Information Security has always been a tough job. All defenses have cracks and attackers know more about you than you do about them. Everyone recognizes the challenge is increasing each year. There are three trends driving this situation and causing information security professionals to feel like they have less control than ever before:
- A rapidly expanding attack surface to defend
- The continued rise in both attack volume and sophistication
- The growing number of installed information security security tools that create data silos and increased reliance on vendors
The IKANOW team recently analyzed this situation and have published our findings in the release of a new white paper available today: Take Back Control of Your Information Security. It includes references to a dozen different research reports and can help information security teams better characterize the scope and nature of the problem to their colleagues and senior executives. There is also a discussion about how information security analytics fit into this new environment.
What’s New is How These Trends Combine
The first two trends have been discussed separately in many settings, but we are aware of no analysis which ties these three forces into a single thesis about the state of information security today. In particular, the trend about security tool expansion and risk of vendor lock-in is only now being recognized. A CSO article in January reported that most enterprises have over 60 cybersecurity tools in use. An IBM presentation from 2013 put that number at 85 tools from 45 vendors. Both numbers are larger than most information security leaders would estimate.
Any one of these factors alone is reason for concern. However, the combination of these trends makes it hard for information security professionals to catch their breath, much less get ahead of the problems. The trends are also driving the growing emphasis on detection and response capabilities given the unlikelihood of prevention efforts delivering 100% success. The rapidly growing number of tools would seem to help this situation. However, we have heard the frustrations of information security leaders that more tools mean more complexity, more staffing requirements and more vendor lock-in.
We hope the white paper proves to be a useful resource and welcome your feedback. Download by clicking the button below and please take 60 seconds to participate in our seven-question survey of infosec sentiment.