Defense in depth: Sounds good, but is it?
How many cybersecurity tools companies have in use is not decisive for high security and resilience - sounds strange, but it is. Ontinue, which specializes in Managed Extended Detection and Response, gives three concrete examples of why companies should not base the protection of their IT infrastructure solely on their software.
On paper, the cybersecurity strategy Defense in depth looks better than almost any other security concept: layer upon layer of different tools and processes are used to create a tightly meshed protection around a company's IT infrastructure. This approach is not new, but according to Ontinue In practice, it is becoming increasingly clear that it does not make sense, because even the best firewall, the most sophisticated DNS filter, a holistic EDR (Endpoint Detection and Response) tool, the most elaborate Cloud Access Security Broker (CASB) and other "best of breed" security solutions alone are not enough. As the following three examples from Ontinue illustrate, the human factor plays an essential role in cybersecurity.
1. the configuration chaos is almost impossible to control
"A lot helps a lot" is a double-edged sword in the context of cyber security: many tools only help if the appropriate specialist staff are available to implement, configure, manage and maintain them. However, this is the case in very few companies and even if a large IT team is available, the sheer number of tools that companies use is far too great. Various studies confirm that, on average, organizations use more than 40 security solutions. This flood of software is rarely manageable for SMEs or even large corporations.
2. there is a risk of "alert fatigue"
Another problem with a very large number of security tools is the constant alerts and warnings: Anyone who surfs the Internet and uses a pop-up blocker will be familiar with the many warning messages, and the typical virus scanner for the operating system also flashes almost continuously - and these are tools for a single user. Scaled to the employees of a company and the large number of additional tools used by both end users and security teams, the number of warning messages quickly increases to an unmanageable level. What then follows is what is known as "alert fatigue". It ensures that IT teams can hardly distinguish between critical and non-critical alerts and gaps in the defense against hackers arise.
3. even under the best of circumstances, security teams are overloaded
Even if the IT team has perfectly configured the extensive tool set and notification settings, the proverbial end of the line has not yet been reached. The threat situation is becoming more acute every year: the sheer volume of cyberattacks alone is increasing and generative AI is further expanding the technological possibilities for hackers. As a result, security teams have to fight the flood of attacks much more deeply and intensively - the all-important preventative measures and threat intelligence often fall by the wayside.
Conclusion
"Companies need to realize that more tools do not necessarily mean more security," warns Jochen Koehler, VP EMEA Sales at Ontinue. "As secure as Defense in Depth may look in theory, very few companies can implement this approach practically and, above all, successfully without massive personnel expenditure. They should therefore carefully consider whether it would not make more sense to invest their often tight budget in an externalization that offers them maximum protection and the greatest possible resilience with minimal personnel and software acquisition costs."