Suffering From a Surfeit of Security Tools

73

It’s almost ingrained in our collective psyche that a good thing is an even better thing. If you have one of something that you really like, then there is nothing wrong with having two or three, or even more. After all, you can’t have too much of a good thing, right?

Unfortunately, while that logic works for a few things, there are times when it breaks down quickly at higher volumes. In some cases, you begin to experience diminishing returns. How much extra value or joy will that 13th piece of chocolate cake really bring you? And then there are other times when adding too much of a good thing can become something that is really bad for you or your organization. A great example of this is cybersecurity tools, which have gotten out of hand in most organizations in recent years.

A recent survey found that most Chief Information Security Officers (CISOs) rely on an average of 55 to 75 different security products or applications to protect their networks. And yet, the attacks still happen. According to the Verizon 2021 Data Breach Investigations Report, successful attacks are on the rise and taking longer to detect than ever.

How can attackers bypass what on the surface appears to be an impenetrable backwater of 75 or more cybersecurity tools? The fact is that they often set off alarms, but human defenders are too busy maintaining their defense tools or responding to thousands of daily alerts to notice. Having lots of security tools can actually give attackers the cover they need to stay undetected.

Too many cybersecurity tools

A recent report highlights the negative consequences of having too many cybersecurity tools. Among companies surveyed, 71% believe they have more tools than their cybersecurity teams could ever successfully manage. See the article : BIO-key PortalGuard Wins 2022 Fortress Cyber Security Award. This actually caused their security posture to deteriorate as more tools were added. In fact, contrary to the belief that more tools mean more security, the vast majority of those surveyed said they felt much less secure with all the cybersecurity tools installed in their environment.

The situation has only worsened with the mass migration to the cloud in most organizations. One of the reasons why deploying a multitude of cyber security tools on the network to cover all possible avenues of attack was popular was that in an era of almost entirely local assets, the strategy somehow worked. Or at least organizations didn’t encounter diminishing returns and negative consequences so quickly. However, in cloud environments, the more tools you add, the more complexity and vulnerability you produce.

Aside from the work that goes into maintaining overlapping tools, the other big problem with a tool-centric approach is the ocean of false positives that is bound to appear as more tools come online. Finding false positives can take all of the time away from security personnel with no real benefit to the organization. Meanwhile, the real attack can easily be hidden behind all the false alarms. Cyber ​​security experts may never find real threats until it’s too late.

A Better Way

It would be disastrous to remove all security tools from your environment. But you also don’t want to have so many that key tools that could really help don’t get enough attention. To see also : Singapore: Licensing requirements for cybersecurity service providers come into effect. It is important to find the right choice of tools and ensure that you do not waste too much time and resources.

The key to successfully consolidating tools is simultaneously investing in a human approach to security. And that should include leveraging an asset not traditionally deployed in that role: teams of developers tasked with coding the very apps and software that attackers target.

While developers have traditionally not been in charge of security, this is changing. In fact, encouraging developers to focus on security is a key aspect of the DevSecOps movement where everyone takes some responsibility for implementing secure applications. No one expects developers to suddenly become security experts or bear the primary responsibility for security in their organizations, but learning how to write secure code and rewarding a job well done can go a long way in setting the stage for eliminating all those overlapping security tools. .

If you start with good, secure code, then you can easily start eliminating some of the hundreds of cybersecurity tools designed to scan for common exploits and vulnerabilities. You’ll end up fostering an environment where developers create secure code, and a few select cybersecurity tools can act as an additional check that’s easy for security teams to monitor and maintain without too much (supposedly) good stuff.

Comments are closed.