There is a glut of cybersecurity tools that do one thing. Many organizations pay for dozens of these products or services, some of which go forgotten or otherwise unused.
Wasted spend isn’t the only downside to these singularly focused tools. More siloed technology begets more vulnerabilities, and unnecessary complexities have become rife as organizations struggle to steer this abundance of instruments toward an ultimately common goal – defense, resilience and response.
“The point solutions just need to die,” said Rick Holland, Digital Shadows CISO and VP of strategy.
The vast majority of companies shouldn’t be investing in point solutions, Holland said. It’s not uncommon for organizations to have two or three endpoint detection and protection tools, or other similar products, in their repertoire.
Point solutions often do more harm than good
Organizations are often better served by cybersecurity tools that integrate across an entire stack.
“We're at a point in cybersecurity where point solutions that don't interoperate together are of greater and greater loss to our clients,” said Charles Henderson, head of IBM Security’s X-Force unit. “If they perform in isolation, the time invested, the money invested in them — it's just not worth it.”
The deconstruction of security products has foisted many challenges upon organizations, the most nagging of which include costs, complexity and operational inefficiencies.
The whittling of tools is already underway, according to Gartner. Three-quarters of organizations are pursuing vendor consolidation this year, compared to less than one-third of businesses surveyed in 2020, the research firm said.
More than half of the organizations surveyed by Gartner earlier this year reported they’re working with fewer than 10 security vendors. Two-thirds of the organizations said they expect to reduce complexity and improve risk posture by cutting down on the number of security vendors.
Two-thirds of organizations that have not pursued security vendor consolidation said time constraints and rigid contractual obligations have prevented them from doing so thus far, according to Gartner.
Cybersecurity tool sprawl is widespread, and not a recent phenomenon. Organizations used an average of 29 different security monitoring tools, which leaves security teams vulnerable to alert fatigue and increases the risk of missing a legitimate cyberattack, according to a 2021 report from Trend Micro.
Fragmentation creates vulnerabilities, complexity
The cybersecurity market has long been a fragmented space with thousands upon thousands of point tools, said Kris Lovejoy, Kyndryl’s global security and resilience practice leader.
“Now what you’re seeing is more technology that’s vulnerable, more threat actors that are attacking those vulnerable technologies,” and more regulations imposed on that surplus of tools, Lovejoy said.
All of this is happening “atop an already complex and fragmented security market of technologies that can be only used to solve one specific problem,” she said. “The cost and complexity of security management is becoming exponentially harder because of all of these exogenous factors.”
The buying occasion for many of these cybersecurity tools has been crisis or compliance, which means organizations are trying to stop the bleeding without spending a lot of money in the process, according to Lovejoy.
Organizations also get caught up by the hype and fail to recognize that new and sophisticated tools may not provide as much value as the basics, such as tools that manage assets, patching and vulnerabilities.
“Sometimes the best solution is not the sexy solution,” Lovejoy said. “It’s the solution that they’ve had around for the past 25 years, but at the end of the day provides them more value than anything else.”
She advises organizations to simplify their security arsenal and get rid of technologies that are duplicative or unnecessary. Consolidating around a single vendor isn’t the goal so much as creating a catalog of controls that can be leveraged for defense.
Organizations need to cut redundancies
In a rapidly changing environment, other tools considered must-haves by cybersecurity professionals are losing their luster and relevance.
Many organizations are moving away from trying to protect the perimeter as more red teams start from the position of an assumed breach, Henderson said.
Businesses don’t need to pay to find out threat actors can get in when the supposition is that adversaries can and likely will break in, given enough time, he said.
Other tools, such as security information and event management, endpoint detection and response, OT systems and cloud cluster management systems are being treated as their own sensors, said Tony Velleca, founder and CEO at CyberProof and CISO at parent company UST.
The orchestration engine is supplanting SIEM as the center of security, Velleca said, and he expects most organizations to go all in with Microsoft or Google for that system.
The sensor layer might still exist on its own, Velleca said, but cybersecurity professionals need to determine which products or services are actually aiding the organization’s defense and response.
CISOs get replaced because they purchase point solutions that don’t meet that objective while other systems perform better and are more integrated with an organization’s entire security stack.
“Sometimes you have to switch the people because they’re tied to their old decisions,” Velleca said.