Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

CISO Strategy

Rationalizing the Stack: The Case for Security Vendor Consolidation

Consolidating from an overly burdensome number of point solutions to an easier to manage platform-based approach brings with it a number of benefits.

SOC

In recent years, tighter security budgets and macroeconomic headwinds have created a need to optimize security spend. In this fiscal environment, security teams find themselves being asked to identify areas in which spend can be optimized. In other words, where can the same or improved ends be achieved through reduced means?

One important part of this endeavor involves identifying areas in which a smaller number of platform-based solutions can replace a larger number of point solutions. These point solutions were most often acquired over time as the enterprise environment evolved, grew, and became increasingly cumbersome and complex. This resulted in a proliferation of point solutions that not only tie up monetary resources for license fees, they also tie up monetary and human resources to operate and maintain over time.

In most enterprises, there is room to optimize and improve. In this piece, I’d like to examine how consolidating multiple point solutions into a platform-based approach can bring operational efficiencies, budgetary savings, and improved security to enterprises. While there are likely many ways to analyze this topic, here are six points around this topic that enterprises should consider when thinking about moving towards a platform-based approach:

  1. Overcome Inertia: Over time, security teams have found themselves confronted with a changing enterprise environment.  New environments popped up as market pressures and customer demands made them necessary for the business.  Security teams were often forced to act in a reactive manner, implementing point solutions, leaning on custom code, and/or leveraging native capabilities (even if inadequate) in order to keep up.  But just because things came together this way doesn’t mean that they have to continue like this.  Now is a great time for the security team to take a step back, look at their requirements strategically, and work towards consolidation.  Inertia should not be a justification for continuing in a less than ideal manner.
  2. Centralize Management: As point solutions proliferate, so does management of them. It can be hard for an outsider to fully understand and believe just how many different tools and interfaces the average security team needs to interact with on a regular basis. Never mind when an incident needs to be responded to or any type of change needs to be made – whether critical or routine. To think that this inefficiency doesn’t distract or otherwise negatively impact security team members, leading to oversights, errors, and loss of productivity would be naive.  Centralizing management is one way in which enterprises can remove some of the obstacles that prevent security team members from delivering the highest level of security that they can to the enterprise.
  3. Simplify Operations and Maintenance: If only it were true that security solutions ran autonomously. Like any technology solution, they require patching, fixing, tuning, and various other types of care and feeding. All of this obviously carries a cost with it – not only for the technology resources themselves, but also for the staff required to carry out these activities and the training required to facilitate them doing so. A consolidation play reduces this burden – less training on fewer technologies along with less time invested in care and feeding. This doesn’t mean that security is sacrificed or that security organizations don’t continue to practice defense-in-depth. Quite the opposite – consolidation allows for optimizing the resources available towards the challenges at hand.
  4. Ease Recruiting and Retaining Talent: In the security field, we have been hearing about the talent shortage for quite some time. So why would we make recruiting and retaining talent harder on ourselves?  When we require increasingly numerous sets of skills alongside increasingly stressful work environments, we are not helping ourselves. Eased recruiting and retention is another benefit of the consolidation play and a good reason for security teams to look at moving towards a platform-based approach.
  5. Facilitate Visibility: The greatest security strategy, processes, procedures, and talent won’t help if the team is flying blind.  When telemetry data is absent from large portions of the environment, it makes securing that environment nearly impossible.  As the number of security solutions increases, so does the complexity of ensuring that the telemetry data they collect and produce finds its way into the security workflow.  The improved flow of telemetry data and the enhanced visibility it brings is a key win for security teams that comes out of a consolidation play.
  6. Improve Reporting and Metrics: Security teams will inevitably need to show their value to their stakeholders – whether business units, management, executives, and/or others. While building and maintaining relationships is important, reporting and metrics is still one of the primary ways in which security teams show their value on a regular basis.  While reporting and metrics are a challenge for many security teams, an overabundance of tools and data sources certainly doesn’t help matters.  Yet another benefit to the consolidation play is in reducing the complexity and difficulty in consistently and accurately obtaining the data required to produce solid reporting and metrics.

It certainly takes effort to step back from the day-to-day and think about strategic ways to improve the enterprise’s security posture. Consolidating from an overly burdensome number of point solutions to an easier to manage platform-based approach brings with it a number of benefits. This effort is a worthwhile investment, however, as it can bring operational efficiencies, budgetary savings, and improved security to enterprises.

Related: Consolidation vs. Optimization: Which Is More Cost-Effective for Improved Security?

Written By

Joshua Goldfarb (Twitter: @ananalytical) is currently Field CISO at F5. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.