Editor’s Note: This a partnered sponsored guest blog written by Cadre
See a problem, throw a technology at it. See another problem, throw another technology at it. According to a global survey by IBM, this mindset has led to enterprises deploying on average, forty-five cybersecurity-related tools on their networks. If this worked, then maybe it would not seem so dizzying, but the problem is that more security seems to equate to…worse security?
The study found that an over-abundance of tools may hinder an organization’s ability to manage attacks. More specifically, in the survey, those using more than fifty tools ranked themselves 8 percent lower in their ability to detect an attack and around 7 percent lower for responding to an attack.
If we dig into these results, security teams needed to coordinate actions across approximately nineteen tools on average to respond to an incident. Complexity aside, that leaves around twenty-six tools sitting on the shelf.
Addressing underutilized tools
One giant burden on chief information security officers (CISOs) and other security leaders are underutilized tools. They have made a purchasing decision and now they don’t have the people-power, knowledge, time and/or integrations to use them. It’s an all-too-common problem that luckily is solvable in time by completing some key steps:
Audit your existing security tools
It is easy to overlook something you haven’t been using all that much. The first step to ensuring you are fully utilizing your investments is to map out all the existing security tools you have, and their associated processes.
Even if you already have this information in one place, it is worthwhile to put fresh eyes on it. There is a good chance that since deployment either your organization’s operations have changed, outside threats have morphed, security vendors have expanded their offerings, or a combination of the three. With the security audit complete, you will be able to see security gaps and tools that should be prioritized for better utilization.
Drop dead weight
Returning to the twenty-six tools sitting on the shelf — if you find yourself with that many unused or underutilized tools, it is due time to drop dead weight and see where you can streamline. For example, if you purchased your SIEM ages ago and then bought a user entity behavior analytics (UEBA) solution and network detection response (NDR) through another vendor before you had a solid all-in-one solution. While the timing might not be perfect, consider running out your current contracts and seeking out a platform that integrates all forms of security automation and incident response orchestration into a single display. Benefits of this include:
- Centralized forensic data so that your already strapped team doesn’t have to look at raw security event data on monitors 24/7
- Workflow capabilities to alert each person/role when it is time to do a task so that they respond to incidents in a timely manner and analysts can then focus efforts elsewhere
- Enable automated responses for common situations such as basic malware compromise
Align the security team and business
Bringing the security team and business into alignment allows you to complete exercises like identifying the top three business risks. If you know that information, then you can say, “well, I do not need these extra fifteen tools to solve the problem. Instead, I can solve most of the issue with this one tool.”
Reckon with the fact that you cannot always be the expert
There is no way to be an expert on all your security tools, especially if you have forty-five of them. Sometimes you must admit that you do not know what you do not know and look outside the organization to get clarity on how to better utilize your security stack. Cadre works with best of breed technology vendors like LogRhythm to help overcome tool sprawl and maximize your investments through assessments, consulting, and hands-on help.
Visit our blogs for more insights.