January 10th, 2023
Managing cybersecurity in a recession
The consensus view is that the economy will fall into a recession in 2023. If the analysts’ predictions come to pass, cybersecurity companies will face a number of serious challenges.
In this post, we’ll talk about the problems of managing cybersecurity during a recession—and explain how the LimaCharlie platform can be used to help cybersecurity firms and their clients weather the storm.
Why recessions matter for cybersecurity
If the economy enters a recession in 2023, cybersecurity companies will quickly find themselves operating in a changed market—and those changes will have implications for both security and business:
Security incidents are unlikely to decrease in an economic downturn.
The threat actor economy shows no sign of slowing, with cyber attacks on the rise even as legitimate businesses slash budgets and cut jobs. This is one reason why cybersecurity is frequently touted as a recession-proof industry. If the economy does go into a recession in the coming year, cybercriminals may be the one group that continues to expand.
Clients will have less money to spend.
Perhaps somewhat obvious, but companies going through hard economic times will have less money to spend overall. It’s true, as CrowdStrike CEO George Kurtz noted recently, that cybersecurity is no longer “a discretionary line item,” but that doesn’t mean security budgets are unlimited. Cybersecurity companies will be working with clients that have fewer resources to devote to security.
Security professionals will be forced to make hard decisions.
Less spending means security teams and business decision makers at cybersecurity companies will have to make some difficult choices. It will be necessary to find creative ways to balance what clients are able to pay with what’s actually best for their cybersecurity posture. On the business side, cybersecurity companies will feel a push from clients to compete on price with other vendors—a commoditization of security services that’s not good for security or for business.
Cybersecurity companies will need to protect their own.
Cybersecurity may be more recession resilient than other industries, but no industry is entirely recession proof, and security firms will feel the pinch if the economy is flagging. The good news for cybersecurity companies is that they will most likely have a wider range of options than other businesses, and may be able to avoid job cuts. But security businesses will still have to find ways to reduce spending internally in order to prevent a worst-case scenario of layoffs.
The competitive landscape will be challenging—but full of opportunities.
As mentioned above, a recession means that security companies will feel an increased pressure to compete on cost. But while this is a challenge with existing clients, it can also be an excellent opportunity for smaller, more agile companies to win business from legacy cybersecurity vendors.
How LimaCharlie can help
We believe that cybersecurity firms can succeed—and even thrive—in a recession. Our own platform contains a number of features and capabilities that will be very useful to security professionals operating in an economic downturn. Here are some ways that LimaCharlie can help security companies navigate the challenges ahead:
A way to reduce spending on expensive tools.
SIEMs are essential—but notoriously expensive. That’s a concern at any time, but even more so in a recession.
The challenge for security teams trying to control SIEM spending is that it’s difficult to know what data to send to your SIEM, and what data to filter out. If you use a SIEM as a data lake and just send everything, costs spiral out of control very quickly. But if you begin filtering out data in order to bring some sanity to your spending, you risk losing information that you may need in the future.
LimaCharlie offers fine-grained control over where endpoint telemetry data goes—and also gives you free, lossless retention of all telemetry data for one year. This combination means that LimaCharlie can be configured to work as an intermediate layer between endpoints and SIEMs, sending only the most important data to the higher-cost solution. If it turns out that you need to access some telemetry data that you didn’t send to the SIEM later on, you can do that, because LimaCharlie has retained all of the unsent data in a fully searchable format.
For a more in-depth look at how this works in practice, see Reduce spending on Splunk and other high-cost security data solutions through LimaCharlie.
"The ability to store telemetry for one year without incurring massive costs is hugely beneficial.” Glenn Starkman, CEO - Soteria Security Solutions
Competitive SLAs for DFIR services.
It’s helpful to be able to offer attractive service-level agreements for incident response work. But that comes at a cost, because in order to guarantee a rapid response, a cybersecurity firm needs to have a presence on every endpoint in a customer’s fleet.
LimaCharlie’s usage-based billing option solves this problem for incident responders, since they can forward deploy dormant EDR sensors at near-zero cost. This type of “sleeper deployment” is a good way for DFIR teams to offer extremely competitive SLAs at a fraction of the price of other providers.
For more information about this use case for LimaCharlie, see: How does sleeper deployment work with LimaCharlie?
When trying to win new customers in a recession, cybersecurity vendors will be dealing with buyers who are far more budget conscious than usual, and who are especially wary about the possibility of sudden price increases or unforeseen costs. The best way to reassure a prospective customer is to offer them predictable, transparent pricing.
If you’re using LimaCharlie as your EDR, you can do this quite easily. Our own pricing model is designed to be as transparent and predictable as possible. There are no contracts, no fixed minimums, no capacity planning, and no price modeling. Everything is pay-as-you-go and usage-based—which is why we often say that LimaCharlie is like AWS for cybersecurity.
With LimaCharlie, you always have full control of your security tooling and infrastructure; the ability to scale up or down at will; and a clear picture of what you’ll spend no matter what changes you make. You can pass on the benefits of this flexibility, transparency, and predictability to your own customers. To get a feel for how easy it is to predict pricing with LimaCharlie, try out our pricing calculator.
Automation for greater productivity.
This is related to something we talk about quite often (and is somewhat self-explanatory, so we won’t go into great detail here). But it’s worth mentioning that one of the main benefits of an engineering-centric platform like LimaCharlie is that it’s designed to automate security workflows.
We typically discuss security automation in the context of DevSecOps best practices, or creating scalable security solutions, but one of the other major advantages of automation is that it’s simply very efficient. This, of course, offers some important benefits in terms of productivity and cost savings.
In the coming year, companies in every industry—cybersecurity included—will be more competitive if they use resources intelligently, eliminate repetitive tasks, and allow their employees to focus on creating value for customers.
“We can automate a significant portion of the tasks needed to operate the platform on a day-to-day basis, in a way that is scalable, repeatable, and self-documenting, using LimaCharlie’s APIs to do the heavy lifting.” Paul Ihme, Cofounder and Managing Principal - Soteria Security Solutions
Solve niche problems with low investment.
In a recession, customer retention is critical. Businesses of all kinds are under pressure to address customer pain points and fulfill requests quickly and effectively.
But for security teams, this can be a challenge, because solving a narrow problem often requires additional tooling or infrastructure. Understandably, security providers are reluctant to make big changes or commit to new vendors in order to do this.
LimaCharlie helps security teams by giving them the building blocks of cybersecurity, on-demand and with full transparency: an approach we call security infrastructure as a service. With a catalog of 100+ cybersecurity capabilities, this means that LimaCharlie can be used to solve problems for customers without having to make a major commitment, and without paying for bundled capabilities that aren’t needed. It’s a way to say yes to customers more often—but in a responsible, measured fashion.
If you want to discuss your needs in more detail, or talk about a use case that wasn’t covered in this post, we’re always available to chat on our community Slack channel or during our regular weekly office hours.