Header image

Too many solutions can make your firm less secure

Perhaps you think the more security you have, the safer you'll be. But piling up on cyber solutions can actually create more risk

Security teams now use an average of 20 tools, according to recent research by BlackFog, which also found that half of the CISOs it surveyed have been prevented from implementing new solutions as a result of integration challenges.

"This is the result of always reacting to the latest 'threat du jour' over many years," says Andy Norton, European cyber risk officer at Armis. "The build-up of alerts, consoles, tuning, verdicts and events is stifling the ability of a cyber defence to be fit for purpose."

Part of the issue is a failure by some organisations to properly assess whether they really need the new solution, and whether it truly matches their threat profile.

"There is always a new vendor and technology that promises to solve the next security trend, be a 'single pane of glass', 'next-generation' solution, etc," says Avishai Avivi, CISO at SafeBreach. 

He adds that, "Most organisations fail to fully leverage the solutions they already have in place or even consider extending the feature set of their current portfolio."

Too much complexity
The end result is a complex collection of solutions that, at best, is difficult to employ efficiently.

"The workload becomes unnecessarily complex, challenging and time-consuming and a constant source of stress," says Nils Krumrey, a cyber security expert at Logpoint. "It isn't easy to measure the tools' efficacy and have confidence in their actual coverage. Getting the expected value from them is a challenging task that requires talented cyber security professionals."

This overly complex situation may also disguise the fact that some of the solutions may be past their prime, leading to technical debt.

"It results in a disjointed IT architecture that prevents an organisation from taking full advantage of advanced data analytics and insight that help them make faster, better decisions," says Norton, "meanwhile putting the company at risk due to the fact these legacy or misconfigured systems expand their attack surface."

Skills in short supply
Integrating multiple security solutions takes skill – precisely the kind of skills that are currently in short supply.

"Without expertise in the matter, it can be easy to confuse quantity with quality," says Matt Aldridge, principal solutions consultant at OpenText Cybersecurity. "If businesses do not invest money and employ cyber experts, they run the risk of exposing themselves to vulnerability while wasting money on poorly planned defences."

One answer to this problem is to turn to managed services partners or vendors that can provide the right support.

"Selecting well established vendors who have broad, well thought-out portfolios of solutions can help ensure that risks are being thoroughly mitigated while minimising the integration costs and risks across large numbers of different vendor solutions," says Aldridge.

Time to consolidate
Another obvious solution to this problem is to rationalise the solutions you use – consolidating to a smaller number of vendors and solutions.

"We see a shift with many CISOs beginning to realise that acquiring point solutions will not solve their problems," says Krumrey. In fact, 75% of CISOs are now pursuing a vendor consolidation strategy to improve the overall risk posture, gain efficiency of scale and eliminate the need to integrate separate tools."

Just don't take this consolidation too far.

"There is no vendor out there who is great at a wide range of security capabilities so you will have to carefully decide where to make concessions,” says Mark Guntrip, senior director of cybersecurity strategy at Menlo Security. 

It may be time to take a good look at your overall solution strategy.

"We are seeing a general trend towards proactive security and adoption of best practice led by board oversight – notably, a huge cultural shift towards cyber security frameworks, with a 'get the basics right' approach," says Norton. "Then, they can layer other measures which are considered appropriate and proportionate to their risk on top of solid basics as maturity increases."

TEXT BY: STEVE MANSFIELD-DEVINE

Upcoming Events

11
Jul

Beyond Cloud Security Posture Management:

Validating Cloud Effectiveness with Attack Simulation

image image image image