Keep it, Tweak it, Trash it – What to do with Aging Tech in an Era of Consolidation

Consolidating security tools is a growing industry trend. In fact, a survey by Gartner found that 75% of organizations were pursuing security vendor consolidation in 2022, up from 29% in 2020.

IT is often viewed as a cost center and security is part of that. No one has unlimited budgets, and the pressure is on to justify costs and do more with less. The situation gets worse when earnings are down and there’s a looming specter of a slowdown in the economy.

Many security teams are being asked to start rethinking their approach to security if budgets get trimmed. It’s a natural part of the cycle of business and it’s rarely easy. But it can be a particularly onerous task within large, modern enterprises where Atomized Networks consist of up to three types of environments: IT, cloud, and operational technology (OT) environments. And, in many cases, each environment has a different team using different network traffic monitoring and security tools.

Some of these tools are “free” – whatever the cloud provider or service has available – and the perception is that there is no impact on budget. But the truth is, nothing is ever free. We’re making a tradeoff between paying for the tool and paying for people’s time to use, manage, and maintain a collection of different tool sets in different areas of the infrastructure. And that labor intensity is very costly.

However, there’s an even greater cost: the cost of time to detect and respond to events. When we’re using diverse tool sets and something happens, the time to discover and mitigate expands because it’s incredibly difficult to get a big picture view of what is happening across the organization. And time, when we’re talking about security, can be a killer. The longer the dwell time, the more damage can be done.

We could go down the path of building a tool to do that consolidation, but few organizations have the expertise and time to do this. So instead, due to a lack of integration, we live with operational inefficiencies that increase risk.

Without a doubt, the challenge when consolidating and looking at whether to keep, tweak or trash a technology in today’s evolving modern networks is increasingly complex. But when we consider the Atomized Network holistically and what organizations are looking to ultimately accomplish with their consolidation efforts, we see opportunities and a path forward.

Digging further into Gartner’s study, 65% of organizations consolidate to improve risk posture and only 29% consolidate to reduce spending on licensing. That’s good news for security organizations because it helps put a stake in the ground and focus on what we can do that is going to give us the biggest bang for the buck, while still reducing the number of different security tools. Here are some recommendations as you work through the process.

Keep it

Keep the tools that make life easier for your security teams and that consolidate the largest part of your infrastructure. With an honest assessment, you can make sure you take the best advantage of the ones that simplify security operations while doing the most to decrease the amount of time to detect and respond to an incident.

Tweak it

For tools that come close – say, some of your teams love them but other teams that could benefit from them are using something else – tweak them to enable consolidation. Bring these tools, along with the “keepers”, into a platform that makes integration easy and enables collaboration and the sharing of context to drive operational efficiencies. When you expand their usage to the extent that you can, you’ll get the biggest bang for your buck.

With a common language and a single view across the environment, teams can share information to gain a greater understanding of what is happening and use a universal platform to help them do their jobs. For example, SOC analysts may use the platform for threat hunting, the network team may use it for network visualization and performance, and the governance risk compliance team may use it to validate controls.

Trash it

Get rid of the tools that are painful to use and make life difficult. Total cost of ownership is hard to calculate, but it is critical. Free or otherwise, you’re paying for tools in a lot of different ways, especially if they’re not improving your operations.

At the same time, remember that you brought in a tool for a reason and flat out trashing it can leave gaps. Go through the exercise of understanding if that function can be replaced by a different tool with some tweaking to ensure you don’t have gaps, or whether you will need to bring in something new to bridge that gap. Remember the primary objective of consolidation is to improve security posture – cuts that leave gaps in defenses run counter to that goal.

Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less. In the end, it’s about solving your security challenges and being able to share between teams. And when you keep, tweak, and trash to arrive at one tool that can do that to a very large extent, you cut time to detect and respond, reduce costs, and even make life easier.