Cyber security response speed is ‘fundamentally broken’

Cyber security teams are drowning in tools, and that complexity is contributing to breaches. This is according to Thiery Karsenti, VP EMEA technical solutions at Palo Alto Networks, speaking at Ignite on Tour Johannesburg last week.

While the threat landscape continues to expand – fuelled by AI adoption, growing data volumes and increasingly sophisticated attacks – Karsenti argued that many security failures stem from internal fragmentation rather than attacker ingenuity alone.

“Complexity is the number one enemy in cyber security,” he said.

According to Karsenti, over the past two decades, organisations have responded to new attack vectors by adding specialised point solutions. The result, he noted, is a patchwork of firewalls, secure web gateways, cloud tools, identity systems and security operations platforms from multiple vendors.

He said security teams now spend much of their time integrating and maintaining these fragmented environments, rather than focusing on risk reduction. As tools are updated and new business requirements emerge, particularly around AI, inconsistency in policy enforcement and visibility increases.

See also

AI adoption is amplifying the challenge. According to Karsenti, security leaders must now manage risks across employee use of generative AI tools, enterprise AI applications, data exposure and the integrity of AI models.

He warned that AI security requirements do not sit neatly in one domain. They cut across network, cloud, identity and operations environments, making siloed controls harder to manage effectively.

At the same time, attackers are moving faster. While many organisations still measure remediation timelines in days or weeks, he said some attacks unfold in hours.

Karsenti also flagged quantum computing as a looming risk to existing encryption standards. Industry consensus, he said, suggests quantum systems capable of breaking widely used cryptography could emerge before the end of the decade.

He pointed to “harvest now, decrypt later” tactics, where attackers collect encrypted data today with the expectation that it can be decrypted in future. That risk, he argued, makes cryptographic visibility and migration planning an immediate issue rather than a theoretical one.

The shift to hybrid work and cloud adoption has further eroded traditional network perimeters. Users now connect from corporate offices, homes and unmanaged devices, accessing applications hosted across on-premises infrastructure, public cloud and SaaS platforms.

In this model, Karsenti said, security must follow the user and the data, rather than rely on fixed network boundaries.

He noted that browsers have become a primary workspace for many employees, particularly as generative AI tools are embedded into web applications. This shift introduces new visibility and control challenges for security teams.

Karsenti was critical of legacy security operations centre (SOC) approaches, describing them as alert-driven and heavily dependent on human intervention. The volume of data and alerts, he said, has outpaced the capacity of analysts.

He argued that modern SOCs need deeper automation and analytics capable of correlating raw data at scale and triggering faster response actions.

“Something is fundamentally broken,” he said, referring to the gap between attack speed and organisational response time.

Karsenti’s broader point was that security leaders should focus less on adding new tools and more on reducing operational complexity.

As AI, cloud adoption and evolving threats reshape enterprise environments, he said, simplification, consistent policy enforcement and automation will be central to improving resilience.

The challenge, he concluded, is not just keeping up with attackers, but managing the growing internal complexity that makes defence harder in the first place.