Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:05 AM
Lamont Orange
Lamont Orange
Connect Directly
E-Mail vvv

When It Comes To Security Tools, More Isn't More

Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success.

Companies fast-tracked their security plans in 2020 due to the pandemic. Timelines that had stretched into the next three or five years were condensed into six months as the business landscape underwent rapid change and the remote workforce boomed. 

Even pre-pandemic, many companies were undergoing significant transformation as they transitioned to cloud or hybrid architectures and grappled with problems caused by tool sprawl due to the quick adoption of many disparate tools. For some, COVID fueled and exacerbated these challenges.

Organizations, and especially chief information security officers (CISOs), should keep the following in mind with the COVID-accelerated shift to the cloud, where they're running into trouble with tool sprawl and looking to implement new security solutions.

Related Content:

Cloud Identity and Access Management: Understanding the Chain of Access

Building an Effective Cybersecurity Incident Response Team

7 Infamous Moments in Adobe Flash's Security History

Factors to Remember When Shifting to the Cloud
It's no secret that companies have been moving to the cloud in droves. In some cases, the pandemic sparked this shift, but many were already on the path. And COVID's impact hasn't been all negative; in many ways it let organizations hit the "restart" button and take a close look at their security strategy. 

Regardless of what prompts a company's move to the cloud, it's important to not neglect the first requirement of any successful security program: Visibility. 

Companies must be cognizant that their existing tools may not provide as much (if any) value in the cloud. Visibility is the key to determining whether old tools still provide value, and if not, what should be replaced. 

Additionally, companies need to set a cadence of patching and maintaining systems that are no longer on-premises. Even though an organization is in the cloud, there are still infrastructure components that must be patched, like software as a service (SaaS), infrastructure as a service (IaaS), function as a service (FaaS), and containerization. 

When it comes to data loss prevention (DLP), storage strategies used on-premises won't fit the bill. There will be an onslaught of SaaS applications storing data, so companies need a strategy for gaining the data control and protection they need. 

It's also critical for organizations to manage endpoints effectively, since that's where the data is going. Companies need to ensure that their endpoints control threat protection at every stage of the journey.

In the rush to adopt new technology and transition to the cloud, companies tend to neglect these practices and fail to uphold security standards. This can cause major security gaps down the line.

The Trouble With Tool Sprawl, and the Perks of Eliminating It
Many organizations felt tremendous pressure to bolster their security strategy when their workforce suddenly went remote in 2020. For some, this sparked panic-buying of new solutions without much consideration to security, return on investment (ROI), and integration. We have yet to see the long-term effects of these actions, but there's no doubt that they caused numerous gaps in security, and bad actors may be lying in wait. 

But COVID isn't 100% to blame: Tool sprawl has been alive and well since long before the pandemic. This added complexity creates natural gaps, with negative effects including breaches, disclosures, and even a scramble to remove new tools that create vulnerabilities. Tool sprawl also generates more operational challenges for security teams and can increase how long it takes to identify, resolve, and report incidents. 

Another issue with many disparate tools is a dip in workforce productivity and satisfaction. Managing multivendor environments is operationally challenging and adds complexity. Complexity introduces gaps and mounting alerts that stress teams' productivity and endurance. If, for example, small teams are bombarded with thousands of security alerts per day, it hurts their work efficiency and sense of well-being. Alert-management tools (especially those powered by artificial intelligence and machine learning) can help teams sift through the signal-to-noise ratio and uncover what's important. However, the ultimate goal should be to eliminate tool sprawl altogether through optimization. Integration is the key to simplification.

At its core, tool sprawl may be due to security leaders trying to "technology" the business with a tool-centric approach. By taking a more business-centric approach and focusing on optimizing tools, companies stand to enhance security, increase ROI, save on budget, and see immediate value from moving to new stacks.

Still in the Market for New Tools? Consider This
Of course, not all tools are bad. But companies need to do their due diligence when researching new solutions because their old checklists may no longer apply. 

Focus on rationalizing and optimizing new tools by taking a more business-focused approach. For example, CISOs can ask themselves: Can I consolidate these four solutions that provide marginal value into one that covers all my bases? 

When onboarding new solutions, CISOs should put as much emphasis on the capabilities of new tools as on who they're purchasing them from. Does the vendor pride itself on its security standards? Does it have the most robust certifications? Does it employ individuals who are exclusively responsible for security? 

Since applications have access to an organization's data, workforce, and team, these factors should be closely examined before diving into a tool's capabilities, integrations with existing tools, management, risk factors, and more.

Businesses have undergone a massive amount of change recently, and there are no signs of that slowing down. As companies take on security, it's important to remember that, when it comes to tools, more isn't always more. Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success as the world continues creating new demands for security.

Lamont Orange has more than 20 years of experience in the information security industry, having previously served as vice president of enterprise security for Charter Communications (now Spectrum) and as senior manager for the security and technology services practice at ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
User Rank: Apprentice
1/12/2021 | 4:52:48 AM
Pending Review
This comment is waiting for review by our moderators.
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
PUBLISHED: 2021-01-15
Docker Desktop Community before on macOS mishandles certificate checking, leading to local privilege escalation.
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...