An overheard conversation between a software vendor and a security professional sheds light on a growing problem in the evolving battle to secure critical enterprise data and information. The vendor, in the middle of his pitch, was interrupted by the security professional lamenting, “Yet another agent, yet another dashboard.” His objection and dejected look as he walked away underscore one of the greatest challenges facing security and compliance professionals—The Fog of More.
The Council on CyberSecurity Annual 2014 Report coins the term “Fog of More” to describe the “Overload of defensive support…more options, more tools, more knowledge, more advice, and more requirements, but not always more security.” The rapid rate at which the IT security industry evolves ensures security and compliance professionals are constantly battling to keep their head above water in a sea of tools, data, advice, and reports. Meanwhile, criminals focus on attacks.
The Fog of More is fueled by an endless supply of security and compliance companies making grandiose claims about the abilities of their technology. These highly touted security tools typically provide endless amounts of complex data, hiding valuable security information amongst a sea of white noise and false positives. The tools require advanced IT knowledge to install, configure, and maintain, which means more time is spent fighting with tools than investigating security issues.
The result of the Fog of More is confusion, misunderstanding, and ultimately mistakes. What tools should be purchased? What security issues are priorities? What does this ocean of data provided by my tools mean? How does management understand security posture? How can regulation compliance be proven? Security and compliance professionals are so overwhelmed they do not have the time to investigate security events, follow up on insecure end-user processes, or report to upper management. One missed issue amidst the white noise, one configuration that is accidentally reset, or one misunderstood security event, and all of an organization’s investment in security may be in vain.
Finding a Solution
History shows that in order to overcome the Fog of More, security and compliance functions must consolidate. Use the invention of the automobile as an example. When automobiles were first invented, some had steering wheels on the left and some on the right. Some had hand brakes while others had foot brakes. There were many different options, all of which operated differently and were wildly expensive.
Eventually, people agreed on what worked best, Henry Ford standardized it, and cars became easier to operate and more affordable. The same can be seen in the technology world. When home computers first hit the market, they all operated differently, had different features, required different software, and were incredibly expensive. Over time the market narrowed down what worked best and now the average person can operate a computer on a basic level regardless of what brand it is. Both in the automobile and in the technology world, there was a transition from an overload of different options and functionalities to a standard of what was expected. In both instances, this transition reduced the number of competitors in the market and made the products more affordable.
In the security and compliance world, this critical process of consolidation is underway. For example, AristotleInsight® virtualizes the process of data collection, correlation, and first pass analysis. The cyber diagnostics platform uses revolutionary UDAPE® technology to provide the ability of countless security functions in a single solution with an unparalleled level of detail. AristotleInsight shines through the fog of more by bringing visibility to key security metrics while also helping organizational stakeholders understand the security and compliance posture of their organization. As vendors hone in on what is necessary for the industry, the number of vendors will decrease, product functionality will condense and improve, solutions will become increasingly affordable, and the fog will fade.
To learn more about AristotleInsight:
Visit – www.aristotleinsight.com
Email – firstname.lastname@example.org
Call – 866-748-5227
About the Author:
Josh Paape is an Online Marketing Specialist at Sergeant Laboratories, a leader in security and compliance solutions that allow businesses, governments, and healthcare institutions to comply with regulations and stay a step ahead of criminals. As a graduate of the University of Wisconsin – La Crosse, Josh has experience marketing products from a variety of industries. As a contributor to CDM, he hopes to spark new thought and discussion topics in the information security community. Connect with Sergeant Laboratories: https://www.sgtlabs.com
Sergeant Laboratories Blog: https://www.aristotleinsight.com
LinkedIn: https://www.linkedin.com/company/sergeant-laboratories-inc Twitter: @Sergeant_Labs