Question: We have too many security tools. How do I consolidate and reduce tool sprawl in my environment?
Yotam Segev, Co-Founder and CEO, Cyera: Security teams are dealing with too many alerts coming out of too many tools. They can’t reduce risk because the alerts lack context, such as their severity and potential impact. Alerts without context are largely meaningless. Many security professionals complain about feeling as if they are running at full speed but not making any progress.
To security teams, tool consolidation is an opportunity to be more efficient and effective. It also appeals to C-suite executives because it means working with fewer vendors and eliminating hardware, licensing, maintenance, and support costs.
3 Keys to Tool Consolidation
Tool sprawl exists because IT has changed so quickly and dramatically. Many of these tools were created for another era — the precloud days when enterprises relied on the moat-and-castle architecture for defense — which means security teams are using one set of tools for securing on-premises systems and another for the cloud. Here's how to remediate that.
1. Take Inventory and Seek Alignment
Take an inventory of all the tools the security team is using. Poll the team and make them part of this process. Get an understanding of what is being used, what is being pushed aside, what they can live without, and what they can't.
A recent Verizon report found that security teams use between 55 and 75 security products or applications total, on average. All these tools mean dozens of management consoles, onboarding and training programs, and employee upskilling requirements. Things get more complicated depending on where the tools are deployed — on-premises or cloud — and what permissions are used.
Involving the team is important because it shows that you are addressing an issue that is important to them and impacts their day-to-day jobs. It will also give you great insights into the tools and capabilities they rely on. Once you understand the tool landscape in full and in practice, you will see the delta between what is being used and what can be cut.
From here, evaluate the top use cases that the team faces and determine whether the tools used adequately address these use cases.
2. Choose Cloud-Native Platforms, Not Products
The solution to tool sprawl is to invest in platforms that can address multiple core use cases, from on-premises to the cloud. Tools that were built for the cloud tend to mirror that functionality on-premises. This is the first and best place to identify opportunities for consolidation.
For example, legacy data loss prevention (DLP) solutions are hugely expensive and complex products that take months to deploy, configure, and train. For all of that, they often produce too many false positives, resulting in noisy alerting mechanisms that create friction within the business. Cloud DLP exists, but it creates new data silos, making securing data challenging. A platform solution, however, can provide DLP functionality across different environments, including cloud, containers, and virtual machines.
Platforms that were built for the cloud are designed to enable automation of tasks that used to be done manually, such as inventory and classification of assets, devices, data, and software-as-a-service (SaaS) partners. Most cloud-native solutions will automate this across multiple environments, including infrastructure-as-a-service (IaaS), SaaS, and platform-as-a-service (PaaS), as well as on-premises.
Declutter Your Network
Cybersecurity exposures and risks associated with cloud workloads are inherently different from those of legacy, on-prem infrastructure. Employing too many tools can leave security teams ill-equipped to quantify, understand, or mitigate the exposure of sprawling cloud environments. A cloud-native security stack enables tool consolidation and broad automation, both of which are most welcome developments for your teams.