One More Tool Will Do It? Reflecting on the CrowdStrike Fallout
The proliferation of cybersecurity tools has created an illusion of security. Organizations often believe that by deploying a firewall, antivirus software, intrusion detection systems, identity threat detection and response, and other tools, they are adequately protected. However, this approach not only fails to address the fundamental issue of the attack surface but also introduces dangerous third-party risk to the mix.
The world of cybersecurity is in a constant state of flux, with cybercriminals becoming increasingly sophisticated in their tactics. In response, organizations are investing heavily in cybersecurity tools, hoping to build an impenetrable fortress around their digital assets. However, the belief that adding “just one more cybersecurity tool” will magically fix your attack surface and enhance your protection is a dangerous misconception.
The limitations of cybersecurity tools
Cybersecurity tools, while essential, have inherent limitations. They are designed to address specific threats and vulnerabilities, and they often rely on signature-based detection, which can be easily bypassed by zero-day attacks. Moreover, tools can generate a deluge of alerts, overwhelming security teams and making it difficult to identify genuine threats. According to this Gartner survey, 75 percent of organizations are pursuing vendor consolidation. The number one reason cited? Reducing complexity.
Furthermore, tools often operate in isolation, creating silos of information that hinder effective threat detection and response. Without a holistic view of the attack surface, organizations remain vulnerable to attacks that exploit gaps in their defences.
When the net is not positive: The hidden dangers of adding another tool
Ironically, each new cybersecurity tool you add to your arsenal can inadvertently expand your attack surface by introducing third-party risk. Every vendor you engage with, from cloud service providers to software developers, becomes a potential entry point for cybercriminals. Their own security practices, or lack thereof, can directly impact your organization’s security posture. A data breach at a third-party vendor can expose your sensitive information. A vulnerability in their software can provide a backdoor into your network. This complex web of interconnected systems and dependencies makes it increasingly challenging to manage and mitigate third-party risks effectively. We saw this play out in the Sisense breach, where customers trusting a third-party had their credentials stolen – an incident strong enough to prompt a CISA warning.
And let’s remember the CIA-triad of cybersecurity: confidentiality, integrity and availability. Losing availability is equally damaging to the business, independent of the root cause: outages caused by security tools and outages resulting from a DOS attack are equally harmful. And we saw from the CrowdStrike outage that security tools can and do inflict serious damage. This impact is due to the preferential access these tools get to your systems: in the case of CrowdStrike, it gets kernel-level access to every endpoint to ensure full visibility. Incidentally, this same deep access made the Falcon platform outage so incredibly devastating and made remedial efforts expensive.
This is true for almost all IT security products. Your tool designed to mitigate the risk has the potential to take down the systems it’s intended to protect. Your firewall misconfiguration can take down your network, your email spam filter can take down your email communication, and your access control solution can lock out your frontline workers – the list goes on. And while these tools vastly improve the security posture of the organization, customers should look to strike a balance between adding third-party risk from the software supply chain and mitigating risk with every new tool.
Simplifying the chaos with a unified platform
The danger arises from the complexity we mentioned above. This is now seen as the single biggest challenge in cybersecurity, motivating customers to move to larger, unified platforms in SASE and XDR – according to the cited Gartner survey – but also in identity security. Analysts are pushing customers towards identity fabrics and unified identity for this exact reason: it reduces complexity and brings together disparate tools in a pre-validated, pre-integrated manner. It’s no surprise that every identity vendor is touting their “unified suite,” regardless of its state, the actual benefits it offers customers or whether it truly has the potential to unify the customer’s entire internal identity landscape.