InvestorsHub Logo
Followers 5
Posts 2783
Boards Moderated 0
Alias Born 09/06/2006

Re: None

Tuesday, 06/30/2020 5:19:19 PM

Tuesday, June 30, 2020 5:19:19 PM

Post# of 249147
The more cybersecurity tools an enterprise deploys, the less effective their defense is

https://www.zdnet.com/article/the-more-cybersecurity-tools-an-enterprise-deploys-the-less-effective-their-defense-is/

New research highlights how throwing money indiscriminately at security doesn’t guarantee results.

The enterprise is slowly improving its response to cybersecurity incidents, but in the same breath, it is still investing in too many tools that can actually reduce the effectiveness of defense.

On Tuesday, IBM released the results of a global survey, conducted by the Ponemon Institute and featuring responses from over 3,400 security and IT staff worldwide. The research suggests that while investment and planning are on the uptake, effectiveness is not on the same incline, with response efforts hindered by complexity caused by fragmented toolsets.

The research, IBM's fifth annual Cyber Resilient Organization Report, says that while organizations are improving in cyberattack planning, detection, and response, their ability to contain an active threat has declined by 13%.

On average, enterprises deploy 45 cybersecurity-related tools on their networks. The widespread use of too many tools may contribute to an inability not only to detect, but also to defend from active attacks. Enterprises that deploy over 50 tools ranked themselves 8% lower in their ability to detect threats, and 7% lower in their defensive capabilities, than other companies employing fewer toolsets.

It does appear that the enterprise cybersecurity scene is reaching a new level of maturity, however, with 26% of respondents saying that their organizations have now adopted formal, company-wide Cyber Security Incident Response Plans (CSIRPs), an increase from 18% five years ago.

In total, however, 74% of respondents said their cybersecurity planning posture still leaves much to be desired, with no plans, ad-hoc plans, or inconsistency still a thorn in the side of IT staff. In addition, among those who have adopted a response plan, only a third have created a playbook for common attack types to watch out for during daily operations.

"Since different breeds of attack require unique response techniques, having pre-defined playbooks provides organizations with consistent and repeatable action plans for the most common attacks they are likely to face," the report notes.

According to IBM, a lack of planning and incident response testing can lead to a damages bill up to $1.2 million higher than a cyberattack would have otherwise cost a victim company.

The cost can be high in terms of disruption, too, as only 39% of enterprise companies with CSIRP applied have experienced a severely disruptive attack in the past two years -- in comparison to 62% of those which did not implement any form of plan.

TechRepublic: Expiring security certificates may start shutting down IoT devices

In light of the COVID-19 pandemic and the rapid changes many of us have experienced in our workplaces, CSIRP setups need to be reviewed, and if need be, changed to adapt to the working from home environment. However, only 7% of respondents review these plans quarterly, and 40% have no time period set whatsoever for reviews.

"With business operations changing rapidly due to an increasingly remote workforce, and new attack techniques constantly being introduced, this data suggests that many businesses are relying on outdated response plans which don't reflect the current threat and business landscape," IBM added.
=================================================================
Here's an opportunity for Wave to help organizations who don't know about the Wave alternative to discover there is a better way to defend their organization's data and network in a way that successfully achieves the organizations' goals. The use of Wave solutions for an average organization should result in a massive reduction (from 45 cybersecurity tools) in an organization's cybersecurity tools.
=================================================================
https://www.wavesys.com/wave-alternative

The IT perimeter is gone

With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.

It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.

You have to start with the device

Wave has an alternative: security that’s built into each and every device.

We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.

We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.

Security that’s confirmed, not assumed

With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.

A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.

Do we need to say that with Wave, compliance is no problem?

Start closing your security gaps today, with what you’ve got

You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.

It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.

Questions? Read on, or contact our sales department.


















Join the InvestorsHub Community

Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.