Key to reducing cybersecurity risk: search-powered technology
Global survey shows cybersecurity was the top business priority for organizations that use tools that enable the search of data across multiple sources
It’s time to re-evaluate how we define the term “search.” Today, search has far broader applications than those of a standard search engine query. That’s especially true when it comes to cybersecurity.
In fact, in a recent survey of 832 data leaders, cybersecurity was named as the top business priority that organizations use search-powered technology for today. The survey, conducted by Forrester Consulting and commissioned by Elastic, defines search-powered technology as tools that enable the search of data across multiple sources, such as websites, applications, databases, and hybrid cloud environments.
Search capabilities can assist security analysts in detection and response processes such as:
- Facilitating real-time detection and protection from endpoints to data centers
- Enabling real-time visibility for security operations
- Reducing dwell time to minimize or avoid damage from attackers
Survey respondents had roles spanning information security, data/analytics architecture, platform technology, DevOps, and enterprise architecture. Here’s what they indicated about applications of search-powered technology to cybersecurity today and in the future.
[Virtual event: Learn how search-powered technology drives digital transformation]
How companies are using search to mitigate cybersecurity risks
Over half (53%) of the data leaders surveyed said they are currently using search-powered technology for cybersecurity.
The outcomes organizations expect from applying search to cybersecurity objectives vary. Forty four percent of survey respondents said that they expect search-powered technology to help mitigate data security issues and 40% said it helps create a stronger overall security posture.
Those numbers reflect the important role search can play during investigations. Analysts need the ability to quickly find real-time and historical information and the ability to share insights with others to advance the investigation. Defining search queries can help analysts more effectively identify and reduce cybersecurity risks associated with system integrations, outside adversaries, and insider threats. The ability to quickly return search results from queries on high volumes of data can also help analysts deploy patches for vulnerabilities and hunt for threats with speed.
Single-platform solutions reduce cost and increase speed
The large majority of data leaders reported a desire to integrate point solutions, including cybersecurity tools, into a single integrated search platform.
Getting the most out of investments is one reason why. Eighty-three percent of respondents said using a single integrated search platform for search-powered technologies helps them reduce costs for their business.
Another reason for the shift, particularly from the point of view of cybersecurity, may be speed. Integrating point solutions can help unify and optimize workflows. For instance, integrating endpoint detection and response (EDR) and security information and event management (SIEM) solutions into a single platform can help block complex attacks, such as ransomware, and shorten dwell time.
Data leaders want to empower cybersecurity teams
Security teams need visibility and they need speed — both of which are challenges in environments with massive amounts of disparate data.
Survey respondents told us that when organizations have challenges with finding, sharing, or visualizing data, it can result in data security issues or other risk exposures. That’s why 85% of data leaders say it’s their goal to improve the ability to find information across multiple clouds and data storage environments.
When it comes to enabling teams with the information they need when they need it to reduce cybersecurity risk, search-powered technologies can help.