Why Defending Your Hybrid Enterprise Requires You to Break the “Spiral of More.”

April 2, 2024
Mark Wojtasiak
VP of Product Research and Strategy
Why Defending Your Hybrid Enterprise Requires You to Break the “Spiral of More.”

As the drive toward digitalization continues, hybrid enterprise SOC teams are finding that it poses high risks as well as high rewards.  

On the upside, digitalization enhances operational efficiency, margins and can even help grow market share. But it also means an expanded attack surface and greater threat risks, the foundation of what we call the “spiral of more.”

Still, enterprises must digitalize or disappear, so a quick breakdown of some key challenges is useful.    

A Rapidly Expanding Threat Surface

Digitalization adds layers to your enterprise architecture and processes, which creates a vastly more complex and rapidly expanding attack surface that’s harder to defend. It invites more attacks, signals and noise, so threats often remain unseen in a flood of alerts.  

That’s why securing your dynamic IT environment is magnitudes more difficult than it was even as recently as 2021.  

If it feels like you’re alone in this uphill battle, you’re not. In a recent survey, 63% of hybrid enterprise SOC teams say that their attack surface has expanded “significantly” in just the past two years.  

The Big Bang of Tool Proliferation

If a growing attack surface and proliferation of unseen threats weren’t enough to test your team’s capabilities, the explosion of new tools can certainly push your analysts beyond their bandwidth.

Sure, vendors promise that adding more tools to your arsenal is the answer. But tools are often siloed, so they don’t communicate with one another. Plus, they can require constant monitoring and overlap with each other in coverage, so you end up with more signal and alert volumes and less visibility than before.  

In short, rather than adding accuracy and efficiency to your job, adding tools can introduce new levels of complexity and frustration.  

Galaxies of New Blind Spots  

Every day, your team spends more time playing catch-up against thousands of new signals and alerts generated by new tools.  In fact, the average SOC team gets nearly 4,500 alerts daily, with an astonishing 67% of those alerts never being analyzed. There’s simply no time to do so. This constant flood of alerts combined with a lack of signal context means a huge rise in blind spots.  

But you and everybody else you know in the industry already know this. In the same survey, 71% of SOC analysts admit the organization they work in has likely been compromised, they just don’t know where or when.  

Talk about being blinded by science.  

An Astronomical Burnout Rate

Not surprisingly, SOC teams are experiencing an elevated level of worker burnout and staff shortages. Some estimates put the deficit at 3.4 million skilled workers globally. The high burnout rate is directly linked to the daily stress borne of poor signal efficacy and longer hours without successful outcomes. This creates a vicious cycle of overwork, higher stress, and resignation.

The related statistics are startling. About one-half of security workers are thinking of just “quiet quitting,” with about one-third citing either the constant stress, burnout, or the role’s impact on their mental health as the reasons for leaving the industry, 67% are considering leaving or are actively leaving.

The spiral of more is real.

Eclipsing the Issue with Cognitive Dissonance

The survey also noted that 97% of SOC analysts worry about missing a relevant security event because it’s buried under a flood of alerts. Nearly 40% said added noise from tools was also a problem.  

And yet, most SOC analysts surveyed, rated their tools “effective” overall, even though they admit that they deliver only about 75% visibility across their IT environment. (We’ll explore SOC analysts’ confidence crisis in our next post.)  

The Way Forward

Meanwhile, the short answer is that you’ve got to discard what’s not working and adopt what is. Or better yet, invest in solutions that fit into a broader hybrid strategy that are built to help teams address today’s challenges, not just create more work and noise. There are simply too many siloed tools sending disparate detection signals to SOC analysts. Hybrid attackers thrive in this complexity, making it easier for them to infiltrate, blend in, and progress inside an organization unseen.  

To start winning, SOC teams need to think and move at the speed and scale of hybrid attackers. Instead of thinking in terms of individual attack surfaces, they need to see it as a hybrid attacker, as one large attack surface.  

But without visibility across the entire IT infrastructure, from OT to endpoints and beyond, into cloud environments, your hybrid enterprise simply won’t be able to spot even the most common signs of an attack, such as lateral movement, privilege escalation or cloud account hijacking.

That’s why Vectra’s Attack Signal Intelligences provides unrivaled signal clarity, threat triage and automated, AI-driven threat response to SOC teams everywhere. Vectra helps you break the spiral of more by stopping the threats that matter most.  

See how the Vectra AI platform works or check out the full State of Threat Detection Report to learn more.  

FAQs