For 20 years, the cybersecurity practitioner’s goto move when confronted with a new risk or compliance requirement has been to install a technical tool somewhere in the security stack to cover it. Over time, the number of tools that the infosec team has to manage has slowly grown. With the advent of bring-your-own device to the workplace, CIOs choosing SaaS applications to do work that has been traditionally handled in the data center, and organizations rushing to deploy their services into hybrid cloud environments, the number of individual data islands where company material information is routinely stored and must be covered by the security stack has increased. The complexity of this situation is immense. Two strategies have emerged to address this problem. The first is to continue down the path of installing more technical tools in each data island to cover the risk and having the infosec team manually process the telemetry of all the security devices with bigger teams and helper-automation-tools like SOAR platforms and SIEM databases. The second strategy is to choose a security vendor’s platform that performs most of the security tasks on all the data islands but now makes the organization reliant on a single point of failure.
Joining Rick Howard from the CyberWire’s Hash Table’s group of experts to consider the matter are Mike Higgins from Haven Health and Greg Notch from the National Hockey League, and later in the show, Rick speaks with Lior Div of Cybereason, who gives their point of view on this debate.