Let us conjure up the image of the busy plumber or electrician with a work belt full of tools.
Well, today’s cyber security engineer probably feels much the same, carrying round a virtual version of that belt, jam-packed with numerous tools to deal with the different threats his or her organisation faces.
How many is too many?
According to a report by the pre-eminent research centre Ponemon Institute, the average enterprise uses a total of 45 different security tools, deploying as many as 19 to deal with an incident. Using lots of tools means we can deal with the problem more effectively, you might think. However, the opposite seems to be true. The research estimated that any organisation using so many tools was often less effective in detecting and responding to security incidents.
The ease and flexibility of the cloud makes it easy to deploy new solutions quickly without considering the impact they will have on your overall security management and strategy. The level of training and expertise required to use some cyber security tools can vary greatly, resulting in over confidence when dealing with incidents and the potential to misunderstand the solution to the threat that is being faced.
But we're ready for anything!
Security gaps can often emerge due to the use of too many tools or solutions because the team becomes focused on a particular product or a specific problem rather than taking an overview of the entire threat landscape. It can also make IT teams rely on just being reactive – the ‘we’ve got the tools so we’re ready for anything’ approach - rather than encouraging a proactive approach that searches out vulnerabilities before they can be turned into attacks.
Proliferation of solutions might make you feel like you have an arsenal ready to defend your organisation’s infrastructure but it can overcomplicate the response and leave you with a raft of expensive tools that are never fully utilised and become ever harder to manage.
A simpler approach
A much better strategy is to plan defence-in-depth using fewer tools that do not cause overlap or encourage siloed thinking.
Less, as they say, is more. In the case of cyber security there is no truer a phrase. A simpler approach to a complex problem is often more effective and cost-efficient.