Security Experts:

Connect with us

Hi, what are you looking for?


Incident Response

Are Overlapping Security Tools Adversely Impacting Your Security Posture?

Pruning the Security Technology Tool Sprawl

Pruning the Security Technology Tool Sprawl

In mid-November 2019, Tanium and Forrester released a study suggesting that the employment of stand-alone or best of breed security solutions — often one thing for IT and another thing for OT — could lead to strained relations between the two, and reduced security posture overall.

Their conclusion was that organizations need a unified endpoint management system. “IT leaders,” said the report (PDF), “today face pressure from all sides… To cope with this pressure, many have invested in a number of point solutions. However, these solutions often operate in silos, straining organizational alignment and inhibiting the visibility and control needed to protect the environment.”

In early December, Tampa FL-based security services firm ReliaQuest, released a separate report (PDF) discussing the effect of this tendency to purchase individual stand-alone tools to solve newly discovered issues. It surveyed 400 security decision makers at companies with more than 1,000 employees, and found that most consider themselves to be less secure because of too many tools.

Problems include more tools than company capacity to productively use them (71%), and a burden of maintenance forcing security teams to spend more time managing the tools than defending against threats (69%). Fifty-three percent of the respondent “say their security team has reached a tipping point where the excessive number of security tools in place adversely impacts security posture.”

“The problem,” Tanium CISO Chris Hallenbeck told SecurityWeek, “is that when a company suffers an attack or a breach, it tends to throw money at the problem. It is easier to buy a new tool than to find, attract, train and retain skilled analysts.” Underlying this is the difficulty for CISOs to find the time for strategic rather than tactical thinking, and the reality that issue-related budgets can disappear if not used quickly.

Managing Security Tools“The impetus,” he continued, “tends to be to go and buy something real quick while the money is available, and figure out how you’re going to use it later. The devil in that detail is that rarely do the organizations figure out how they are going to leverage those tools effectively. It becomes difficult [as shown in the ReliaQuest report] when you have too many of them.”

If this is the problem, what is the solution? Hallenbeck’s suggestion is Venn diagrams of product functionality to highlight overlapping and redundant security product. Overlapping security is a waste of budget and human resources while adding nothing to security. It is completely different to layered security. 

“Where you have two or more products providing swathes of identical functionality,” he told SecurityWeek, “you have overlapping [bad] security. Where you have the different products just slightly clipping into each other, you are more likely have layered [good] security. Large overlaps are just duplicating effort, and you should be questioning why you’re doing that.”

He continued, “I advise companies to use Venn diagrams and look for the large overlaps. This is the opportunity to consolidate down to a fewer numbers of tools. If it leaves gaps, that’s when you go out and buy a niche tool just for the gap. It requires time to take this step back and do a strategic analysis, but in the long-term it will reduce the number of tools. It will reduce costs — not just the cost of maintaining the tools but the infrastructure needed for the tools to run on, and the training of analysts to allow effective use of the tool.”

This is not a quick fix — it requires careful and long-term or strategic planning over several years. It shows where the waste exists, but the CISO still has to plan the solution. What, for example, if two very good products provide a very large overlap of functionality? “It’s not just a case of maybe I’m getting rid of one tool or the other,” said Hallenbeck. “Maybe I should get rid of both and go to market to find a solution that meets 75% of my requirements; and then go buy a niche product that gives me the other 25%. It’s not just a case of deciding which of these tools I throw out, it may be a decision that I go back to the drawing board and push both those tools out and get a new tool that meets a larger total percentage of my needs.”

If two or more products are replaced by a single product, then their licenses need to be aligned as closely as possible to prevent additional and unnecessary cost. This itself could take a couple of years. It argues for limiting future licenses to a single year to make future pruning less costly. “It requires a strategic view if you decide to replace 2 products with one,” said Hallenbeck. “You have to try to align their renewal dates; but while waiting for the sunset, you can research, locate and implement the replacement product so that there is no gap.”

And don’t forget to mind the gap. You will still need to use the more traditional forms of gap analysis to ensure that your Venn pruning doesn’t create a new gap. But if the process is done carefully and strategically, the result is likely to be fewer tools used more efficiently at lower cost.

Related: Securing All Cloud Deployments With a Single Strategy 

Related: Wading Through Tool Overload and Redundancy? 

Related: Tanium Raises $200 Million at $6.5 Billion Valuation 

Related: The Accountability Gap – Getting Business to Understand Security 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.