Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.
When it comes to tool consolidation, focus on platforms over products.
June 1, 2023
3 Min Read
Source: Freer Law via Alamy Stock Photo
Question: We have too many security tools. How do I consolidate and reduce tool sprawl in my environment?
Yotam Segev, Co-Founder and CEO, Cyera: Security teams are dealing with too many alerts coming out of too many tools. They can’t reduce risk because the alerts lack context, such as their severity and potential impact. Alerts without context are largely meaningless. Many security professionals complain about feeling as if they are running at full speed but not making any progress.
To security teams, tool consolidation is an opportunity to be more efficient and effective. It also appeals to C-suite executives because it means working with fewer vendors and eliminating hardware, licensing, maintenance, and support costs.
3 Keys to Tool Consolidation
Tool sprawl exists because IT has changed so quickly and dramatically. Many of these tools were created for another era — the precloud days when enterprises relied on the moat-and-castle architecture for defense — which means security teams are using one set of tools for securing on-premises systems and another for the cloud. Here's how to remediate that.
1. Take Inventory and Seek Alignment
Take an inventory of all the tools the security team is using. Poll the team and make them part of this process. Get an understanding of what is being used, what is being pushed aside, what they can live without, and what they can't.
A recent Verizon report found that security teams use between 55 and 75 security products or applications total, on average. All these tools mean dozens of management consoles, onboarding and training programs, and employee upskilling requirements. Things get more complicated depending on where the tools are deployed — on-premises or cloud — and what permissions are used.
Involving the team is important because it shows that you are addressing an issue that is important to them and impacts their day-to-day jobs. It will also give you great insights into the tools and capabilities they rely on. Once you understand the tool landscape in full and in practice, you will see the delta between what is being used and what can be cut.
From here, evaluate the top use cases that the team faces and determine whether the tools used adequately address these use cases.
2. Choose Cloud-Native Platforms, Not Products
The solution to tool sprawl is to invest in platforms that can address multiple core use cases, from on-premises to the cloud. Tools that were built for the cloud tend to mirror that functionality on-premises. This is the first and best place to identify opportunities for consolidation.
For example, legacy data loss prevention (DLP) solutions are hugely expensive and complex products that take months to deploy, configure, and train. For all of that, they often produce too many false positives, resulting in noisy alerting mechanisms that create friction within the business. Cloud DLP exists, but it creates new data silos, making securing data challenging. A platform solution, however, can provide DLP functionality across different environments, including cloud, containers, and virtual machines.
Platforms that were built for the cloud are designed to enable automation of tasks that used to be done manually, such as inventory and classification of assets, devices, data, and software-as-a-service (SaaS) partners. Most cloud-native solutions will automate this across multiple environments, including infrastructure-as-a-service (IaaS), SaaS, and platform-as-a-service (PaaS), as well as on-premises.
Declutter Your Network
Cybersecurity exposures and risks associated with cloud workloads are inherently different from those of legacy, on-prem infrastructure. Employing too many tools can leave security teams ill-equipped to quantify, understand, or mitigate the exposure of sprawling cloud environments. A cloud-native security stack enables tool consolidation and broad automation, both of which are most welcome developments for your teams.
About the Author(s)
Co-Founder and CEO, Cyera
Yotam Segev is the co-founder and CEO of Cyera. Prior to Cyera, he — alongside co-founder Tamar Bar-Ilan — built and ran the cloud security division for the Israeli Defense Force's (IDF) elite Unit 8200 and served as a Senior Class Commander in the IDF's prestigious Talpiot Leadership Academy. During this time, Yotam gained firsthand experience leading teams and deploying cybersecurity technologies in the field. He also gained valuable insight to recognize the challenges involved in ensuring business stakeholders have access to critical, sensitive data in a secure manner, and the need to develop a solution. These insights inspired Segev and Bar-Ilan to found Cyera in 2021. As CEO, Yotam leads strategic direction and operations, and guides the company to develop technology and tools through customer-inspired innovation.
You May Also Like
Unbiased Testing. Unbeatable ResultsFeb 22, 2024
Unbiased Testing. Unbeatable ResultsFeb 22, 2024
Your Everywhere Security guide: Four steps to stop cyberattacksFeb 27, 2024
Your Everywhere Security Guide: 4 Steps to Stop CyberattacksFeb 27, 2024
API Security: Protecting Your Application's Attack SurfaceFeb 29, 2024
Latest Articles in The Edge
Library Cyber Defenses Are Falling DownFeb 20, 2024|3 Min Read
Enterprises Worry End Users Will Be the Cause of Next Major BreachFeb 16, 2024|2 Min Read
10 Security Metrics Categories CISOs Should Present to the BoardFeb 14, 2024|6 Min Read
How Changes in State CIO Priorities for 2024 Apply to API SecurityFeb 12, 2024|4 Min Read