The problems plaguing security point tools

Security point tools generate too many alerts, create a strain on operational resources, and make security operations complex and time consuming, new ESG research shows.

Current Job Listings

At most enterprise organizations, cybersecurity infrastructure grew organically over time. The security team implemented each security control in response to a particular threat – antivirus software appeared on desktops, gateways were added to the network, sandboxes were deployed to detect malicious files, etc.

As the security infrastructure grew over the past 10 or 15 years, most enterprises didn’t really have a security technology architecture or strategy at all. And this lack of a cohesive security technology strategy has transcended into real problems. A recent ESG research survey illustrates some of the challenges associated with managing an assortment of security products from different vendors. (Note I work for ESG.) Those challenges include the following:

  • 27% of survey respondents (i.e. cybersecurity professionals) say their security products generate high volumes of security alerts, making it difficult to prioritize and investigate security incidents. Thus, more security tools = more alerts = more work = more problems.
  • 27% of survey respondents say each security technology demands its own management and operations, straining many organizations' resources. Other ESG research indicates that 51% of organizations have a problematic shortage of cybersecurity staff and skills, so there simply aren’t enough people for the necessary care and feeding of all these security tools.
  • 24% of survey respondents say their organization needs different solutions for different infrastructure environments, which are then managed by separate teams, creating operational inefficiencies. In other words, they have security tools for data centers, endpoints, virtual servers, public cloud workloads, etc. Coordinating policy and control across these areas is no walk in the park.
  • 22% of survey respondents say the number of security technologies used at their organization makes security operations complex and time consuming. No surprise here.
  • 20% of survey respondents say purchasing from a multitude of security vendors adds cost and purchasing complexity to my organization. So, just like security operations, purchasing efficiency and pricing is impacted by the number of security tools used.

Too many security tools and not enough time to use them correctly is not a new problem, but I would say that the ramifications of this situation are growing increasingly worse all the time. This explains why CISOs are looking to consolidate and integrate their security infrastructure with platforms and architectures like SOAPA.

In the past, the security industry had a high population of best-of-breed point tools vendors, but the overall market is undergoing a profound change. The future of the security industry will be dominated by a few big vendors selling enterprise-class integrated solutions. 

SUBSCRIBE! Get the best of CSO delivered to your email inbox.