LAST UPDATED August 2, 2021
“We are all just prisoners here of our own device.“
–The Eagles
“Help me get rid of some of this stuff, or I’m gonna f’n lose it.“
–Anonymous CISO
I’m going to go out on a very sturdy limb and say that The Eagles weren’t thinking about cybersecurity when they penned that line in Hotel California. Yet my recent conversations with CIOs and CISOs have made it abundantly clear that many security organizations are facing a similar situation. An excess of security tools has led to out-of-control costs and compounding complexity that makes security inefficient and threatens to make organizations less secure. Instead of stopping threats, many security teams end up like fishermen tangled in their own nets – immobilized and paying extra for the privilege.
Truly innovative security should reverse this trend, not make it worse. Innovative security should allow CISOs to reduce and simplify their stable of security tools, unburden security staff, and reduce costs. It’s certainly a nice notion, albeit not a particularly original one. But despite best intentions, actually reducing complexity can be elusive. Let’s take a look at why security complexity always seems to grow and how we can do better, specifically in the realm of AppSec.
More Products, More Problems
Security is a naturally complex business. Given that technology and threats are constantly evolving, there will inevitably be gaps that security teams need to address. For instance, ten years ago, very few organizations worried about API security or attacks from bots, yet today they are front-line considerations.
And as new security problems emerge, organizations will often acquire new products to solve them. In short order, security teams can be mired in products, each with their own specialized function. The problem is that each new security tool typically adds incremental benefit, while the overall complexity to the security team grows exponentially.
This complexity manifests itself in people, process, and price. Every new security product typically introduces an additional load on already overworked security teams. Teams need to be trained on the solution, configure and maintain it, keep the system updated, and ultimately analyze the inevitable alerts or events that the system generates. Worse still, with many systems generating many different alerts, all with different naming conventions, severities, etc., it is easy for threats to get lost in the noise. Throw in the additional cost of the product, support, and services, and ultimately you have a situation where costs continually rise while efficacy actually gets worse.
The WAAP++ Approach to Consolidation
When working with our customers, I always like to focus on making them more secure and making their security operations simpler. First, we start by bringing all of the critical elements of modern application security under one roof. In addition to the traditional WAF protections from OWASP threats, this also includes anti-bot protections, API defenses, Layer 7, volumetric DDOS protection, and protection from a host of other advanced threats.
That is a good start, but the operational simplicity for customers comes from how we deliver these functions. There are plenty of big platforms out there that can check all of the various AppSec functionality boxes. The problem is that these offerings are typically several separate products tied together and sold under the guise of a “platform.” The logic for each product/module is different, each needs its own configuration, generates its own alerts, and even if the price is bundled, the customer still ends up paying for each product. Other than being delivered under the banner of a single vendor’s logo, there often isn’t much of an improvement, operationally speaking.
ThreatX has approached the problem from the ground up. Instead of bundling 4 or 5 different modules together, ThreatX brings all of the industry’s leading intelligence and detection logic into a single “brain.” Detections can incorporate traditional signatures, application behavioral profiling, attacker profiling, active interrogation, attacker deception, and more. All events and intelligence are tracked over time to build a complete view of risk that is continuously updated based on all available security perspectives. This culminates in a single, actionable view of security and risk. All the details are available, but there is no need for staff to do the work required to assemble various types of data to arrive at an answer. Instead, our customers enjoy one system with simple real-time answers based on all the available data.
Marrying Talent with Technology
It is no secret that security talent is in high demand today, and teams in most industries are chronically overworked and understaffed. The need to unburden in-house talent is often one of the primary drivers for organizations to simplify their security infrastructure in the first place.
In addition to our innovative technology, ThreatX includes access to our in-house SOC and security talent as part of the solution. This can give an organization access to security expertise that may be lacking internally, such as an anti-automation or anti-DDOS expert. On the other hand, organizations can leverage ThreatX to handle daily operational tasks such as monitoring, triage, and response to events. In either case, organizations can protect their internal staff so that they can stay focused on the most strategically important projects.
Ultimately the end result is a better, more unified approach to security for the organization and more breathing room for the security team. For many, it may sound a little too good to be true. We encourage you to take it for a test drive or talk to one of your contemporaries who are using ThreatX today. If you’d like to learn more and see how ThreatX can help you prune the sprawl, schedule a demo today.