Wire data logs, NDR and EDR form the triad of complete network visibility that may obviate the need for cybersecurity overspend.
Business leaders around the world often have the misconception that, as their organization grows, they need to invest in more security solutions.
However, the question is, should the quest to remain immune to cybercrime result in enterprises spending increasing sums on a burgeoning array of cybersecurity products?
Globally, Gartner had predicted that spending on information security would hit US$123.8bn in 2020. In the Asia Pacific region, investments in security hardware, software and services were projected by IDC to reach US$16.4bn, representing a 20% on 2018’s spend, according to.
However, is all that outlay actually making organizations safer? Or is it merely creating overlaid and disjointed lines of defense that are complex and costly to maintain, and increasingly ineffective in a cloud-powered, digital business landscape?
Diminishing returns on cyberspend
Some innovators in the cybersecurity sphere think so. They had recently turned their attention to developing a protection model that could fulfil the requirements of the modern enterprise and reduce the need to have specialist personnel on the ground racing to respond to an unrelenting influx of threats.
Businesses are prioritizing the implementation of more effective cyber protection. While cybersecurity has historically been regarded as an ICT issue, the existential danger a cyber incident can now pose is not lost on those at the top. Many business leaders are now coming to realize that the challenge is not about whether they would be targeted, but when they would fall prey to cyber criminals.
To that end, Gartner’s Security Operations Centre Visibility Triad model is focused on the use of something today’s organizations already have in plentiful supply: data. The firm asserts that cybersecurity can be enhanced by harnessing the intelligence collected by network traffic analysis; security incident and event management software; and endpoint detection and response solutions.
According to this model, while a strong perimeter is still needed to keep low-level intruders out, organizations need to move inside to look at what is taking place inside the east-west corridor. With the right intelligence and a rapid response center, teams will be able to detect and neutralize threats taking place inside the network before critical assets are damaged.
Complete visibility is the aim
The Visibility Triad model notes that the key challenges faced by security and risk leaders this year include the complex geopolitical situation and increasing global regulations. Not only that, businesses have had to cope with challenges such as ransomware and business email compromise due to the migration of workspaces and workloads off traditional networks; an explosion in endpoint diversity and locations; and a shifting attack environment.
Complete visibility into all network communications is the ultimate aim, as far as Gartner’s model goes. Businesses will be able to closely monitor traffic passing through the network and IT teams will be able to scan for bottlenecks in performance.
To prevent IT teams from having a full picture of what is taking place, cybercriminals can turn off log data. However, wire data, which provides insights into communications on the network, delivers visibility so that rules, signature and behavioral detection tools (powered by machine learning, coupled with automated investigation and response systems) can be used to shut down emerging attacks quickly.
All said, rapid detection, response and remediation using wire data represent the most pragmatic and workable way forward, as far as Gartner’s model is concerned.
Smarter security for the 2020s
Cybersecurity incidents are not decreasing, and the fall-out has become ever more serious.
Enterprises that do not have measures in place to detect and mitigate threats to their critical systems and the sensitive company and personal data in their keeping must look to wire data to uncover suspicious activity before it causes damage.
To mitigate risk, a robust, coordinated cybersecurity strategy that addresses the vulnerabilities and challenges thrown up by the digital era is essential. Before adding a new tool to the environment, businesses need to pause and think: is the organization analyzing all the data that traverses the network? The answer may be a surprise.