Foundry study highlights the benefits of a unified security platform in new e-book

Credit to Author: Rob Lefferts| Date: Wed, 18 Dec 2024 17:00:00 +0000

Microsoft observes more than 600 million ransomware, phishing, and identity attacks each day.¹ One major theme from our analysis of these attacks is clear—organizations with integrated tools have better visibility and more holistic defense than those using a broader portfolio of point solutions. Microsoft wanted to test this observation outside of its own telemetry, hiring Foundry to conduct a survey of senior-level IT decision makers with a primary role in security management at organizations with 500 or more employees to see what they’re experiencing.

The results are in, and they might be surprising. Of the study’s 156 respondents, those whose companies have implemented greater quantities of security solutions are experiencing a higher average number of security incidents—15.3 incidents versus 10.5 incidents for organizations with fewer security tools. That’s more than a 31% increase in self-reported incidents. You can read up on the full results in the e-book The unified security platform era is here.

This reinforces the observations Microsoft made based on its own telemetry. The security teams we see that prioritize deploying a diverse portfolio of “category leaders” often have overlapping policies and controls that create weak points. The silos created by separate solutions also make it hard to coordinate an effective defense before breaches happen, uncover the true scope of incidents, or to respond quickly.

The unified security platform era is here

Read the e-book to gain research-driven insights into securing your organization with a unified security platform.

Why consolidated security wins

The initial stages of cyberattacks remain fairly consistent year over year—with brute force identity attacks, phishing and social engineering, and internet-exposed vulnerabilities continuing to be the most common. Threat actors are still largely using opportunity-based tactics for these first few steps. It’s only once someone’s credentials are obtained by bad actors that they begin taking more targeted action against a company’s infrastructure. When they do this, the would-be cyberattackers often conduct significant reconnaissance, demonstrating a tremendous understanding of the enterprise environment by targeting the seams between security solutions and taking advantage of technical debt. Examples of this could include a test app from an untracked satellite tenant that doesn’t enforce multifactor authentication, devices infected with malware, or legacy authentication protocols.

Graphs showing that on average, enterprises use around 14 different security tools. Forty seven percent of enterprises noted the number of security tools their organizations have adopted in the past year has remained the same, with thirty five percent of enterprises noting an increase in the number of security tools adopted in the past year, and eighteen percent noting a decrease in the number of security tools their organizations have adopted in the past year.

Diverse tool portfolios are very likely to lack the integration and signal sharing required to help security teams to understand how, or even if, cyberattackers are exploiting their infrastructure. As a result, cyberattackers have more seams they can exploit, they can remain undetected longer, and security teams will have a harder time ensuring they’ve fully removed the attackers’ access.

While there will never be a single comprehensive security tool, organizations that streamline their security stacks by adopting a security platform that integrates controls, policies, and signals will have a more resilient and comprehensively protected environment that can respond to cyberthreats more effectively. The research done by Foundry and Microsoft shows how this unified security approach helps security teams act more efficiently, reduce core metrics like mean time to repair and mean time to acknowledge, and improve their overall security posture. By eliminating many of the potential seams between standalone solutions, these companies were able to prevent, detect, and respond to many more security threats as they emerged.

A streamlined, unified security approach like the Microsoft unified security operations platform, which provides its users with a consistent data model and reduced silos, can also generate better results from automation and AI—both of which are powerful tools that help security operations (SecOps) teams close critical security gaps through improved exposure management, resiliency, and incident detection and response. Equally, SecOps teams that gain a single, centralized, and contextualized view of their company’s cyberthreat exposure are better able to measure and improve their security posture. By gaining the visibility and tools to conduct this kind of exposure management, these teams are able to shift from traditional, reactive detection and response-based security postures to more proactive postures that prioritize exposure-mitigating actions across devices, identities, applications, data, and their multicloud infrastructure.

Unified security means fewer cyberattacks and improved posture

The two biggest reported challenges facing respondents who were looking to improve their security posture were the complexity of their current environment and poor visibility across their security landscape. In fact, these challenges have become so universally apparent to the Foundry study’s survey participants that 91% of respondents operating a best-of-breed security approach are prioritizing vendor consolidation in the next 12 months. The same is true of 79% of respondents using 10 or more security tools. This strategy helps shift toward a more proactive security posture, and the Foundry study shows that it can also have a dramatically positive effect on the average number of security incidents a company faces.  

Bar chart showing the biggest challenges to achieving a successful security posture.

As 2024 has shown, keeping software up to date and installing strong security measures isn’t enough. It is nearly impossible for any organization to “out-patch” threat actors. Everyone needs to shift away from working through lists of vulnerabilities and to focus more on thinking like a cyberattacker—viewing vulnerabilities not as a list, but as elements that could be chained together to breach our environments in order to reach critical assets.

This is made much more difficult when using a diverse array of security vendors for each of your main security domains. Gaining visibility into possible attack paths, prioritizing based on potential incident severity, and then confidently removing the vulnerabilities is all made vastly more difficult when the work needs to be done manually across dozens of silos.

A unified platform changes how risk exposure can be handled. For example, security teams can use attack paths to remove vulnerabilities as if they’re responding to security incidents—with a prioritized list, systematically addressed based on variables like sensitivity of data, importance of critical assets, and severity of exposure. And with the native integrations of a platform, this value can be extended beyond just managing vulnerabilities. If you’re investigating a new incident and you’re shown that one of the compromised entities could lead to critical assets, that context could make the difference between routine remediation and a board-level briefing.

Setting out on your unified security platform journey

Reducing and consolidating security tools around a unified security platform is no small feat, either technologically or culturally. To get started, target a few small but key areas. This will give your security operations center (SOC) team a few quick wins and prove the value of consolidation to you and your stakeholders. You’ll also be able to customize and refine your new environment, ensuring necessary integrations are in place for end-to-end visibility without disrupting operations. You may also want to focus on change management early on, reskilling team members in a way that provides ample time for them to ramp up before going live.

Moving to a unified security platform is not just about improving defenses, so don’t forget to lend some of your time to maintaining positive employee experiences. Reducing friction across endpoint devices, apps, identities, and networks will make it easier for employees to access the systems and data they need. It also reduces the chance that employees will try to bypass new security policies in the interest of maintaining learned behaviors. To learn more about consolidating your security platform, the current state of threat protection, where organizations and security professionals are focusing with their current practices, and where they see opportunities for using AI in security operations, check out the new e-book The unified security platform era is here. And head over to the Microsoft Security web page for more information about how Microsoft is innovating in the security space, including through the use of responsible AI.

Learn more

Learn more about the Microsoft unified security operations platform.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

About the research 

Foundry conducted an online study to understand the current state of cyberthreat protection, where organizations and security professionals are focusing with their current practices, and where they see opportunities for using AI in security operations.  

The study, commissioned by Microsoft, was conducted in June 2024. The 156 respondents comprised senior-level IT decision-makers with a primary role in security management, at organizations with 500 or more employees.  


¹Microsoft Digital Defense Report 2024.

The post Foundry study highlights the benefits of a unified security platform in new e-book appeared first on Microsoft Security Blog.

https://blogs.technet.microsoft.com/mmpc/feed/

Leave a Reply