Ted Heiman on Rethinking Cybersecurity Strategies for CISOs (Part 1): Why Point Solutions Aren’t Cutting It Anymore

Historically, various startups emerged, each dedicated to solving a specific security problem. These point solutions addressed individual issues effectively, but as CISOs adopted more of them, managing and maintaining these solutions became increasingly complex. Limited resources and staffing compounded the issue, requiring specialized personnel for each solution.

CISOs talk about being understaffed mainly because they have massive work to do around managing many point solutions.

The situation worsened as these solutions failed to communicate with each other, resulting in a flood of reports that demanded thorough scrutiny to identify potential threats.

Consequently, CISOs needed an easy way to integrate technology with the enterprise. That’s when API integration became the norm.

To simplify integration, companies deployed numerous point solutions, each leveraging APIs.

While APIs initially offered a simple and efficient integration method, this unintentionally gave rise to an entirely new challenge and industry: API management, focused on overseeing and tracking the multitude of APIs deployed.

Here’s the critical question: When systems get decommissioned or replaced, are the corresponding APIs deactivated?

Failing to do so could leave backdoors for potential security breaches, as malicious traffic in APIs can mimic regular traffic, making detection challenging.

CISOs face a lot of noise from the reports from these point solutions. It’s an overwhelming amount of data to go through, and they just don’t have the time or resources.

Security Information and Event Management (SIEM) systems have become the central hub for collecting data from various point solutions. While the current setup is functional, it is far from ideal for CISOs seeking streamlined communication and collaboration between solutions.

A CISO would prefer solutions that communicate with each other to limit their attack surface and reduce the number of man-hours required just to manage all the moving parts.

This shift towards automation could streamline the manual process of analysing reports and enhance the overall efficiency of cybersecurity operations.

Networks are sophisticated and grow organically. Companies don’t start as Fortune 100; they evolve. Their networks expand because they need more communication with divisions, partners, vendors, etc.

Then acquisitions happen. When you acquire a company, you get both its good and bad aspects. You must figure out how to tie all that into your SIEM and ensure it works.

There is hope amidst these challenges in the potential of artificial intelligence to alleviate the burden on CISOs. AI could crawl the massive amounts of data generated by point solutions, identifying key points that require immediate attention.

Every year, a CISO identifies a product that they need to deploy. It’s the next shiny object. It will cost the company six figures and may solve a specific problem. The whole team will be focused on that, often overlooking the basics.

Enterprises have real challenges around patching all of the deployed applications. Not taking care of the basics is like installing the most sophisticated security system and leaving the window open.

Every application gets an update at some point. Updating and patching all the software is critical. It needs to be done fairly quickly because of the threat out there; malicious actors find out quickly where these back doors are. They look for companies that haven’t implemented the fix yet so they can leverage whatever that weak point is to get into the network.

At a minimum, patching weekly and ensuring every application runs the most current version will minimise the opportunity for somebody to breach your network.

Stay tuned for part 2 of the conversation between Ted Heiman and Dan Haagman to better understand CISO challenges and potential solutions, and check out our blog for more valuable insights from industry experts.