Blog

Cyber CEO: Tackling the Cybersecurity Tool Sprawl Challenge

Written by Admin | Nov 17, 2022 6:00:00 AM

 

It’s that time of year again – budgeting season is here ! As you finish planning your cybersecurity budget and making the case to your board for more spend, it’s more important than ever to have a clear vision of how to allocate those funds for optimal outcomes.

Whether your desired outcome is security, resilience, trust, or the ability to manage you risk portfolio, it takes the right mix of people, processes, and technologies to build a robust security program. But too often, we get so caught up in all the cool new tools and platforms that we fail to think critically about the business impact of those investments.

We’ve gone through this phase where we keep turning to security tools to solve our all of our problems, thinking they are the magic bullet to a secure enterprise. What we are finding, however, is that more tools do not necessarily equal more security.

How tool sprawl is impacting enterprise security teams

Consider this number: The average enterprise uses 87 security products within their security operations. When I started my career in cybersecurity, the average tech stack was comprised of roughly 12 cybersecurity products. Can you imagine that today ? !

This tool sprawl is in many cases doing more harm than good. In fact, an IBM study found that excessive reliance on tools can actually reduce an enterprise’s ability to handle attacks. In the study, enterprises using more than 50 tools ranked themselves 8% lower in their ability to detect an attack and around 7% lower when it comes to responding to an attack.

Hear more in my recent conversation with DocuSign.

With more tools than ever before, security teams are so overwhelmed by security alerts that they’re struggling to keep up. According to Forrester, 40% of development teams are so overwhelmed by security alerts that they can’t respond to 25% of them.

Without the proper infrastructure in place, security teams can’t proceed strategically. Addressing this issue requires the right skills to analyze the barrage of incoming threat data. Security teams must first build a program that can interpret and assess individual organization security requirements, leveraging security insights to prioritize their efforts and focus on direct impacts.

Evaluate your current tech stack first

Before you look to invest in a new technology, evaluate the health of your current security systems. Are your tools properly configured, deployed, and up to date? Are they achieving the desired outcome? Is there a tool that is missing the mark and could be replaced with a different technology?

Also consider whether your current tools complement one another. Remember – security operations is a deeply interwoven system.  Even if you have a best-in-class tool, it’s not going to create the desired outcome if it doesn’t integrate well with the other tools in your tech stack.

Related resource: Download our Splunk SIEM assessment to evaluate your current performance.

Get the right people and processes in place

Your tools are only as effective as the people and processes behind them. If you don’t have the talent on staff to properly configure, deploy, and manage the technology, then you’re not going to get the full value of your investment. And if your tech stack is so extensive that your staff can’t keep up with the number of alerts, then your team may even become susceptible to burnout.

One of the best ways to prevent or manage tool sprawl in your security program is to layer in managed security services as an extension of your in-house security team. These services can help manage your existing technologies for full efficiency and performance, while also freeing up your staff to focus on more strategic initiatives.

To Your Success,

I’ve been in infosec for over 30 years and have had the great privilege of evolving and learning as a cybersecurity executive in a space I love. This blog has been set up to help me share the insights I’ve gained and experiences I’ve had with all of you. Every month I will post some advice and recommendations for my fellow Cyber CEOs – from current events to forecasted trends, and enterprise security best practices.

Let’s collaborate and communicate as we strive to keep our organizations (cyber) safe.

Take the first step in transforming your cybersecurity program

Enterprise security teams are adapting to meet evolving business needs. With six global Security Operations Centers, emerging technology partners and a dedicated team of security specialists, Cyderes is well-positioned to be your organization’s trusted advisor in cybersecurity. We’ll help you understand your risk exposure, increase your visibility and ROI, and proactively hunt for the latest threats.