The average enterprise has 75 security tools. Since every security tool sends warnings when unusual activity takes place, the result is that businesses are bombarded with an incredible number of alerts.
What do most companies about all these alerts? Selectively ignore them. There simply isn’t enough manpower to investigate every single alert that a company sees.
In fact, this is exactly what happened in the 2013 Target breach that affected 41 million customers’ accounts.
The proper tools alerted Target’s employees, but the notifications were ignored as false positives. They didn’t realize a breach had happened until it was far too late. But can you blame them when most IT teams are bombarded with alerts every hour, most of which are false positives?
We set out more than 10 years ago to help fix this problem for IT teams and over the last decade have improved, iterated, and built a solution, which we call Armor Anywhere to help with this problem and secure servers wherever they are (public cloud, private cloud, or on-premise) without subjecting companies and their IT teams to even more alert fatigue.
But, before we talk about what we do, it’s important that we figure out how the industry got to this point in the first place.
If you want to learn more about how Armor can help you reduce alert fatigue and secure your infrastructure with less effort, then click here to get a free quote on how much Armor would cost you.
How Cybersecurity Tools Grew Out of Control
The need to invest in cybersecurity became obvious in the 1990s, when several famous viruses, like “The Melissa” and “ILOVEYOU”, infected tens of millions of PCs. Companies now had a security budget and had to figure out how to wisely spend their money to maximize their defenses.
Of course, companies invested in hiring cybersecurity experts, but people are expensive.
To complement their security professionals, companies bought various tools. During the 90s, various software and hardware solutions sprung up to fulfill all the different security needs that businesses had.
Needed to get a firewall up and running? You could buy a software tool to help with that.
Needed to log the users accessing sensitive data? Another software tool could help with that.
For any problem, there was a tool you could buy that could help with the situation.
This process has continued for over 20 years, as different security products have sprung up to secure all the various parts of businesses’ technology stacks.
What has changed though is how complicated technology stacks have become. Enterprises now can have a hybrid cloud approach where they have some on-premise servers and other servers on multiple other clouds.
Securing a technology stack this complicated has become a gargantuan task. It requires security teams to use many different tools in order to protect against all potential attack vectors.
How Buying More and More Security Tools Can Be Both Expensive and Ineffective
Having to manage all of these security tools has several issues.
First off, having more tools is expensive. Consider again the fact that the average enterprise has 75 different security tools. If each tool costs on average $100 per month (many tools are much more expensive than that), then they could be paying $7500 a month or more on software tools.
This means many enterprises’ budget on security tools is higher than some single employee’s total compensation.
We don’t think this is a bad thing since good security tools can be worth their weight in gold. But, it shows how small subscriptions can quickly add up to become a significant expense.
Second, enterprises now have to manage multiple vendors. Not only is it a pain in the neck to deal with dozens of vendors, but it also requires employees to work on managing these relationships.
With 75 or more tools to manage, you may even need to hire people solely to manage all of these vendors. Not only is this a logistical challenge, but it will also be a strain on budgets.
If you have an issue or question, there are now many potential vendors you have to reach out to. This takes time away from what your cybersecurity team should be working on: securing your technology stack.
Finally, all of these tools lead to an overwhelming amount of alerts and messages. Every good tool will alert you when it detects suspicious activity.
For the most part, these notifications are not indicative of an actual breach. It could simply be an employee using your infrastructure in an unusual way.
But, with 75 different tools to manage, it becomes nearly impossible to manage all of these different alerts. Plus, each of these tools may have its own dashboard. That means dozens of dashboards and screens that your analysts need to understand.
Research has shown that enterprises have to deal with 174,000 messages every week.
What results is what we said before: analysts don’t respond to every warning because they don’t have the time.
In most cases, nothing happens when these warnings are ignored. However, sometimes these warnings are signs of an actual breach.
That’s what happened to Target: the security team ignored many false positive warnings. But, when a notification of a genuine breach happened, that warning was ignored as well.
This is why adding more security tools can be ineffective. You’ll just end up with more warnings and notifications which you’re forced to ignore because you can’t deal with the insane number of alerts.
Why It’s Statistically Unlikely For a Breach to Be Dealt With
There were over 6500 data breaches in 2018, so the actual likelihood that a warning is a breach is quite low.
That being said, the fact that the average breach costs $3.62 million (and could end a company) means that it’s something every company needs to take seriously.
The same research that shows that an average enterprise handles 174,000 weekly alerts also shows that they can only respond to 12,000 alerts each week. That means that over 90% of alerts are essentially uninvestigated.
This helps to explain why the industry average “dwell time” (how long it takes for a company to close a breach after one happens) is over 100 days.
After 100 days, hackers have likely taken all of your valuable information. Our research shows that it only takes a threat actor 5 days to cause harm to an organization.
It’s scary to admit, but the data shows that the average enterprise is unable to protect itself in case of a breach. They’ll likely get a relevant notification that will get lost in the noise.
We Believe That There is a Way to Cut Through the Noise and Quickly Respond to a Threat
The problem of integrating many tools in order to maximize security is something we at Armor have years of experience with.
When the company was started in 2009, we offered secure and compliant hosting with our own physically managed, private cloud.
Back then, we had to deal with the problems of securing cloud infrastructure that many companies are now starting to encounter.
To this day, we still offer hosting on our secure and compliant cloud, which we call Armor Complete.
A few years ago, we took a look at the security landscape and clearly saw the trend towards companies using the cloud (many times in conjunction with on-premise servers) and adopting more complicated technology stacks.
We understand the appeal of using multiple clouds, but we also saw that it was going to become much more complex to secure. Also, many companies began hosting with the major cloud hosting providers, but still needed a solid security solution that helps solve the problem of alert fatigue, not add to it.
So in 2015, we created a product to help solve these problems:
- Secure servers no matter where they are (on-premise, private cloud, or public cloud)
- Filter out unnecessary alerts and give companies the most important alerts to help solve the alert fatigue problem.
We call this product Armor Anywhere.
Here’s how Armor Anywhere helps solve the problems we listed above.
Pick and Manage Only the Best IT Security Tools
We believe that you need to be selective about the security tools that you use. So when we made our security solution, we hand-picked only the best security tools. That way, we limit the number of tools our customers need to manage. It’s vital that you can see all your notifications and alerts in one, clean dashboard.
That’s why we have a single dashboard which manages all of our security tools and tells you everything that you need to know about the security of your infrastructure:
That means you spend a lot less time paying, integrating, and understanding many different security vendors.
Plus, we are also constantly adding more tools to Armor as different technologies and trends arise.
How We Help Solve Alert Fatigue
Secondly, it’s important to intelligently filter out the thousands of messages your security tools send you. Doing this by software alone is really difficult. If the software mistakenly filters out a real threat, that’s a terrible situation for the software provider.
That’s why most default to showing as many possible threats as possible and letting the end user’s team filter them out. Of course, as we mentioned above, that causes alert fatigue.
So to solve this, unlike software-only solutions, we use a team of actual humans.
Respond to Breaches Before Lasting Damage Happens
Finally, we believe that it’s vital to have the most threat intelligence in order to quickly respond to a breach.
Remember when we said that the average industry dwell time is over 100 days? Armor’s average dwell time is 2 days.
That means it takes us around 2 days to respond to and close a breach. Since a hacker usually takes 5 days to cause damage to your system, the breach is likely fixed before any lasting damage is done.
Every Armor customer gets incident response from our 24/7 security team in case of a breach.
We’ll investigate the breach, offer you suggestions on how to fix it, and might be able to fix it if you give us permission to make changes to your stack.
Security is Complex. We Built Armor to Reduce Notification Chaos and Give IT Teams and CISOs Peace of Mind
As we said before, the fact that technology stacks are becoming more complicated means that there are more potential vectors for hackers to breach your security system. The rise of cloud computing especially increases the complexity and security risk of modern technology stacks.
Teams are forced to use many tools to secure the different technologies that they use. With each tool giving its own set of warnings, the deluge of notifications can become overwhelming. A security strategy based on using a higher number of security tools is simply untenable.
We built Armor so that you don’t need to worry about missing a potential threat. You can leverage our software and years of experience to filter through all of the noise from security tools.
Plus, if a breach does happen, we’ll be there to quickly respond.
We have a product that we’re confident will help enterprises deal with these challenges that come from securing a modern technology stack.
That is ultimately what we want to deliver: state-of-the-art security that gives businesses peace of mind that their data and infrastructure are truly secure.
If you want to learn more about how Armor can help you secure your infrastructure without suffering from alert fatigue or having to work with too many tools, then click here to get a free quote on how much it would cost.