New Research Report: What are security leaders saying about their security postures? View the Findings ➞
cyber kill chain: steps to leveraging security monitoring

How to Eliminate Security Tool Sprawl

This blog spotlights a section of the 2021 Security Technology Sprawl Report.

 

INSIDE
Technology sprawl can worsen your skills gap.
Your security tools probably don’t play nicely together.
How to address the tech sprawl problem.

 

Security tool sprawl is a growing problem. Security team members and business leaders often turn to new tools to solve their nagging security problems, but an increase in tools can also mean an exponential increase in complexity.

According to our 2021 Security Technology Sprawl Report, security professionals add an average of 6 security tools every 12 months, and 85% of respondents say that the rate of adding new tools far outstrips their capacity to use them.

Download the full tech sprawl report >

 

“The growing sprawl of security tools, each addressing a different security challenge, continues to get worse year after year,” says Bob Bragdon, SVP/managing director of CSO worldwide at IDG.

 

And overworked staff isn’t the only danger of tech sprawl: it can also affect your bottom line and even expose your business to further risk.

There is good news in all this, though: you can remediate these issues and unlock the efficiency you were hoping for with those new tools in the first place. Below, we’ll show you how.

Technology sprawl can worsen your skills gap.

Building expertise in a single tool takes time and effort. As you expand your tool count, the effort doesn’t just scale linearly—not only does your team have to master the new tool, but they must make sure it’s properly integrated with your system and your other tools.

If your team is spending their time learning these new tools, they may not have the capacity to handle real threats when they inevitably arise. 71% of respondents said they spend so much time managing tools that it impedes their ability to effectively defend against threats.

There’s budget to consider, too. If you’re spending your budget on 6 new tools a year, that’s less money you can contribute to other security projects.

Your security tools probably don’t play nicely together.

Not every tool was built to integrate with every other tool. Making them all work together and speak the same language is a gargantuan task, but if your tools aren’t integrated properly, you will have some very large visibility and metrics gaps, making it impossible to measure what’s working well or not working well or to get an accurate sense of your current security posture.

“If the system is too large and complex, it will inevitably lead to security loopholes. If the malicious code is not found and repaired in time, the data may be damaged, lost, or tampered with maliciously, causing great losses.” — Survey respondent

How to address the security tool sprawl problem.

Ok, we made it sound pretty bad. But here’s the good news: these problems are addressable. ReliaQuest CTO Joe Partlow outlines 6 steps you can take:

Step 1. Understand your risk exposure.

Make a clear assessment of the risks to a particular business. This includes defining the outcomes you want to see and the metrics you want to measure.

Step 2. Evaluate your tools.

Once you define the business needs, then you can determine whether you already have the tools that will give you visibility into and protect against threats. If it turns out you’re missing the necessary tools or your organization has purchased the wrong ones, then you can rebalance your security portfolio from a knowledgeable position.

Take our free security technology assessment >

Step 3. Assess your risk.

With a clear risk assessment that considers business needs in hand, Partlow suggests asking three critical questions:

  1. Will your tools help you get a better handle on your critical risks?
  2. Will your tools help you balance your risk profile?
  3. Will your tools or data they provide help you fill gaps in visibility?

Step 4. Establish a regular evaluation schedule.

Depending on the size of your organization, Partlow suggests setting a regular schedule for reevaluating your strategy and tactics. This could be as frequently as once a month or just 2 to 3 times a year.

Step 5. Use automation and integration.

The resource and skills shortage problem is not going away soon, and enterprises have to consider ways to force-multiply their existing teams so they can focus on critical objectives.

Step 6. Analyze and employ the right metrics.

Last, but not least, security teams should focus on the metrics that help illustrate the value and ROI of both specific tools and their overall security approach.

So long, tech sprawl

Security tool sprawl is a problem just about every organization faces. As long as you go into each purchase with clear knowledge of your current stack, defined goals for new tools, and a solid implementation plan, you can realize that ROI you’ve been dreaming of.

When companies use ReliaQuest GreyMatter Open XDR-as-a-Service and its Universal Translator technology to unify their security tools, they reduce their TCO by as much as 35%.

 

More Articles

Tipping Point: How Many Security Tools is Too Many?

Fifty-three percent of security teams have reached their “security tool tipping point,” ReliaQuest’s new survey finds. In an effort to better understand the effects of vendor sprawl on security teams, ReliaQuest commissioned a survey of over 400 enterprise security decision makers for the 2019 ReliaQuest Security Technology Sprawl Report.  The results are in, and one […]

New IDG and ReliaQuest Research Finds Many Security Teams at a Critical Tipping Point with “Security Tech Sprawl”

An increasing attack surface promoted by a dynamic enterprise IT environment has had security teams facing more cyber threats and searching for more ways to combat them. However, having an array of security tools doesn’t necessarily make an enterprise more secure. In fact, new research from IDG and ReliaQuest suggests that “tool sprawl” or “tech […]