It may be possible to democratize security by making it more accessible to average companies through community resources. We have an idea or two, but we would appreciate your thoughts.At the 2019 RSA security conference, Matt Chiodi, Chief Security Officer of Palo Alto Networks said “… small organizations are using on average between 15 and 20 tools, medium-sized businesses are using 50 to 60 and large organizations or enterprises are using over 130 tools on average.” It is a statement of the obvious when a SANS survey concludes that “Too many tools that are not integrated.” Is one of the top three problems faced by security organizations.I’d like to refine these observations just a little. The pyramid below describes three levels of resource capability. The companies at the top are large and have extremely well-funded / mature security programs. They are able to afford the tools they believe are necessary, and they have internal development to either integrate tools or create tools as needed. The yellow band is the middle-class. They can afford a fair number of tools, but they can’t afford extensive integration or internal development needed for automation and customization. At the bottom is a large group of “have nots.” They can only afford a limited number of tools, few staff, integration capabilities only when they are supplied by vendors and no customization.
We believe that this structure is problematic. As long as a significant percentage of the business community is unable to deploy adequate security, a nursery ..
Support the originator by clicking the read the rest link below.
