Enterprise Cybersecurity Today: A Vast Landscape To Secure

Uploaded on 2023-09-20 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

With organisations attempting to counter an ever-growing number of new threats, security costs that frequently don't grow at the same rate, and a lack of staff resources, managing cybersecurity has become increasingly challenging.

With around 40% of Brits working from home, and internet shopping becoming more popular in the UK than in any other nation, the cybersecurity risks connected with remote working, various networks, and increasing endpoints have expanded, leaving organisations with a vast landscape to keep secure. 

Knowing which cybersecurity services and solutions to choose in such a diverse market can be difficult. However, three important areas that deserve attention in this post-pandemic landscape are Endpoint Security, Managed detection and response (MDR) and holistic Web Application and API Protection (WAAP). Understanding these areas is foundational to any cybersecurity programme, and each has a role to play in keeping organisations protected.

Endpoint Security - A top priority for every organisation 

Endpoint security does what it says on the tin. Endpoint solutions focus on defending endpoints including mobile devices, laptops, Internet of Things (IoT) devices, point-of-sale (POS) systems, or simply any device that connects to a network. Any endpoint can be an attack entry point, and with over 29 billion IoT devices forecasted to be in operation by 2030 the scope for risk will double. This means that businesses of any size can find themselves vulnerable to a cyberattack.

It can be challenging to deploy endpoint protection effectively with a diverse mix of device types, operating systems, with many companies having the additional burden of supporting bring your own device (BYOD) policies. Nevertheless, endpoint protection platforms are always evolving to detect malicious activity and prevent file-based malware attacks, while allowing security engineers to investigate and respond to incidents, wherever necessary. As endpoints are a wide entry point into an organisation from which attackers often aim to move laterally, effective endpoint protection is essential for organisations of any size.

Combining human & technological expertise - Management detection & Response (MDR)

An element of cybersecurity that combines human and technological expertise, management detection and response (MDR) is a service that typically covers monitoring, response, and cyber threat hunting. MDR reduces the strain on internal staff and the alert fatigue they often face, instead allowing experts to monitor devices, applications and networks remotely to keep these systems secure, and respond quickly when under attack.

This combination of technology and services works in tandem with in-house IT and DevSecOps teams, providing mature capabilities in observation, detection, and response, ultimately lowering risk and allowing companies to focus more on their core business. Given a global shortage of around 3.4 million cybersecurity professionals, MDR is a great way for organisations to gain round-the-clock cybersecurity support they need, without the high CapEx for new staff (which are very hard to hire and retain).

SECaaS Soaring In Popularity

Much like MDR, security as a service (SECaaS) outsources cybersecurity to remote experts. However, this solution is a cloud-delivered model at its core and is hosted by cloud providers. Thanks to this, SECaaS has soared in popularity, offering lower costs than in-house investments and scaling to handle any cybersecurity demands. 

As SECaaS works on a subscription basis, businesses only need to pay for the services they need, when they need them. Outsourcing security frees up resources and gives internal IT teams the time and confidence to work on other projects. Hosted in the cloud, SECaaS also allows organisations to access the latest security tools, patches, and updates immediately, with no need for onsite deployment and extended downtime. SECaaS is a great option for organisations that want to completely outsource their cybersecurity and move to the cloud.

Holistic Web Application & API Protection (WAAP)

Web applications provide critical services and experience for customers and employees alike. Besides endpoint devices mentioned earlier, they also represent an expanded threat vector for attackers to exploit. In fact, for several years running, web applications have been the top vector across all data breaches according to Verizon’s Data Breach and Investigations (DBIR) report. For this reason, having a holistic web application and API protection (WAAP) solution with multiple layers of protection for an organisation’s networks and web infrastructure becomes critical.

WAAPs provide protection against a wide range of critical threats targeting high value websites and applications, including injection and remote code execution (RCE) attacks, malicious bots attempting account takeover (ATO), or ransomware DDoS attacks, just to name a few. An effective WAAP protects against these types of evolving threats and many more.  

When choosing a WAAP, it’s important to look for a few key elements.

  • First, look for integrated solutions that can be managed from a single pane of glass. Having configuration information, as well as analytics, all in one console reduces complexity that can lead to misconfigurations, while also making it easier for security teams investigating incidents. Parsing logs from separate solutions and consoles is difficult. In fact, a Gartner survey conducted in 2022 found that 75% of organisations plan to consolidate security tools, with a majority of respondents agreeing that less complexity leads to a stronger security posture (not to mention, cost savings as well!).
  • Second, make sure to consider WAAP solutions that scale with your business, and with attacks. It’s important to consider that point solutions, while often providing innovative best-of-breed features, generally run on smaller, more centralised networks. API integration makes these tools easy enough to set up, but they add latency - detection requires an additional hop to a cloud decision engine. 

Furthermore, the networks they run on are relatively small compared with edge/CDN-integrated security. This becomes important if you are targeted by a large-scale automated attack, such as DDoS.

  • Lastly, it's important to choose a WAAP solution with simple, predictable pricing. You never know when an attack will happen- you just know it will. Look for vendors that don’t charge you extra when you’re under attack. Reputable vendors take their customers’ security very seriously, but it feels pretty bad to get hit with an unexpected, large bill even after effectively mitigating a major attack. But there are options out there now, should you wish to lock in predictable pricing, aligned to your best interests. 

Prioritising Cybersecurity 

Every organisation should prioritise cybersecurity, however choosing a solution can occasionally feel overwhelming. Each service, from endpoint security and MDR to WAAP, offers a unique but crucial set of security assurances.

No matter which solutions you use, make sure to work with a dependable, trusted partner who can put your mind at ease. 

Richard Yew is Senior Director, Product Management - Security at Edgio                     Image: Mariia Shalabaieva

You Might Also Read: 

The Skills Gap Is Increasing Risk & Exposure To Attack:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Worst Places To Connect To Public Wi-Fi
Chinese Hackers Have Been Reading US Government Emails »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Maureen Data Systems (MDS)

Maureen Data Systems (MDS)

Our mission at Maureen Data Systems is to digitally transform business environments with the use of cloud infrastructure, security and privacy controls, data analytics, and managed services.

iTrinegy

iTrinegy

iTrinegy is a world leader in Application Risk Management offering solutions to mitigate all networked application deployment risks

Quality Professionals (Q-Pros)

Quality Professionals (Q-Pros)

QPros are a recognized leader in providing full-cycle software quality assurance and application testing services.

Calian Group

Calian Group

Calian is a diverse Canadian company offering professional services in areas including Advanced Technologies, Health, Learning and IT & Cyber Solutions.

SCIS Security

SCIS Security

SCIS Security provides affordable cyber security services and solutions to small to medium sized businesses and homes.

Gigacycle

Gigacycle

Gigacycle is one of the leading IT disposal and recycling providers in the UK. We specialise in IT asset disposal (ITAD) and data destruction.

Wayra

Wayra

Wayra connects Telefónica and technological disruptors around the world. As their preferred strategic partner, we scale them up to accelerate their business and ours.

MorganFranklin Consulting

MorganFranklin Consulting

MorganFranklin Consulting is a management advisory firm that works with businesses and government to address complex and transformational technology and business objectives including cybersecurity.

Security Risk Management (SRM)

Security Risk Management (SRM)

SRM provide a comprehensive security risk management service encompassing people, processes, technology, governance, compliance and risk management.

MindWise

MindWise

MindWise is a comprehensive global threat monitoring solution with implementations for fraud prevention and enterprise threat intelligence.

Sify Technologies

Sify Technologies

Sify is the largest ICT service provider, systems integrator, and all-in-one network solutions company on the Indian subcontinent.

Cybernatics

Cybernatics

Cybernatics is inspired by bringing together best-in-class innovations around Cybersecurity and Analytics. We offer tailored enterprise solutions to safeguard your organisations best interests.

Hexiosec

Hexiosec

Hexiosec (formerly Red Maple Technologies) is a technical consultancy and product company founded and run by engineers from the UK Intelligence and Defence communities.

Dexian

Dexian

Dexian is a leading provider of staffing, IT, and workforce solutions with nearly 12,000 employees and 70 locations worldwide.

AdviserCyber

AdviserCyber

AdviserCyber provide Cybersecurity and Compliance Solutions for Registered Investment Advisers.

Quantum Dice

Quantum Dice

Quantum Dice is an award-winning venture-backed spinout from Oxford University’s world-renowned quantum optics laboratory.