Jonathan Fischbein is the Chief Information Security Officer at Check Point Software Technologies.
In Q3 2024, organizations experienced an average of 1,876 cyberattacks, a 75% increase year over year. Every minute of every day, bad actors are poking and prodding networks until they find one small crack in cybersecurity defenses to exploit. If it weren’t for their nefarious intentions, their persistence and creativity would be admirable. But organizations are not defenseless. They invest heavily in innovative cybersecurity solutions and highly skilled security operations specialists. The cybersecurity industry employs the brightest minds and constantly releases innovative new tools.
How is it that so many organizations remain vulnerable despite all this innovation and investment? One main reason is that while cybercriminals attack across multiple vectors, security solutions operate in isolated siloes, never sharing data between them. This siloed approach creates security gaps that leave doors open for attackers to find and exploit.
The Security Operations Challenge
Cybercriminals constantly bombard the defenses of security operation centers (SOCs) around the world, trying to find a way to breach organizations. SOC teams are on a continual war footing, trying to stem the tide of attacks by diligently monitoring a multitude of systems and hunting for clues that an attacker is lurking. Assuming a SOC is well-equipped and well-staffed, what is the greatest remaining vulnerability? Is it poorly configured firewalls, mobile endpoints connecting to unsecured Wi-Fi, web applications with open backdoors or phishing attacks? Or is it forgotten assets and shadow IT? Each one of these possible attack vectors presents a clear and present danger. One of the single greatest vulnerabilities that SOCs face is that each security tool deployed works as an isolated silo, never effectively sharing information. This siloed security approach creates dangerous blind spots.
Stealth Multi-Sector Attacks
We no longer live in a world where criminals concentrate on one line of attack. This is the age of multi-vector attacks, where perpetrators launch simultaneous, full-spectrum assaults on organizations’ defenses. Multi-vector attacks are highly complex and very challenging to predict. Persistent attackers will attempt to gain access via multiple vectors until they succeed.
The security tools are working in isolated silos, each looking after the specific type of threats they were developed to defend against. This is the fatal problem of the siloed security environment—vital connections and correlations that could identify a complex attack often are not made in time.
Like Blind Men Examining A Tiger
This situation brings to mind the parable of the elephant and the blind men, where each examines an individual part of the animal but comes to different—and entirely wrong—conclusions as to what an elephant is. If we were to update that parable, our blindfolded security analysts might examine a tiger, but by only touching its tail, belly and ears conclude that it is harmless—having completely missed its teeth and claws.
This is what working in a siloed security environment is like—a narrowed focus leading