Why a set it and forget it security solution does not exist, and why multi-layered cybersecurity is still necessary

Why a set it and forget it security solution does not exist, and why multi-layered cybersecurity is still necessary

David Herselman, Managing Director, inq. South Africa

Many African enterprises still consider cybersecurity a grudge purchase. What is worse, these businesses allocate funds after an incident or after a regulatory change forces their hands. The normalisation of the hybrid work environment has also contributed to a false sense of security.

Often, organisations think their traditional perimeter and endpoint security solutions are adequate even after migrating their data and applications to cloud environments.

In practice, the cybersecurity landscape has become cluttered with vendors trying to outdo each other with confusing acronyms and overlapping features. This has resulted in a fragmented array of security solutions. It could be argued that the industry needs regulation of its own to categorise vendors and products.

At least then, it will be easier for consumers and organisations to get clarity on what they are using and what they are buying. Having said that, this approach could be detrimental to one of the best ways to strengthen a company’s defences, which is adopting a multi-layered cybersecurity approach.

Even though the hype surrounding machine learning and AI has resulted in decision-makers expecting a set it and forget it security solution, the reality is quite different. Detecting advanced persistent threats relies on correlating indicators of compromise, IoC and subsequent threat hunting to investigate anomalies.

There is a growing consensus that network traffic analysis, such as firewalls, switches with NetFlow, sFlow or SPAN, endpoint detection and response, telemetry, cloud service provider logs, in-house server and workstation audit logs, and event logs need to be consolidated and correlated.

A Secure Access Service Edge solution has almost become a requirement to manage and monitor hybrid workers effectively. Historically, enterprises have achieved this through a Security Information and Event Management, SIEM solution, coupled with an in-house Security Operations Centre.

Small and medium-sized businesses can access similar Managed Detection and Response, services from MSSPs, though these often do not cover the full scope of services an in-house SOC provides.

Extended Detection and Response solutions attempt to persuade clients to adopt a single solution to address these challenges. However, these solutions are often vendor-specific with limited integrations, whereas SIEM, SOC solutions offer far greater compatibility in data ingestion.

There is no one-size-fits-all solution for cybersecurity. The key to effective security lies in a comprehensive, multi-layered approach that incorporates the best tools, frameworks, and practices.

inq. South Africa, formerly known as Syrex, specialises in the installation and support of Open Source, Microsoft, virtualised, and hybrid network infrastructures.

Browse our latest issue

Intelligent CIO Africa

View Magazine Archive