One More Tool Will Do It? Reflecting on the CrowdStrike Fallout

The profusion of cybersecurity technologies has produced an appearance of security. Organizations frequently feel that by adopting a firewall, antivirus software, intrusion detection systems, identity threat detection and response, and other technologies, they are fully secured. However, this method not only fails to solve the underlying problem of the attack surface but also adds serious third-party risk to the mix.

The world of cybersecurity is in a perpetual state of development, with hackers growing more clever in their approaches. In response, corporations are spending substantially in cybersecurity measures, seeking to construct an impenetrable fortress around their digital assets. However, the assumption that adding "just one more cybersecurity tool" would suddenly solve your attack surface and boost your safety is a hazardous mistake.

The limits of cybersecurity tools#

Cybersecurity technologies, although vital, have inherent limits. They are intended to handle particular threats and vulnerabilities, and they generally depend on signature-based detection, which can be readily overcome by zero-day attacks. Moreover, systems may create a torrent of notifications, overloading security staff and making it harder to detect serious risks. According to this Gartner poll, 75 percent of firms are exploring vendor consolidation. The number one reason cited? Reducing complexity.

Furthermore, technologies generally work in isolation, generating silos of information that inhibit effective threat identification and response. Without a comprehensive perspective of the attack surface, organizations remain exposed to assaults that exploit weaknesses in their defenses.

When the net is not positive: The hidden consequences of adding another tool#

Ironically, each new cybersecurity tool you add to your armory might unwittingly widen your attack surface by adding third-party risk. Every vendor you connect with, from cloud service providers to software developers, represents a possible entry point for hackers. Their own security procedures, or lack thereof, might directly damage your organization's security position. A data breach at a third-party provider might expose your sensitive information. A weakness in their program might give a backdoor into your network. This intricate network of interrelated systems and interconnections makes it more tough to monitor and mitigate third-party risks efficiently. We saw this play out in the Sisense hack, when consumers trusting a third-party had their credentials taken — an event significant enough to elicit a CISA alert.

And let's recall the CIA-triad of cybersecurity: secrecy, integrity and availability. Losing availability is equally destructive to the organization, regardless of the fundamental cause: outages induced by security tools and outages arising from a DOS attack are equally bad. And we saw from the CrowdStrike outage that security products can and can inflict catastrophic harm. This damage is due to the preferential access these tools receive to your systems: in the case of CrowdStrike, it obtains kernel-level access to every endpoint to guarantee complete visibility. Incidentally, this same deep access made the Falcon platform outage so extremely destructive and made corrective actions costly.

This is true for practically all IT security solutions. Your technology meant to lessen the risk has the ability to take down the systems it's supposed to safeguard. Your firewall misconfiguration can take down your network, your email spam filter can take down your email communication, and your access control solution can lock out your frontline workers - the list goes on. And although these solutions substantially enhance the security posture of the business, clients should aim to strike a balance between introducing third-party risk from the software supply chain and reducing risk with every new tool.

Simplifying the mess with a common platform#

The hazard derives from the intricacy we stated earlier. This is now considered as the single largest barrier in cybersecurity, encouraging clients to shift to bigger, unified systems in SASE and XDR – according to the quoted Gartner poll – but also in identity security. Analysts are pushing consumers towards identity fabrics and unified identity for this very reason: it minimizes complexity and brings together diverse solutions in a pre-validated, pre-integrated way. It's no wonder that every identity vendor is pushing its "unified suite," regardless of its status, the real advantages it gives clients or if it genuinely has the capacity to integrate the customer's complete internal identity environment.