Organisations continuously strive to better protect themselves from threats and a plethora of threat actors, all with different skillsets and motives. To combat these threats, companies adopt security tools, each designed to address specific security threats or organisational needs. However, this approach leads to a counterproductive situation, often described as “tool sprawl.”

This is something that our security teams regularly observe when engaging with clients: organisations try to ingest as much data as possible in the hope that it provides better security observability. Experience has taught us that this is not always the case, as explained in the 2020 Cyber Resilient Organisation Report by the Ponemon Institute and IBM.

Organisations average more than 45 different tools. Those using more than 50 ranked themselves 8% lower in their ability to detect an attack, and 7% lower in terms of responding to an attack.

Although a lot has changed since the cited report, this security paradox is still as prevalent. The overload of security tooling has shown us that having more tools does not necessarily equate to a better security posture in a real-world environment.

The challenges of the security paradox

The common themes that our experience has shown us with the security paradox is that it can cause several issues, these are explained below:

  • Interoperability issues: Having a plethora of security tools brings together a complex web of APIs and outputs that do not necessarily integrate well or scale with ease. As technologies evolve and native services become more available from CSPs, having a diverse third-party technology stack diminishes the observable benefits that the tools sought to initially provide.
  • Increased complexity: Disparate security tooling can add to the complexity of your environments. Similarly, having a varied technology stack requires the skillsets to manage the specific technologies, maintaining underlying code and their integrations.
  • Increased costs: Managing several tools with overlapping features is not only inefficient for incident and event management processes but drains monetary resources.
  • Reduced optimisation: Managing several tools can be exhausting, it can inhibit the ability to respond and implement change or transformation at speed.
  • Reduced observability: Excessive sets of data, alarms and tooling misconfigurations can overwhelm teams, swamping them with alerts that has a negative impact on their ability to identify, triage and respond to alerts in a timely manner.

The data dilemma – laying in the data shadows

Access to extensive data sets is invaluable for organisations seeking to conduct specific analytics and trend pattern analysis. This capability enables businesses to enhance their functions and processes, leading to increased efficiency and productivity, which directly impacts their profitability.

Unfortunately, it is not all smooth sailing, organisations face the challenge of managing vast amounts of data. While data is crucial for informed decision-making, too much data can obscure critical insights, making it difficult to “see the wood through the trees.”

Organisations must strike the right balance to ensure that they have all the information they require for observability, analytics, security and legal requirements.

Steps to streamline your security tools

  • Re-evaluate and assess your suite of security tools on a defined cadence, identify their specific features, benefits and yearly costs. Identify any gaps in your security posture that require remediation and then ascertain whether the current suite of tools form part of the strategic plan and prioritise their importance to your organisation or ramp down plan.
  • Streamline and optimise the current security tooling stack. Tune the current suite of tools to provide applicable and relevant outputs, automate responses and subsequent tasks to reduce the likelihood of alert fatigue and consider a consolidation of tools where feature overlap permits.
  • Limit duplication and reduce costs by developing a framework for retaining specific logs and ensure that you have a single source of truth for each dataset. Avoid duplication where possible, if it is unavoidable ensure that the retention is managed at the primary source and the secondary utilises the free limits most cloud service providers offer and is short-lived. Data storage should utilise archived data capabilities for cost savings.
  • Invest your budget appropriately, not all issues need to be plugged with another security tool. Consider why that issue is prevalent in the first place. Budget may well be better spent investing in educating staff, providing additional resources or building better processes.

Why are some organisations falling into the common pitfalls?

Changing the tide and overcoming behaviours that are deep rooted takes time, effort and buy-in. These factors are often compounded by a failure to communicate effectively across the organisation. This can lead to siloed decision-making that only supports individual business unit needs. The key is to ensure that a formal security strategy and cloud security posture management (CSPM) programme is in place that focuses on the outcome rather than a specific set of tools required to achieve compliance for specific security control.

Regulatory-Compliance-and-Security-600x357

Ensuring that the challenges of tool sprawl and data management are addressed is crucial for organisations to maintain their security posture. By streamlining their security tools, optimising processes, and investing in staff education, organisations can enhance their security observability and management.

This approach not only reduces technology complexity and costs but also ensures that critical insights are not lost in the vast amounts of data, ultimately leading to a more robust and efficient security posture.

Protect your business with BJSS cybersecurity services. Our team delivers solutions tailored to safeguard your data, ensure compliance, and mitigate risks. Secure your digital future with industry-leading expertise that evolves with today’s ever-changing threat landscape.

Learn more about our cybersecurity solutions here.