kras99 - stock.adobe.com

Tip

Rein in cybersecurity tool sprawl with a portfolio approach

Market consolidation can counterintuitively exacerbate cybersecurity tool sprawl, with many products offering overlapping features. A portfolio approach brings clarity to chaos.

Security threats continue to grow at an exponential rate, with new viruses and zero-day exploits emerging daily. The good news is security technology is evolving almost as fast as the threats. The bad news is twofold:

  1. Ongoing consolidation activity in the cybersecurity market means many previously standalone point products now have complex and often overlapping feature sets.
  2. Even amid vendor consolidation and technological convergence trends, the cybersecurity market is still vast and growing, with new point tools constantly emerging.

This makes it hard for CISOs to figure out which products and services their companies need.

Overzealous, disorganized cybersecurity purchasing activity often equates to wasting resources on redundant tools and services, resulting in unwieldy cybersecurity tool sprawl that could undermine the organization's security posture. On the other hand, failing to take advantage of new technologies by underinvesting could leave the organization at unnecessary risk.

Manage cybersecurity tool sprawl with a portfolio approach

A CISO struggling with cybersecurity tool sprawl can gain clarity by contextualizing each product or service within the organization's existing cybersecurity technology portfolio.

The natural temptation is to look at a product's features and think how great it might be to have them -- a fast-track to cybersecurity tool sprawl.

1. Start with requirements

When learning about security products, security pros often get sucked into vendors' charts, reports, capabilities and end-user testimonials. The natural temptation is to look at a product's features and think how great it might be to have them -- a fast-track to cybersecurity tool sprawl.

Avoid this pitfall by taking the following important steps before considering adoption of any new product, platform or service:

  1. Examine the business to understand its most pressing security issues.
  2. Define and document the capabilities required to address those problems.
  3. Rank these security requirements in order of priority, based on importance to the business.

Establishing prioritized requirements before shopping makes it easier to evaluate the market based on what the security program needs, rather than on what looks exciting.

2. Identify redundancies

In addition to the numerous new types of products that have entered the cybersecurity market in recent years, the industry has also seen many existing products expand their capabilities. That is, a product that previously had one function often now has several functions. Again, this is partly due to today's high rate of market consolidation and partly because any product's feature set tends to improve and grow over time.

For example, firewalls have evolved to include intrusion detection and prevention, and endpoint detection vendors have added features such as automated incident response, behavioral monitoring and advanced machine learning to their products. This macro trend toward technological convergence means a typical organization's cybersecurity portfolio likely includes duplicate functionality across tools.

To address internal cybersecurity tool sprawl as a CISO, take the following steps:

  1. Make a spreadsheet that lists current products and services in rows.
  2. Add each tool's corresponding features in columns.
  3. Cross-reference this spreadsheet with the prioritized list of organizational security requirements discussed above.
  4. Look for overlapping and redundant functionality.

You might find a subset of the currently deployed security tools meets all major needs, enabling you to streamline the company's cybersecurity portfolio without negatively affecting its security posture.

Additionally, this process can help identify critical gaps in the portfolio that should inform new purchases.

3. Design for adaptability

The threat landscape, the security market and an organization's security requirements will continue to rapidly evolve in the coming months and years. It, therefore, makes sense to create a security architecture built for change, by favoring the following:

  • Products and services that adhere to industry standards.
  • Products and services with published, easy-to-use APIs that enable straightforward integration with other tools.
  • Products and services that enable migration to different cloud environments, positioning the company to take advantage of more effective options if necessary.

Stay abreast of cybersecurity market developments

It is, of course, important to learn about new technologies and products as they emerge and evolve to understand what capabilities exist in the market. It's best, however, to do so only after taking the previous steps -- lest one get enamored with a new bell or whistle without understanding how it can solve substantive problems in the existing security environment.

When exploring a new technology, product or service, look at its advertised use cases, and ask which of the enterprise's existing, high-priority security issues the tool might address. When in doubt, always return to the list of organizational requirements.

Dig Deeper on Security operations and management