Building a balanced cyber security portfolio is tough. Selecting the right cyber security products that deliver needed capabilities at the right service levels can be a grueling, frustrating and throw-in-the-towel type of process. Because more than 3,500 different cyber security solutions firms exist on the market, organizations are often quick to purchase the latest bright, shiny and new products, some of which promise the world. The idea of a brilliant new product that could stop a certain type of hack once and for all has a certain allure. Yet a security team’s fear of missing out (FOMO) on a product’s capabilities and semi-spontanious point solution purchases may impede an organization’s overall cyber security progress more than it yields improved security results.
What to consider before buying
In simpler times, organizations purchased a firewall and an antivirus solution, put necessary programs on everyone’s computers and called it secure. In recent years, threats have evolved significantly, requiring a complex suite of cyber security tools. However, many tools do not offer continuous analysis, effective interoperability, comprehensive visibility, and useful alert information; even if you combine them and own 50-60 tools. This has led organizations to pursue endless cyber security solutions shopping sprees, which are time consuming, costly and can lead to relentless complexity. Consider the following as you shop for new tools…
1. What problem will the tool solve? Could existing tools be adapted or re-engineered to perform the same tasks and to provide the same outcomes? Lack of clarity around a tool’s precise benefits, functionalities and promised results can lead to overspending and unnecessary work flow interruptions.
2. How will the new tool fit in with existing technology? Vendor tools and solutions require a certain level of interoperability. Ensure that your organization can account for exactly how a new tool will integrate into the existing ecosystem.
3. Does the organization really need this tool? For example, a robust edge-focused point solution might be a nice-to-have, but existing tools might be able to effectively offer security control for this portion of your perimeter.
4. What is the true cost of this technology? When determining what should or shouldn’t be in your cyber security portfolio, look beyond the license fees. Examine the level of effort required to implement and operationalize the tool. If the onboarding process requires training for multiple different departments, and the tool has demanding support requirements, is owning the tool really worth it?
5. How much expertise is required to run the product? Small-to-medium sized organizations may lack the high-level of security expertise needed to continuously support complex products.
For example, Endpoint Detection and Response (EDR) is recommended for defending against advanced attacks, as it allows for a rapid response and real-time blocking of a hacker. Yet, executing this correctly requires a sophisticated understanding of threats and incident response. Incorrect inputs during a hack could worsen outcomes. Thus, an EDR solution might overtly look like a good idea, but given the capabilities of your security staff, might not be the right decision at this moment in time.
Other questions to ask ahead of purchase
- Does this tool fit in with the specific security objectives of our strategic and tactical cyber security plan?
- Is this tool meaningfully different from the existing tools that we have?
- What types of overlaps are there across current solutions?
- Will the product support the team throughout a risk-management lifecycle?
- Does the vendor offer good customer service and tech support?
- Will this vendor continue to evolve its product and to provide related updates as technologies and threats change?
Although these aren’t the only questions worth asking, they can serve as a starting point.
Forget about FOMO
Owning too many cyber security solutions can place an organization at increased risk of an attack. A Ponemon Institute survey involving 3,400 IT and security staff revealed that security investments are growing, but that the effectiveness of the investments is declining. As mentioned earlier, owning a variety of tools can lead to visibility and interoperability issues due to the fragmented nature of the toolsets, stalling breach detection and response efforts.
The average medium sized businesses tend to use 50 to 60 different cyber security tools. Businesses that deploy more than 50 cyber security tools have registered an 8% decline in threat detection effectiveness, and a 7% decrease in defensive abilities. In contrast, teams using fewer tools have a stronger overall cyber security posture.
Too many tools requires organizations to deal with a greater number of vendors than necessary, visibility and interoperability issues may persist, security teams will contend with an overwhelming number of alerts each week, and calculations from incomparable metrics may cause confusion, leading teams to miss threats that could cause damage.
Fear of missing out on security products actually imperils an organization, as too many tools can increase an organization’s risk exposure. Protecting resources requires thoughtful investment in the right cyber security tools for your specific threat environment. Point solutions can prove effective if certain circumstances, but a single robust security foundation can address an wide variety of use cases, can be rolled out quickly, and can assist organizations in obtaining a more complete picture of security.
Although a consolidated single cyber security architecture may seem an intimidating prospect, it can ensure that all components of the IT infrastructure are protected, and that you have improved visibility, increased operational efficiency, and a lower cost of ownership.
Learn more here. Lastly, to receive cutting-edge cyber security news, exclusive interviews, high-minded expert analyses and leading security resources, please sign up for the CyberTalk.org newsletter.