How to Combat Cybersecurity Tool Sprawl: 4 Steps to Bolster Your Security Posture

 In Cybersecurity

Cybersecurity continues to be plagued by point-tool problems. Today, enterprises deploy an average of 45 security-related tools on their networks and nearly 30% of businesses use more than 50, according to the Ponemon Institute’s 2020 Cyber Resilient Organization Study.

Before you think, “This isn’t relevant to me, this is someone else’s problem,” consider the alphabet soup that is information security – identity and access management (IAM), multi-factor authentication (MFA), single sign-on (SSO), privileged access management (PAM), public key infrastructure (PKI), and so many more. And we haven’t even touched on awareness, training, mail, patch, network, endpoint, and vulnerability security.

As new threats emerge, organizations try to keep up by purchasing the latest and greatest technology. But this approach can be counterproductive as new terminologies, automation challenges, patches, and other product nuances move the focus from protecting the enterprise to managing tools.

Use of disconnected solutions generates too many messages and logs, strains understaffed security teams, and makes security operations complex and time-consuming. This hinders your ability to detect and defend against attacks.

Per the same Ponemon study, businesses that deployed over 50 tools are 8% less capable of detecting threats and 7% worse in their defensive abilities compared to organizations that use fewer tools.

To strengthen threat detection and accelerate compliance efforts, tool sprawl needs to be kept under control. Here are four steps to optimize your security tools and combat technology sprawl.

  1. Identify what tools you have

Begin with a thorough inventory. Evaluate the capabilities and scope of coverage for solutions you already own.

Performing a comprehensive inventory will allow you to identify and remove redundant or underutilized tools, hereby eliminating unnecessary complexity that costs both time and money.

  1. Evaluate your exposures and effectiveness

You can claim your MFA tool, firewall, or anti-virus tool are all effective, but can you be 100% certain? No.

Evaluate your exposures and effectiveness by regularly conducting gap and vulnerability assessments as well as penetration testing.

This enables you to benchmark your security posture with frameworks such as ISO, NIST Cybersecurity Framework, or the Center for Internet Security (CIS) controls; and ensures your tools are deployed and configured properly. Pen testing uncovers weaknesses and misconfigurations that could result in compromise, allowing you to target security dollars to solutions that have the most impact on your business.

  1. Integrate and consolidate solutions

Answer this: Do you have redundant technologies?

For example, maybe you purchased a privileged account management (PAM) tool because you liked how it secured servers, but then you bought another PAM tool because you liked how it protected against third-party vendor risk. Now you have two products that overlap in 80%-90% of their features, and you’re paying for all the licenses and operational costs.

Managing multivendor environments is challenging and adds complexity. When point solutions don’t work well together, it results in operational hardship. Reducing manual processes is essential.

You don’t want to dismiss diversification, but it’s worth pointing out that vendor consolidation can increase operational effectiveness while reducing spend and complexity. Tools from a single vendor are easier to manage and can form an ecosystem that leaves fewer gaps, allowing you to secure more with less.

The easier it is for tools to share data, the more successful you’ll be in automating workflows and freeing up security analysts for critical tasks.

  1. Target your spending

When it comes to acquiring new technologies, don’t jump the gun.

Establish criteria for introducing new tools. Consider the following:

  • Ensure current technologies are operating at 80% effectiveness if possible. Ask yourself: Are we scanning 60% of our machines when doing a vulnerability scan? How do we move that figure up without additional technology investment?
  • A risk assessment and business case can ensure the security investment makes business sense. Make sure that the budget you spend on new technology is designed to address measurable risk reduction.
  • Understand the total cost of the security tool investment. Does this require 25% of a full-time engineer to manage? How much operational cost is involved?

Review technology refresh cycles to optimize and leverage new product features and ensure your overall security program remains current. Continue to focus on opportunities for orchestration and automation to reduce manual intervention when appropriate and possible.

As you consider new security tools, do your due diligence, be judicious, and target your spending. All of these will help you save money and get the most bang for your buck.

Tool sprawl is an issue in security – but it’s preventable

Tool sprawl is common. Oftentimes, a product is acquired for a particular use case, then another use case and another, resulting in an assortment of tools with overlapping capabilities and features.

Continuously adding more security tools doesn’t increase your ability to detect and defend against attacks; it can put you at more risk. Which makes it even more crucial to get this under control.

By identifying the tools you have, evaluating your exposures and effectiveness, integrating and consolidating solutions, and targeting your spend, you can combat technology sprawl and optimize your security tools, reducing exposure and risk.

Stratascale has several solutions and service offerings available that can help reduce your cybersecurity tool sprawl. If you would like to learn more, contact us today.