plan that details the current security stack/architecture, defines gaps, and specifies project phases for addressing weaknesses. It’s also important to create metrics to measure benefits as independent tools begin to interoperate (i.e., MTTD, MTTC, MTTR, etc.).
Finally, the report says CISOs should communicate the three-year plan in business terms to executives and corporate boards to help them measure security efficacy/efficiency improvements and project ROI.