SecOps ‘23: Security Integration Can Reduce Complexity 

It’s not uncommon for today’s organizations to use dozens of security tools. This is difficult for stretched-thin security teams to manage. An even bigger issue is that this proliferation of disparate applications can lead to security silos that don’t share information. This leaves organizations with a fragmented view of the cybersecurity threats they face, and it makes responding to those threats in a timely and coordinated manner even more challenging.

Naturally, organizations are looking to reduce the number of security tools they must manage. As they explore their options, they would also be wise to consider cybersecurity integration. Investing in tools that have been purpose-built to work together, now and in the future, can increase visibility into security threats and allow for more orchestrated and efficient mitigation.

The challenges that today’s security operations teams face, from threat response and performance optimization to burnout and talent retention, were a focus of Mimecast's SecOps Virtual 2023 event. This post looks at the role cybersecurity integration can play in addressing these challenges and removing some of the complexity from security operations. 

Organizations Use Dozens of Security Tools

The average large organization is managing 76 different security tools, according to a late 2021 poll of enterprise-level IT security leaders. This figure increased nearly 20% in just two years as organizations shifted to remote work and increased adoption of cloud-based services.[1] 

Managing dozens of point solutions is a tall order under normal circumstances. It can be difficult to keep up with product updates and contract renewals – and it’s even harder to get a holistic picture of the cybersecurity threats an organization faces. The current environment of short-staffed cybersecurity teams that are feeling the pains of burnout and facing budgetary uncertainty has organizations looking for ways to get more from their security technology. 

Security Vendor Consolidation On the Rise 

One obvious step forward is to reduce the reliance on point solutions in the first place. In its recent Planning Guide 2023: Security & Risk, for example, Forrester suggested that organizations invest less — or nothing at all — in standalone tools for data loss prevention, user behavior analytics, and network security.[2]

Organizations worldwide increasingly see the benefits of using fewer tools. According to Gartner, 75% of organizations consolidated the number of security vendors they worked with in 2022, with 57% of organizations getting down to less than 10 vendors. That represented a significant uptick in such activity from 2020, when only 29% were consolidating. Reduced spending on software licensing, which often motivates these initiatives, was a priority for just 29% of organizations. The greater benefit was improved security risk posture, which 65% of organizations anticipated.[3]

Cybersecurity Integration Enables Tools to Cooperate

Reducing the number of products and vendors in day-to-day use can be an important step to easing security complexity and improving an organization’s security posture. At the same time, organizations must recognize that no single security solution will stop every cybersecurity threat they face. They’ll still need some best-of-breed solutions to meet different needs.

Having several tools is better than having several dozen tools, but organizations should be careful. If the tools that remain in place continue to operate in silos, the same old problems will persist. If tools can’t share data, security teams still have to look in several places to get a complete picture of threats – and all too often they must compile data and create reports manually.

That’s where cybersecurity integration enters the picture. As the term implies, this is a strategy that centers on investing in cybersecurity tools that easily integrate with products that are already in place as well as those that may be acquired in the future. 

Gartner’s term for the concept is cybersecurity mesh, and their definition emphasizes a centralized data plane “to achieve more effective collaboration between tools.” Security improves across the organization thanks to “enhanced capabilities for detection, more efficient responses, consistent policy, posture and playbook management and more adaptive and granular access control.”[4]

How Organizations Benefit from Cybersecurity Integration

As with vendor consolidation, cybersecurity integration is at the forefront of security strategy. The Mimecast whitepaper Threat Intelligence: Critical in the Fight Against Cyber Attacks, But Tough to Master found that 59% of U.S.-based organizations said integrating data from a range of threat detection systems (including security information and event management, endpoint detection and response, and firewalls) was part of their organization’s strategy while another 28% said they were planning to add data integration in the future. Other top priorities, including improved information sharing and adoption of a threat intelligence platform, also align with a broader embrace of cybersecurity integration.

Given these plans, organizations increasingly expect vendors to support their cybersecurity integration efforts. Preliminary findings from the Mimecast State of Email Security (SOES) 2023 Report show that 81% of organizations are more likely to work with a cybersecurity vendor if it has an open application programming interface (API) platform that allows for easy integration with other tools in their cybersecurity ecosystem. 

A key reason for this preference, according to the SOES report, is efficiency. Organizations leveraging open APIs reported average efficiency improvements of 25%, with threat detection, task automation, and threat intelligence seeing the greatest gains. Other benefits of cybersecurity integration include the following: 

• Multiple Layers of Infrastructure in One Stack: A mesh architecture, for example, brings together four key elements of security infrastructure: threat analysis, identity management, policy creation, and reporting.
• Greater Security Insights: Integrated tools offer a 360-degree view of the security landscape, making it easier to close security gaps them before an incident occurs.
• Orchestrated Threat Remediation: If an incident is detected, security teams can move in coordinated steps to remediate the risk instead of responding in piecemeal fashion.

Mimecast understands the value of cybersecurity integration. That’s why the company has partnered with Netskope and CrowdStrike to deliver a Triple Play that takes an integrated approach to provide organizations with better cybersecurity intelligence and improved automation for threat detection and response. 

The Bottom Line 

Cybersecurity integration is an increasingly valuable strategy for organizations looking to cut down on the number of security tools they use and centralize security management on a platform that brings best-of-breed solutions together. Visit Mimecast SecOps Virtual 2023 event page to learn more and view recorded sessions from the event.

[1] “Organizations Now Have 76 Security Tools to Manage,” Infosecurity Magazine 

[2] “Planning Guide 2023: Security & Risk,” Forrester

[3] “Gartner Survey Shows 75% of Organizations Are Pursuing Security Vendor Consolidation in 2022,” Gartner

[4] “Gartner Glossary: Cybersecurity Mesh,” Gartner