The Platform Era of Managed Security: A Shift Beyond Defense-In-Depth

As the digital landscape continues to evolve, organizations are encountering increasingly complex security challenges and threats. Cyberattacks are escalating, and the exponential growth in data volume is straining organizational resources, underscoring the need for more robust security measures. Research from IBM shows that “the global average cost of a data breach in 2023 was USD 4.45 million, a 15% increase over 3 years,” highlighting the growing financial impact on organizations. Gartner projects that “spending on security and risk management is projected to total $215 billion in 2024, an increase of 14.3% from 2023.” 

Rethinking Defense-In-Depth 

Historically, a defense-in-depth strategy—employing multiple layers of security measures—has been the cornerstone of cybersecurity. This approach operates on the premise that if one defense layer is breached, additional layers can thwart threats. However, extensive experience in defense-in-depth environments has revealed that this method can be not only inefficient but also counterproductive, introducing new vulnerabilities. 

When organizations stack numerous security measures, they often end up with a multitude of disparate tools that are not properly configured or integrated. Managing and maintaining expertise across such a fragmented security landscape is both costly and complex. Tools are not static; they continuously evolve to address emerging threats. Consequently, a patchwork of tools can create gaps that cybercriminals exploit to embed malware and launch attacks. 

We are witnessing the decline of the defense-in-depth era and the rise of the platform era. In the past, organizations had to choose between the effectiveness of best-of-breed technologies and the convenience of an integrated platform. Today’s platforms offer the best of both worlds: top-tier tools within a cohesive, integrated, secure environment. This shift is set to transform the industry. Partnering with a managed security provider with deep platform expertise can help replace redundant tools and customize your security program to your specific needs. 

Adapting to Evolving Security Challenges 

As you work to enhance your security operations, consider these critical challenges: 

Expanding Attack Surfaces 

Work environments are no longer limited to traditional office settings, broadening the attack surfaces that cybercriminals can exploit. Data from 2023 indicates that “12.7% of full-time employees work from home, while 28.2% work a hybrid model.” Employees accessing company tools from various devices, including personal laptops, tablets, and phones, compromise real-time visibility into an organization’s security posture. Moreover, the widespread adoption of cloud applications and public cloud environments further extends an enterprise’s virtual attack surface. 

Tool Overload and Alert Fatigue 

Your team can only manage a finite number of tools. Without sufficient expertise, employees may struggle to fully utilize these technologies, leading to underutilized or misconfigured critical capabilities. A constant influx of unprioritized alerts from multiple tools can cause alert fatigue and confusion, hampering effective threat management. 

Staffing Constraints 

Many security teams cannot keep up with the rapid pace of emerging threats. Relying on personnel to manually handle complex and error-prone tasks, such as developing automation rules and code, can hinder a team’s ability to stay ahead of new threats. 

Enhancing Security with AI 

While AI and machine learning have traditionally been used for threat detection and response, generative AI is unlocking new possibilities for improving cybersecurity’s maturity, speed, and efficiency. Generative AI can process and analyze vast amounts of data rapidly, enabling organizations to implement intelligent automation rules swiftly and stay ahead of threats. 

For example, AI can suggest courses of action for human approval at speeds unmatched by humans. Utilizing a machine-readable escalation matrix, AI can recognize incidents based on time and location data, automatically determine the appropriate response, and generate a message explaining its rationale along with a set of optional actions. This process allows security teams to focus on approval rather than full investigation, freeing up time for higher-priority security tasks. 

AI promises to revolutionize cybersecurity by offering: 

• Increased speed and accuracy: Facilitating smarter, faster decision-making and actions, reducing attack dwell time and impact. 

• Localized and tailored protection: Understanding your unique business environment (users, devices, applications, information, operating capabilities, and constraints) to assess risks and execute appropriate remediation options. 

• Enhanced communication and collaboration: Providing teams with timely access to crucial information to optimize security program execution. 

Choosing the Right MDR Provider 

While AI is a powerful tool, it cannot alone ensure a robust cyber posture. Human oversight is essential for validating AI-driven decisions and refining AI models. As cybercriminals increasingly adopt AI, organizations must leverage AI for defense, whether by building an in-house team of experts or partnering with a managed detection and response (MDR) provider. 

When selecting an MDR provider, consider these features: 

• AI-driven automation: Providers that use automation to accelerate SecOps tasks, from triage to resolution, and effectively handle severe threats through appropriate automated actions. 

• Real-time collaboration: Providers that enable designated team members to access necessary information in real-time, ideally through familiar tools. 

• Risk-based, localized protection: Providers that tailor protection to your specific environment, business operations, and teams. 

• Specialized expertise: Providers with deep knowledge and experience with platforms you already use. 

• Continuous protection: Providers that go beyond detection and response to enhance your security posture through ongoing assessment and prevention. 

The platform era of managed security is democratizing and scaling cybersecurity. By partnering with the right security provider, you can extend your team’s capabilities and access the resources needed to strengthen your cybersecurity maturity.