Adopt a Zero Trust mindset to secure network threats
SOC leaders must adopt a Zero Trust mindset to secure both external and internal network threats.
Transformation assumes security can adapt with demand
The dynamic nature of workloads, services, and collaboration connectivity, visibility, and automation to secure an ever-changing perimeter and threat landscape. There is an expectation that security technology can adapt as quickly as business needs require. However, the reality is tools and process often prohibit initiatives.
Traditional perimeter-based security approaches no longer effectively protect new, widely distributed, cloud-based environments. No one can be trusted by default, even those already inside the network perimeter. In an era where trust must be earned and not bestowed, Zero Trust is rapidly replacing the castle-and-moat model.
From data protection and identity access management to threat detection and response and application security, today’s security operations center (SOC) is engaged in a constant battle to balance security and access. Zero Trust requires strict verification of every individual and device seeking access to resources on private networks, regardless of whether they are sitting inside or outside the environment. While traditional information technology (IT) network security trusts anyone and anything inside the network as long as they can produce a password, a Zero Trust architecture trusts no one and nothing.
And that's just how SOCs should want it. Battle tested in the aftermath of breaches, nearly a third of security leaders recently surveyed by KPMG LLP (KPMG) indicated their SOC has difficulty determining the severity of cyber threats and vulnerabilities.1 The complexity of the IT environment, lack of integration across solutions, and a lack of expertise among SOC staff are factors contributing to this challenge.
Nearly half (49 percent) of survey respondents said that improving trust in their organization’s SOC is a top goal over the next two years. They want to increase digital trust through better privacy, proactive identification, and remediation of threats. Importantly, nearly 4 in 10 security leaders (38 percent) want to enable the business to innovate and create new products and services faster.
1KPMG Security Operations Center survey, “The time to transform is now,” 2024.
A platform-based approach
In our experience, the most effective way to achieve these goals is to assume a Zero Trust posture to mitigate risk while securing an ever-vulnerable landscape.
Many organizations today deploy 100 or more security applications when they only need 20 to 30 specific to their unique circumstances. Taking a best-of-breed approach to security products — and then trying to stitch them together — requires training across various product sets and increases costs and complexity. Worse, many of these applications cannot be integrated with each other or the system as a whole. In a business environment that thrives on maintaining connections, this lack of alignment is suboptimal, to say the least.
Relegating security architecture to fewer but more integrated platforms enables cyber teams to focus on reducing risk rather than managing technology. It can also streamline operations, reduces ongoing expenditures, and identifies redundancies for long-term operational savings.
Looking ahead, security leaders say that fewer services and solutions will be important, according to the SOC survey. This finding suggests a trend toward more prioritization and consolidation of solutions in the future. It also reflects the challenges experienced with complex security environments and the lack of integration that SOC leaders cite as top challenges. Adding to that complexity in the SOC, with numerous alerts coming from so many different tools, it becomes difficult for cyber teams to react to and handle all of these different signals across different systems instead of through a “single pane of glass.”
New security operations principles: 5 Zero Trust pillars
With Zero Trust accepted across the enterprise, SOCs will function according to the three key principles: assume breach, always verify, and least privilege. In practical terms, these principles cover five Zero Trust pillars:
1
2
3
4
5
Despite the rigidity of these principles, there is opportunity for balance. For example, in the short term after implementation, security teams may see an uptick in alerts. More incidents are being monitored, but they’re not likely turning into successful attacks. AI-based automation embedded in the new platforms can prioritize the threats that need immediate human attention.
This balancing act helps neutralize one of the top pain points for 30 percent of security leaders, who according to our survey report fatigue from assessing a massive volume of low-fidelity alerts and/or false positives versus legitimate threats that require immediate urgent attention.
Measuring the benefits
Organizations that assume a Zero Trust posture tend to see a number of benefits including:
- More predictable cyber spend
- Increased investment efficiency
- Improved coverage and visibility of cyber risks
- Reduction in overall cyber risk exposure
- Reduction of on-premises data centers and secure migration to the cloud
Dive into our thinking
SOC Leaders: Adopt a Zero Trust mindset to secure external—and internal—network threats
The dynamic nature of workloads, services, and collaboration require connectivity, visibility, and automation to secure an ever-changing perimeter and threat landscape. There is an expectation security technology can adapt as quickly as business needs require. However, the reality is tools and process often prohibit initiatives. Read the paper to learn the biggest SOC barriers to identifying and remediating threats and vulnerabilities and how a Zero Trust model can diminish risk and cost.
Download the reportHow KPMG can help
Despite the increasing sophistication of AI responses to new cyber threats, we’re still in early days. About half of security leaders say they have “major issues” with retention (47 percent) and maintaining up-to-date knowledge (46 percent), skills, and expertise (45 percent) to identify, analyze, and remediate emerging threats.
The issue is not about developing additional technical capability when dedicated teams are already at work. The larger issue is the lack of strategy and long-term vision for AI solutions. KPMG AI security professionals have deep experience in business processes and risk, coupled with extensive knowledge of AI application, data science, and cybersecurity.
We know that the transformative power of AI can only reach its full potential when paired with human expertise and ingenuity. That’s what makes AI the game-changer it has become.
Cyber Defense Services
Empowering organizations with proactive cyber defense strategies for resilience and growth in a rapidly evolving digital landscape.
Cyber Response Services
Expert cyber security response services for evolving threats. Detect, respond, and recover from breaches to protect your future.
Cyber Security Services
Protecting your business with advanced cyber security solutions to navigate evolving threats and risks.
Subscribe to Risk and Cyber Insights
The latest news and updates on how organizations can manage risk in today's environment.
Explore more
Insight
Envisioning a managed SOC that drives enterprise outcomes
Go from manual firefighting to machine scale
Insight
Why incident response plans don't fly
A blog on why relying solely on traditional incident response plans (playbooks) can be a recipe for disaster.
Insight
Fake content is becoming a real problem
Widespread availability of sophisticated computing technology and AI enables virtually anyone to create highly realistic fake content.
Insight
What your AI Threat Matrix Says about your Organization
Ready, Set, Threat
Subscribe to Cyber Security Services
Get the latest updates from KPMG Cyber Security
Meet our team
