Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Are Overlapping Security Tools Adversely Impacting Your Security Posture?

Pruning the Security Technology Tool Sprawl

Pruning the Security Technology Tool Sprawl

In mid-November 2019, Tanium and Forrester released a study suggesting that the employment of stand-alone or best of breed security solutions — often one thing for IT and another thing for OT — could lead to strained relations between the two, and reduced security posture overall.

Their conclusion was that organizations need a unified endpoint management system. “IT leaders,” said the report (PDF), “today face pressure from all sides… To cope with this pressure, many have invested in a number of point solutions. However, these solutions often operate in silos, straining organizational alignment and inhibiting the visibility and control needed to protect the environment.”

In early December, Tampa FL-based security services firm ReliaQuest, released a separate report (PDF) discussing the effect of this tendency to purchase individual stand-alone tools to solve newly discovered issues. It surveyed 400 security decision makers at companies with more than 1,000 employees, and found that most consider themselves to be less secure because of too many tools.

Problems include more tools than company capacity to productively use them (71%), and a burden of maintenance forcing security teams to spend more time managing the tools than defending against threats (69%). Fifty-three percent of the respondent “say their security team has reached a tipping point where the excessive number of security tools in place adversely impacts security posture.”

“The problem,” Tanium CISO Chris Hallenbeck told SecurityWeek, “is that when a company suffers an attack or a breach, it tends to throw money at the problem. It is easier to buy a new tool than to find, attract, train and retain skilled analysts.” Underlying this is the difficulty for CISOs to find the time for strategic rather than tactical thinking, and the reality that issue-related budgets can disappear if not used quickly.

Managing Security Tools“The impetus,” he continued, “tends to be to go and buy something real quick while the money is available, and figure out how you’re going to use it later. The devil in that detail is that rarely do the organizations figure out how they are going to leverage those tools effectively. It becomes difficult [as shown in the ReliaQuest report] when you have too many of them.”

If this is the problem, what is the solution? Hallenbeck’s suggestion is Venn diagrams of product functionality to highlight overlapping and redundant security product. Overlapping security is a waste of budget and human resources while adding nothing to security. It is completely different to layered security. 

“Where you have two or more products providing swathes of identical functionality,” he told SecurityWeek, “you have overlapping [bad] security. Where you have the different products just slightly clipping into each other, you are more likely have layered [good] security. Large overlaps are just duplicating effort, and you should be questioning why you’re doing that.”

Advertisement. Scroll to continue reading.

He continued, “I advise companies to use Venn diagrams and look for the large overlaps. This is the opportunity to consolidate down to a fewer numbers of tools. If it leaves gaps, that’s when you go out and buy a niche tool just for the gap. It requires time to take this step back and do a strategic analysis, but in the long-term it will reduce the number of tools. It will reduce costs — not just the cost of maintaining the tools but the infrastructure needed for the tools to run on, and the training of analysts to allow effective use of the tool.”

This is not a quick fix — it requires careful and long-term or strategic planning over several years. It shows where the waste exists, but the CISO still has to plan the solution. What, for example, if two very good products provide a very large overlap of functionality? “It’s not just a case of maybe I’m getting rid of one tool or the other,” said Hallenbeck. “Maybe I should get rid of both and go to market to find a solution that meets 75% of my requirements; and then go buy a niche product that gives me the other 25%. It’s not just a case of deciding which of these tools I throw out, it may be a decision that I go back to the drawing board and push both those tools out and get a new tool that meets a larger total percentage of my needs.”

If two or more products are replaced by a single product, then their licenses need to be aligned as closely as possible to prevent additional and unnecessary cost. This itself could take a couple of years. It argues for limiting future licenses to a single year to make future pruning less costly. “It requires a strategic view if you decide to replace 2 products with one,” said Hallenbeck. “You have to try to align their renewal dates; but while waiting for the sunset, you can research, locate and implement the replacement product so that there is no gap.”

And don’t forget to mind the gap. You will still need to use the more traditional forms of gap analysis to ensure that your Venn pruning doesn’t create a new gap. But if the process is done carefully and strategically, the result is likely to be fewer tools used more efficiently at lower cost.

Related: Securing All Cloud Deployments With a Single Strategy 

Related: Wading Through Tool Overload and Redundancy? 

Related: Tanium Raises $200 Million at $6.5 Billion Valuation 

Related: The Accountability Gap – Getting Business to Understand Security 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

After the passing of Amit Yoran, Tenable has appointed Steve Vintz and Mark Thurmond as co-CEOs.

Former Wiz executive Trish Cagliostro has joined Orchid Security as Chief Revenue Officer.

Transcend has named former UnitedHealth Group CISO Aimee Cardwell as CISO in Residence.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.