How to get more out of existing cybersecurity tools instead of replacing them

by Cody Cornell on August 19, 2015

Considering that government agencies maintaining extremely sensitive information have experienced data breaches recently, it is certainly understandable that enterprises would now be conducting audits of their existing cybersecurity tools—and considering replacing many of them. While an audit is never a bad idea, it can be easy to overreact and make rash decisions in the wake of recent security events.

Not surprisingly, the market for cybersecurity solutions is exploding. In fact, MarketsandMarkets projects that the industry will expand at a 9.8 CAGR over the next five years, from $106.32 billion in 2015 to $170.21 billion in 2020. And although much of that spending is likely warranted, many organizations will likely expend capital on new solutions, when in reality, the existing tools they have are not the problem.

The issue, in fact, may be the way an organization is using existing tools. If you are a CIO, CISO or manager, think about how you conduct operations each day. How much time does your team spend manually bringing in information from detection technology or threat intelligence solutions? What percentage of your Tier 2 and 3 analysts’ days are spent on initial investigations, triage or gathering additional contextual information from multiple sources?

Inefficient cybersecurity case management may give the appearance that the security tools your team is using today are the problem; but centralizing information and seamlessly integrating threat intelligence into incident response management and remediation may be a more cost-effective and efficient solution. Streamlining workflow in this manner allows analysts to more quickly review all relevant data, rather than spend time copying and pasting from other tools. The resulting time saved can be invaluable, as these analysts can spend more of their days hunting for new attacks and creating new mitigation techniques.

It can be tempting to consider adopting a host of new tools in light of the frightening current threat landscape. But if you are finding that your team is spending an increasingly high percentage of their days on repetitive, low-complexity tasks, new solutions aren’t necessarily the answer. If you would like to learn more about how a cybersecurity case management platform can help you get more out of your existing tools, sign up for a demonstration today.

*** This is a Security Bloggers Network syndicated blog from Swimlane (en-US) authored by Cody Cornell. Read the original post at: https://swimlane.com/blog/how-to-get-more-out-of-existing-cyber-security-tools/

August 19, 2015August 19, 2015 Cody Cornell case management, Data breaches, secops, threat landscape

Cody Cornell

Cody is responsible for the strategic direction of Swimlane and the development of our security orchestration, automation, and response (SOAR) platform. At Swimlane we advocate for the open exchange of security information and deep technology integration, that maximizes the value customers receive from their investments in security operations technology and people. Collaborating with industry-leading technology vendors, we work to identify opportunities to streamline and automate security activities saving customer operational costs and reducing risk.

cody-cornell has 133 posts and counting.See all posts by cody-cornell