General security

Security tool investments: Complexity vs. practicality

December 22, 2020 by Dan Virgillito

Introduction

As cyber threats rise, there has been a rush of security vendors offering tools to prevent data breaches. Today, security professionals can invest in a variety of technologies and solutions to strengthen their company’s defenses. Need to log personnel accessing sensitive documents? You could invest in a tool to help with that. Want to add a layer of defense between BYOD devices and corporate networks? There’s a tool for that too. 

It turns out that security-focused organizations invest in various security tools to identify threats and improve their defensive capabilities. The question now is: what’s the practicality of these investments in helping companies take a proactive approach to cybersecurity?

Too many tools increases complexity

Although it sounds counterintuitive, having too many cybersecurity tools could work against your interests. 

According to IBM’s 2020 Cyber Resilient Organization Report, organizations that use more than 50 security tools are 8 percent less likely to mitigate threats and 7 percent less defensive than other organizations using fewer programs. 

While organizations are gradually improving in security response planning, their efforts are hindered by the inconsistent integration of tools coupled with less-informed employees. Tool sprawl could bring both teams and employees complications while reducing visibility across IT systems and endpoints. 

The outcome is hardly surprising, as security tools can be complex and time-consuming to set up. Some may even take months to understand, test, configure, and roll-out. Even if you manage to get this part right, using so many tools would result in a large volume of notifications and messages. So much data could leave you overwhelmed and ignore what’s important. Did you know the infamous Target data breach resulted from the retailer’s security team getting hundreds of alerts each day and failing to act on a genuine warning?

When so many tools generate data collectively, organizations get limited opportunities to identify and prioritize high-value alerts. Plus, some tools don’t share analytics and context effectively to identify legitimate warnings. A security team might think that it’s just a regular alert, when in reality the data isn’t being fully analyzed, interpreted and shared. 

They’re also impractical from an employee’s perspective

Tool sprawl doesn’t only impact security response planning. It’s also a challenge for personnel in their daily work environment. In many cases, employees are forced to stop and think about how to use each tool. Remembering different usernames and passwords is also cumbersome and increases security risks. And in organizations where employees don’t get proper training, security teams face the risk of delayed threat response time. 

Inadequate training can even put the company at risk by reducing its incident response efficiency. Employees may choose the wrong toolset when a specific attack occurs, making the enterprise’s endpoints more vulnerable than before. The fact that multiple tools must be managed with varying features and in varying locations makes it easy for employees to skip steps or distort security planning.

But the impracticality isn’t just employees not being able to use the tools effectively. It’s also about each tool’s pricing, which includes the product price, the expense of a security operations center (SOC) and the cost of hiring someone to manage it and analyze the insights. Software upgrades, contract renewals, maintenance and other activities related to the care of different tool sets bring another layer of complexity for most enterprises. Costs rise. ROI falls. That’s why less is more sometimes. 

How to make cybersecurity investments look more practical

Has your organization overinvested in security tools? If yes, then you’d be glad to know that there are several ways to reduce complexity and simplify their use. Below are the steps you can take. 

  • Eliminate redundant tools

Evaluate which tools are valuable to your organization and create a consolidation or removal strategy for the ones that are no longer effective. Prioritize tools that allow for knowledge sharing and provide sufficient information for incident response planning. For example, a system vulnerability planner that offers sufficient detail on the vulnerability and context on why it’s important to act on it should be prioritized over tools that don’t offer additional context. 

You can create a formal policy of the factors to consider before adding new tools to your company’s tech stack. Companies that don’t have enough time to optimize their tools portfolio can work with a security tools rationalization company to make informed decisions about software removal or changes.

  • Consolidate where possible

Using different solutions, each with its own interface, complicates security management and administration. Various tools also increase the number of alerts you get each day. Fortunately, you can consolidate multiple tools to minimize the functional gaps between them. 

Organizations can combine the key elements of different solutions into unified platforms to be used for incident response. The emergence of SASE (Secure Access Service Edge) and other frameworks allows organizations to unify security and networking solutions in a cloud-delivered architecture for greater protection and easier management. This new approach is helping companies to look at security threats holistically and tactically.

  • Invest in security training

Your training should include simulation that enables personnel to see the value of new tools. A perimeter defense strategy only works to a certain extent. Advanced threats such as breaches leveraging social engineering schemes and fireless malware require security teams to pair training with security technologies for an effective response.

Training can also help an organization get the most out of its security tools. Typically, tools are mapped to certain use cases and are never maneuvered beyond that point. But IT can analyze new updates and upcoming features to understand the full capability of tools and help the business incorporate them into security training programs. 

Conclusion

A security plan based on a boatload of security tools can be a recipe for disaster. Fortunately, organizations can avert a sprawl crisis by using fit for purpose tools, consolidating where possible and investing in employee training. Together, these measures can help companies achieve greater spending control while reducing their exposure to cyber threats. 

 

Sources

IBM Study: Security Response Planning on the Rise, But Containing Attacks Remains an Issue, IBM

Why Complexity Issues Persist in SIEM and Cybersecurity, Solutions Review

Posted: December 22, 2020
Articles Author
Dan Virgillito
View Profile

Dan Virgillito is a blogger and content strategist with experience in cyber security, social media and tech news. Visit his website or say hi on Twitter.


Notice: Undefined index: visitor_id12882 in /www/resourcesinfosecinstitute_601/public/wp-content/plugins/infosec-user-info/infosec-user-info.php on line 117