Oren is CPO and Co-Founder of Veriti, a consolidated security platform that maximizes the value of existing security stacks.
There’s an overarching misconception among many organizations that if they are currently investing in a plethora of security tools, their enterprise environment is protected. Unfortunately, it’s not always that simple.
Having a variety of security tools means an increase in data and security alerts, which can cause alert fatigue and make it difficult to keep up in the fast-paced, ever-evolving threat landscape. The harsh reality is that more tools can lead to complex, dispersed and siloed environments. Not having the visibility or awareness of all of these tools can leave your security team in disarray and lead to misconfigurations. As defined by NIST, misconfigurations are “incorrect or suboptimal configurations of an information system or system component that may lead to vulnerabilities.” They can pose an immediate threat to an organization and can quickly escalate if not handled properly, hence their recognition as one of the top 10 web application security risks.
During Gartner’s recent Security & Risk Management Summit 2023, the leading analyst firm predicted that from now until 2028, 60% of security incidents will be traced to misconfigured security controls. With an organization’s continuously changing threat landscape, security controls also have to adjust accordingly. All of this can lead to security teams feeling overwhelmed by constant alerts, and not having time to look at each and every setting or adjust tools as needed when there are changes to the environment. Monitoring for these misconfigurations can be time-consuming, and teams are forced to rely on vendor default settings—and those pose their own set of issues.
Default Settings Mean More False Positives!
A lot of the time, security teams don’t have a choice but to rely on vendor default configurations. This results in a potentially inadequate security posture with inherent security gaps and a plethora of false positives. False positives are not only taxing for teams to decode and determine if there is an actual threat, but they also waste resources by misidentifying benign traffic as malicious—which can potentially disrupt business operations. In a 2022 Cloud Security Alert Fatigue Report, 59% of respondents reported that they receive more than 500 cloud security-related alerts per day.
While trying to weed through the alerts, organizations are opening themselves up to allow attackers in—further expanding their own attack surface. The fact of the matter is that security teams don’t have the bandwidth to afford to deal with false positives. Not to mention, it tends to be cyclical and moves an organization further away from balancing security and the business. Keeping a company’s security controls configured is the ultimate goal.
Is There A Holy Grail Of Security Optimization?
There is never a silver bullet, but there is a lot you can do. False positives are causing organizations’ downtime with benign traffic being misidentified as malicious and thus, blocked. With the average cost of downtime for a business being $88,000 per hour, it is only reasonable that organizations should invest in implementing processes that will identify these events. According to Splunk’s State of the Security 2023 report, based on the mean number of outages every year that an organization faces, downtime consumes 2.7% of annual revenue. Imagine investing this money elsewhere within the organization—rerouting these false positives, or eliminating them completely, which would give security teams time back and save your business’s bottom line.
Let’s first recognize that these false positives are the misconfigurations within your operations environment. So how do you lessen these interruptions and rectify the misconfigurations? By optimizing your security systems, and investing in zero-business-disruption remediation procedures. But what does this actually look like in practice, and what are the best tools to leverage?
Start with an automated, continuous analysis of security controls. This should be followed by, or powered at the very least, by machine learning. Machine learning takes the burden off security teams by doing tasks that would otherwise require manual labor for an organization. It has the power to verify your organization is getting the total value of its security configurations, while also automating the risk assessment process. It enables businesses to remediate misconfigurations and respond fast and efficiently to cyber-attacks. Ensuring that security controls are configured and adjusted properly is crucial to not interrupting business operations and driving up the cost of downtime.
Improve ROI On Your Current Security Spend
Today’s challenge isn’t finding or investing in security solutions, it’s about understanding how to use the available tools in your business environment most efficiently. Misconfigurations can result in unintentional security gaps and adversely impact the business by blocking legitimate applications and users. The best thing an organization can do to improve ROI and remain secure is to optimize its current security toolset. Simplicity can sometimes lead to the best results!
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Read the full article here