Source: heimdalsecurity.com – Author: Livia Gyongyoși
Most organizations today use dozens – or even hundreds – of cybersecurity tools. In theory, that’s a good thing. There are hundreds of types of threats out there, so using specialized point solutions to address them individually makes a lot of sense.
But the drawback of all these point solutions is that they tend to create cybersecurity silos.
In this article, you will learn:
- What cybersecurity silos are and why they happen
- The risks and dangers of cybersecurity silos
- How cybercriminals can exploit the gaps between point solutions
- How a unified, platform approach to security counteracts silos
What is a cybersecurity silo?
A ‘cybersecurity silo’ describes a situation where organizations use multiple security tools from different vendors that don’t ‘speak’ to each other. Each of these tools monitors for various kinds of threats and creates alerts around them differently. Furthermore, different employees are responsible for operating each tool.
This means that information, decision-making, and actions become siloed. Individuals or teams only see information coming in from the tools they monitor. Thus, they may miss the ‘bigger picture’ of the organization’s security posture.
A real issue for businesses
One of our biggest challenges has been the number of different vendors we have to engage with and making sure their various security products and agents don’t clash. Some of our clients were using one antivirus product, a different ransomware protection tool, a patch management solution, and another different email security product
Source – Jon Stanton, Director of MSP 4Cambridge.
Cybersecurity silo example
To demonstrate, let’s spell out a simple example of how cybersecurity silos ‘happen’.
ABC Inc., is a (fictional) financial services business that has grown rapidly in the past 12 months, doubling in size from 50 to 100 employees. Like most modern businesses, many of their employees follow a hybrid working pattern.
As the company has grown, the IT department has invested in a range of security tools to manage new or growing threats. Because ABC Inc. works in a regulated sector (finance) they’ve decided to buy a ransomware encryption protection tool. As the company was getting bigger, they bought a remote desktop support tool. They’ve also bought an endpoint detection tool to manage remote work threats.
A different IT employee manages each tool, and they have each spent a lot of time mastering the tools they operate. They spend much of their time using these tools and helping end users. But while the solutions are good, cybersecurity silos are inevitably starting to emerge. Employees don’t know or understand what their colleagues are doing in their respective point solutions.
The trouble with cybersecurity silos
We have a super siloed group of veteran admins all tending their corners of the garden and the result is a complete lack of any overarching visibility into the network
Source – Reddit
Silos are perfectly normal. As organizations grow and do more things, people specialize. It’s inevitable that employees focus more on using certain tools or doing certain tasks. This isn’t necessarily a bad thing. It just means people do their jobs more efficiently.
But when it comes to defending critical infrastructure, this tendency to ‘silo-ization’ does create problems.
Inability to see the ‘bigger picture’
When everyone focuses only on investigating alerts in ‘their’ tools, the IT team might fail to spot breaches that are simultaneously affecting different areas of the network or moving between them. It gets hard to know what’s going on with the system from a security perspective.
Distraction and prioritization
When people are using multiple tools, they can get distracted by endless alerts and messages from each of them. Knowing which alerts are important and which are low risk can be challenging.
Practicality
One answer to alert overload is to use an SIEM solution. It collates alerts from multiple security tools. That’s fine in theory, but you still need to log in and out of various systems and investigate. It’s time-consuming and not very practical.
Learning curve
Using point solutions from multiple security vendors means you’ll go through a learning curve for each. Training to use, configuring, and operating each tool takes time.
Ownership
People tend to feel a sense of ownership or even ‘territorialism’ over certain tools and processes, once they specialize. This means some may choose not to share information with others.
Over-reliance on individual knowledge
As you begin using more tools, individual employees will focus on their own cybersecurity silo. So, what happens when your antivirus specialist, email security expert, or PAM person is on vacation? If no one else knows how to use their tools, it becomes much harder to address threats.
Related: The risks of having too many security point solutions
Criminals will exploit a cybersecurity silo
The biggest danger of having cybersecurity silos is that criminals will exploit them. You can have dozens of tools defending your network. However, if people don’t share information or ‘join the dots’ between alerts, they might miss the breach.
Here’s how it could happen, with a very simple example:
A gang of cybercriminals is targeting your organization with a phishing campaign. Unfortunately, one employee has opened a link in a phishing email. They got to a fake organizational login page where they divulged their login details. Once the criminals get those credentials, they log in and start downloading files from your organization’s file share.
In theory, you have the tools to prevent this breach. Your email defense system should have raised an alert about a rise in emails containing malicious links. Your privileged access management tool should have flagged the unusual login location. Other tools should have noticed the massive downloading of files. But, because of cybersecurity silos, you miss the breach.
The IT employee in charge of your email security tool is overwhelmed with alerts about phishing emails. He hasn’t yet seen the alert showing that one employee has clicked on a link. Meanwhile, the employee who’s responsible for your PAM software is in meetings all day. So, doesn’t see the alert about the unusual data download.
Addressing the cybersecurity silo problem
If you have invested in multiple point solutions to manage cybersecurity risks, how can you manage the emergence of cybersecurity silos? Here are some steps to consider:
Training to tackle over-specialization
If you use many tools from multiple vendors, everyone can’t be an expert on every point solution. However, you can manage this risk by regularly training people to use other tools. You could do this through formal training or informal shadowing (i.e. one day per week/fortnight/month they work with tools they’re less specialized in).
Rotation
A more radical approach is to rotate employees, so they never spend more than a few weeks using one cybersecurity tool. This reduces the risk of over-specialization. The downside is that people will be less efficient or expert at using individual tools.
Document it
Encourage employees who master using certain cybersecurity tools or processes to document their work. If they are on vacation or leave the business, you will at least be able to understand how they used that tool. Of course, this is a redundant and highly time-consuming task. You might want your team to focus on preventing threats rather than writing reports.
Facetime
An important way to break down any kind of silo and territorialism is to organize regular face-to-face meetings between teams. Talking about trends and issues can help with information sharing.
End silos with a unified cybersecurity platform
The more you unify your security, the less time you will spend, the less cost you will need for teams
Source – Andrei Hinodache, Heimdal Cybersecurity Expert
At Heimdal, we believe that using a unified cybersecurity platform is the most effective way of breaking down information silos in cybersecurity. Yes, there are ways to tackle silos if you are already using dozens of point solutions. But shifting to a unified platform is far more effective.
A cybersecurity platform is where all the security point solutions you need are accessed from a single, central dashboard. With Heimdal’s award-winning Unified Security Platform you get a complete suite of 20+ cybersecurity point solutions that work seamlessly and in sync.
Alerts from all these different tools come together in one, centralized dashboard that everyone on your security team can see. And if you need highly specialized point solutions from third-party vendors, they can also ‘plug in’ to the platform.
Case study: 4Cambridge breaks down silos
UK-managed service provider 4Cambridge was using cybersecurity tools from numerous vendors. With Heimdal’s XDR solution, they’ve now managed to close down silos and improve security for their clients. Read the case study.
How a platform approach crushes cybersecurity silos
This platform model breaks down cybersecurity silos in a number of ways:
Single source of truth
All your security teams can view a centralized dashboard that shows incoming alerts from all your different point solutions. This means everyone sees the ‘bigger picture’ and can understand their colleagues’ issues or concerns.
Reduce the learning curve
Training to use one platform from one provider gets you over only one learning curve. Learning to use different point solutions takes more effort. Even if one employee doesn’t usually use, for example, your patch management tool, using tech from the same provider will make it easier for him to learn.
Faster, more efficient investigations
Accessing multiple tools from one dashboard speeds up investigating possible breaches. Rather than having to log into several different point solutions from different vendors, using a platform means everything is just a couple of clicks away.
And of course, the benefits extend further. Subscribing to a single platform is more cost-effective than getting dozens of point solutions. You’re also less reliant on individual expertise. Automation across tooling speeds up processes. And your security posture will be more consistent.
Dig deeper: Why MSPs are moving to the cybersecurity platform model
Time to address cybersecurity silos?
It is almost inevitable that cybersecurity silos will start to emerge as you use more tools and your organization grows. Specialization isn’t necessarily a problem – as long as it’s managed.
And this is why a unified cybersecurity platform is so valuable. It allows individuals or teams to focus on the tools or processes they know best, while still allowing everyone to see the bigger picture. By bringing all your tools into one place, you avoid the worst effects of silos, while still having access to many powerful point solutions.
Want to see how it works? Get your demo of Heimdal’s unified cybersecurity platform today.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia’s goal is to keep others informed about best practices and solutions that help avoid cyberattacks.
Original Post URL: https://heimdalsecurity.com/blog/cybersecurity-silos/
Category & Tags: Endpoint security,Industry trends – Endpoint security,Industry trends
Views: 2