ISG's Jeff Orr on Moving Beyond Perimeter Defense to Dynamic Security

Jeff Orr, Director of Research & IT Technologies at ISG, brings over three decades of technology experience to his discussion with David about transforming enterprise security approaches. On this episode of The Future of Threat Intelligence, Jeff shares his explanation for why traditional security investments focused primarily on protection are leaving organizations vulnerable, with 98% experiencing significant incidents despite increased spending. 

‍

The conversation also explores the critical need to shift from perimeter defense to comprehensive security programs that include detection and recovery, while addressing the challenges of limited budgets and resources. Jeff offers practical insights about aligning security with business objectives, leveraging AI effectively, and building valuable industry peer networks to stay ahead of emerging threats. 

‍

Topics discussed:

‍

• The evolution from traditional perimeter defense approaches to comprehensive security programs that include detection and recovery capabilities.
• Research findings that show 98% of organizations experienced significant security incidents despite increased investment in protection.
• The importance of aligning security goals with business objectives rather than treating security as an isolated technical challenge.
• Leveraging AI and machine learning as assistive technologies to help address staffing gaps and alert fatigue in security operations.
• Balancing security investments across protection, detection, and recovery capabilities while operating under constrained budgets.
• The role of experience and human intuition in security operations, and how AI can complement but not replace seasoned practitioners.
• Building effective community networks within industries and geographic regions to share threat intelligence and security insights.
• The importance of breaking down silos between IT and security teams to leverage existing tools and observability capabilities.
• Developing risk-based approaches to security that align with business risk appetite and operational priorities.
• Creating effective tabletop exercises that include business stakeholders to better understand and prepare for security incidents.

‍

Key Takeaways: 

‍

• Diversify security investments beyond perimeter protection by allocating specific budget percentages to detection and recovery capabilities.
• Establish clear metrics linking security initiatives to business outcomes through collaboration with department leaders and stakeholders.
• Implement automated threat intelligence sharing within your industry vertical to leverage collective insights about emerging attack patterns.
• Deploy AI-powered security tools strategically to address alert fatigue while maintaining human oversight of critical security decisions.
• Create cross-functional teams between IT and security to leverage existing observability tools and network monitoring capabilities.
• Develop comprehensive incident response plans that include business continuity strategies beyond just technical recovery procedures.
• Institute regular brown bag sessions between security and IT teams to share knowledge about emerging threats and technical capabilities.
• Build regional security partnerships with peer organizations to share attack intelligence and mitigation strategies.
• Schedule quarterly tabletop exercises that involve business stakeholders in scenario planning for security incidents.

‍

“I point to some research that we've done in asking security teams and security leaders about their experiences, and when it comes to when breaches happen, then I'm, we're seeing that 98% say in the last year they've had a significant incident occur. 98% is pretty close to 100. I'd argue that those 2% who say they haven't had an incident in the last year probably did and didn't know about it, or we were not involved in the identification or the remediation of it. So if everybody's having these incidents, then what is the response that's being put together?”