Tipping Point: How Many Security Tools is Too Many?

Fifty-three percent of security teams have reached their “security tool tipping point,” ReliaQuest’s new survey finds.

In an effort to better understand the effects of vendor sprawl on security teams, ReliaQuest commissioned a survey of over 400 enterprise security decision makers for the 2019 ReliaQuest Security Technology Sprawl Report.  The results are in, and one thing is for sure: a growing suite of security tools actually decreases overall visibility and response effectiveness and increases organizational risk levels.

How did security teams get to this tipping point?

Each year, enterprises are investing in new technologies in an attempt to combat the continually evolving threat landscape.  In fact, 70% of respondents say they’ve invested in more than five technologies in just the past year, with 19% saying they’ve invested in more than 20.

For many security teams, only a fraction of their tools are mission-critical, with the majority of their technology investments underutilized.

The result?  Vendor sprawl – A proliferation of disparate tools that’s increasing visibility gaps and decreasing financial and operational efficiency.  Let’s take a closer look:

Tools are underutilized, and ROI suffers

Teams are investing valuable resources into technology, only to have it collect dust as “shelfware”, instead of being used to strengthen security posture. This happens when tools are either added too quickly to be productively implemented or do not function properly because they haven’t been effectively maintained.

Teams can’t keep up, and operational efficiency takes the blow

For many teams, the growing requirements of new technologies outweigh the organizational infrastructure available to operationalize them.  In fact, 71% of respondents say they are adding security technologies faster than they are adding the organizational capacity to productively use them.  The operational inefficiencies generally occur:

  • In implementation, if teams are too busy or lack the training to correctly implement the tool;
  • In maintenance, if teams are unable to update the tool as the company’s environment or attack surface change;
  • And for various other reasons, like when the only team member who knew how to properly use the tool leaves.

The long-term risks of vendor sprawl

Nearly seven-in-ten respondents report their security team now spends more time managing security tools than effectively defending against threats.  Each addition of a new tool is so burdensome, it starts to negatively impact an organization’s ability to successfully manage threats.

This leads us to the security tool tipping point, in which organizations are actually decreasing visibility and response efficiency with the addition of each new tool.  The magic number?  According to our respondents, the average number of tools that it is takes to reach that tipping point is 22.

Some of the greatest risks of vendor sprawl include:

False sense of security: One of the biggest risks of vendor sprawl is when a security team thinks they have “checked the box” and put the necessary protections in place, when in reality the technology isn’t being fully managed, monitored, and analyzed.  Oftentimes, teams don’t realize they’re vulnerable until it’s too late.

False positives resulting in critical alerts missed: The number of false positives generated by poorly utilized security tools can cause security teams to miss the alerts that truly matter, leaving them unknowingly vulnerable.

It’s time for a new approach

CISOs recognize the need to address vendor sprawl before it increases their risk.  Nearly all respondents say that better visibility into the results of their security program or integration and automation of disparate tools would allow them to benefit more from their security spend.

Instead of buying more new tools, here are a few steps you can take to restore your security posture, rebalance investments, and increase efficiency of your team:

  • Take inventory of the tools you have and focus on optimizing them.
  • Identify any visibility gaps and overlaps within your suite of tools.
  • Reexamine your internal team as it relates to the technologies you have and need.
  • Align your strategy with current business goals.
  • Focus on connecting the silos to improve visibility and response.
  • Transition your team from reactive to proactively identifying and closing gaps.

Want access to all of our insights?  Get the full report.