Security tool investments: Complexity vs. practicality
Introduction
As cyber threats rise, there has been a rush of security vendors offering tools to prevent data breaches. Today, security professionals can invest in a variety of technologies and solutions to strengthen their company’s defenses. Need to log personnel accessing sensitive documents? You could invest in a tool to help with that. Want to add a layer of defense between BYOD devices and corporate networks? There’s a tool for that too.
It turns out that security-focused organizations invest in various security tools to identify threats and improve their defensive capabilities. The question now is: what’s the practicality of these investments in helping companies take a proactive approach to cybersecurity?
FREE role-guided training plans
Too many tools increases complexity
Although it sounds counterintuitive, having too many cybersecurity tools could work against your interests.
According to IBM’s 2020 Cyber Resilient Organization Report, organizations that use more than 50 security tools are 8 percent less likely to mitigate threats and 7 percent less defensive than other organizations using fewer programs.
While organizations are gradually improving in security response planning, their efforts are hindered by the inconsistent integration of tools coupled with less-informed employees. Tool sprawl could bring both teams and employees complications while reducing visibility across IT systems and endpoints.
The outcome is hardly surprising, as security tools can be complex and time-consuming to set up. Some may even take months to understand, test, configure, and roll-out. Even if you manage to get this part right, using so many tools would result in a large volume of notifications and messages. So much data could leave you overwhelmed and ignore what’s important. Did you know the infamous Target data breach resulted from the retailer’s security team getting hundreds of alerts each day and failing to act on a genuine warning?
When so many tools generate data collectively, organizations get limited opportunities to identify and prioritize high-value alerts. Plus, some tools don’t share analytics and context effectively to identify legitimate warnings. A security team might think that it’s just a regular alert, when in reality the data isn’t being fully analyzed, interpreted and shared.
They’re also impractical from an employee’s perspective
Tool sprawl doesn’t only impact security response planning. It’s also a challenge for personnel in their daily work environment. In many cases, employees are forced to stop and think about how to use each tool. Remembering different usernames and passwords is also cumbersome and increases security risks. And in organizations where employees don’t get proper training, security teams face the risk of delayed threat response time.
Inadequate training can even put the company at risk by reducing its incident response efficiency. Employees may choose the wrong toolset when a specific attack occurs, making the enterprise’s endpoints more vulnerable than before. The fact that multiple tools must be managed with varying features and in varying locations makes it easy for employees to skip steps or distort security planning.
But the impracticality isn’t just employees not being able to use the tools effectively. It’s also about each tool’s pricing, which includes the product price, the expense of a security operations center (SOC) and the cost of hiring someone to manage it and analyze the insights. Software upgrades, contract renewals, maintenance and other activities related to the care of different tool sets bring another layer of complexity for most enterprises. Costs rise. ROI falls. That’s why less is more sometimes.
How to make cybersecurity investments look more practical
Has your organization overinvested in security tools? If yes, then you’d be glad to know that there are several ways to reduce complexity and simplify their use. Below are the steps you can take.
-
Eliminate redundant tools
Evaluate which tools are valuable to your organization and create a consolidation or removal strategy for the ones that are no longer effective. Prioritize tools that allow for knowledge sharing and provide sufficient information for incident response planning. For example, a system vulnerability planner that offers sufficient detail on the vulnerability and context on why it’s important to act on it should be prioritized over tools that don’t offer additional context.
You can create a formal policy of the factors to consider before adding new tools to your company’s tech stack. Companies that don’t have enough time to optimize their tools portfolio can work with a security tools rationalization company to make informed decisions about software removal or changes.
-
Consolidate where possible
Using different solutions, each with its own interface, complicates security management and administration. Various tools also increase the number of alerts you get each day. Fortunately, you can consolidate multiple tools to minimize the functional gaps between them.
Organizations can combine the key elements of different solutions into unified platforms to be used for incident response. The emergence of SASE (Secure Access Service Edge) and other frameworks allows organizations to unify security and networking solutions in a cloud-delivered architecture for greater protection and easier management. This new approach is helping companies to look at security threats holistically and tactically.
-
Invest in security training
Your training should include simulation that enables personnel to see the value of new tools. A perimeter defense strategy only works to a certain extent. Advanced threats such as breaches leveraging social engineering schemes and fireless malware require security teams to pair training with security technologies for an effective response.
Training can also help an organization get the most out of its security tools. Typically, tools are mapped to certain use cases and are never maneuvered beyond that point. But IT can analyze new updates and upcoming features to understand the full capability of tools and help the business incorporate them into security training programs.
Conclusion
A security plan based on a boatload of security tools can be a recipe for disaster. Fortunately, organizations can avert a sprawl crisis by using fit for purpose tools, consolidating where possible and investing in employee training. Together, these measures can help companies achieve greater spending control while reducing their exposure to cyber threats.
Sources
IBM Study: Security Response Planning on the Rise, But Containing Attacks Remains an Issue, IBM
Why Complexity Issues Persist in SIEM and Cybersecurity, Solutions Review
In this Series
- Security tool investments: Complexity vs. practicality
- Free Valentine's Day cybersecurity cards: Keep your love secure!
- How to design effective cybersecurity policies
- What is attack surface management and how it makes the enterprise more secure
- Is a cybersecurity boot camp worth it?
- The aftermath: An analysis of recent security breaches
- Understanding cybersecurity breaches: Types, common causes and potential risks
- Breaking the Silo: Integrating Email Security with XDR
- What is Security Service Edge (SSE)?
- Cybersecurity in Biden’s era
- Password security: Using Active Directory password policy
- Inside a DDoS attack against a bank: What happened and how it was stopped
- Inside Capital One’s game-changing breach: What happened and key lessons
- A DevSecOps process for ransomware prevention
- What is Digital Risk Protection (DRP)?
- How to choose and harden your VPN: Best practices from NSA & CISA
- Will immersive technology evolve or solve cybercrime?
- Twitch and YouTube abuse: How to stop online harassment
- Can your personality indicate how you’ll react to a cyberthreat?
- The 5 biggest cryptocurrency heists of all time
- Pay GDPR? No thanks, we’d rather pay cybercriminals
- Customer data protection: A comprehensive cybersecurity guide for companies
- Online certification opportunities: 4 vendors who offer online certification exams [updated 2021]
- FLoC delayed: what does this mean for security and privacy?
- Stolen company credentials used within hours, study says
- Don’t use CAPTCHA? Here are 9 CAPTCHA alternatives
- 10 ways to build a cybersecurity team that sticks
- Verizon DBIR 2021 summary: 7 things you should know
- 2021 cybersecurity executive order: Everything you need to know
- Kali Linux: Top 5 tools for stress testing
- Android security: 7 tips and tricks to secure you and your workforce [updated 2021]
- Mobile emulator farms: What are they and how they work
- 3 tracking technologies and their impact on privacy
- In-game currency & money laundering schemes: Fortnite, World of Warcraft & more
- Quantitative risk analysis [updated 2021]
- Understanding DNS sinkholes - A weapon against malware [updated 2021]
- Python for network penetration testing: An overview
- Python for exploit development: Common vulnerabilities and exploits
- Python for exploit development: All about buffer overflows
- Python language basics: understanding exception handling
- Python for pentesting: Programming, exploits and attacks
- Increasing security by hardening the CI/CD build infrastructure
- Pros and cons of public vs internal container image repositories
- CI/CD container security considerations
- Vulnerability scanning inside and outside the container
- How Docker primitives secure container environments
- Top 4 Zapier security risks
- Common container misconfigurations and how to prevent them
- Building container images using Dockerfile best practices
- Securing containers using Docker isolation
- Introduction to container security
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, ISC2, Cisco, Microsoft and more!
General security
Free Valentine's Day cybersecurity cards: Keep your love secure!
General security
General security