Email, web, cloud, endpoints, applications… The contemporary organisational cyber attack surface is broader than ever before. To guard against threat actors, a comprehensive and robust security posture is essential.
Security vendors have responded to this digital transformation (the shift to digitise operations in an increasingly off-premises, cloud-based world) with a plethora of single-solution tools. Unfortunately, many security stacks are now overcapacity, with tools too varied to maintain optimum performance.
Vendor sprawl describes this excess, and often overlap, of unrelated security solutions.
Where Did the Problems Begin?
As security gaps began to emerge in a growing threat landscape, problem-specific tools were quickly developed and adopted.
In an ideal scenario, new solutions are sourced and implemented as part of a larger security strategy. However due to the rapidity of digital development in recent years, this approach has proved challenging. Rather than strategically implementing solutions that work cohesively, many organisations have been forced to adopt new security solutions on the move.
Organisations now have 76 solutions deployed in their security stack (constituting a 19% increase since 2020). These individual solutions are largely tailored to specific tasks, and because they’re sourced from a wide array of vendors, they’re rarely able to talk to one another. This results in problems for both cyber security staff and for organisational security.
While a broad selection of tools may appear to offer defence in depth, an inflated catalogue of vendor solutions can in fact increase security risk.
Too Many Cooks…
With too many solutions comes too much data.
When selecting security solutions, most organisations pursue a best-of-breed approach. This makes sense when hoping to maximise the efficacy of your tools, but often results in a disparate array of solutions from different vendors.
Vendors – many of them start-ups new to the arena – have marketed their solutions as the answer to organisations’ security concerns. Capabilities are often exaggerated or based on limited use-case experience. With little time or available resources to thoroughly vet new solutions’ suitability and potential for interconnectivity, security stacks have increased in depth, but not always in usable intelligence.
Because tools from different vendors are unlikely to be able to speak to one another, data produced from their combined security analysis can be dense and unmanageable. If your solutions aren’t speaking the same language, the burden falls to analysts to parse meaning from differing reports. As a result, there is no single source of truth.
The Cost of Vendor Sprawl
There are often financial consequences to vendor sprawl.
Caught out by an unexpected subscription renewal? Much like media streaming services, the more solutions you’re subscribed to, the easier it is to miss a cancellation window. If security teams aren’t able to keep track of a multitude of deployed solutions alongside day-to-day duties, organisations may find themselves paying for tools they’re no longer effectively utilising or actively benefiting from.
Value for money should also be considered when assessing the effectiveness of your security stack. 61 per cent of security teams don’t feel like they’re getting full value from their security investment, and a bloated suite of solutions can often contribute to this lack of clarity in ROI.
With ever-increasing overheads and tighter security budgets, the ability to confidently demonstrate the impact of security investment is vital. Unfortunately, 53 of IT experts feel unable to measure the performance of the suite of cyber security tools they’ve deployed. Without a meaningful measure of threat prevention and potential cost savings, determining ROI is near impossible.
How Can Vendor Sprawl Impact Security?
Rather than building a comprehensive security posture that works in harmony, a sprawl of vendors and tools leaves organisations with an often-unwieldy collection of security solutions that can cause overspend or worse, system vulnerabilities and security risks.
Lack of Visibility
56 per cent of Ponemon Institute responders cite a “lack of visibility into the operations of their security program” as the reason data breaches still occur despite a wealth of solutions. Threats may be flagged, and analysts alerted. But if they’re unable to accurately map the risk and solution, this intelligence goes unused. A successful security stack is one that produces clear, meaningful data that cyber security teams can action.
Lack of Trust
To maintain security, the activity reported by solutions must be trustworthy. It’s therefore a concern that 63 percent of security teams have observed a security tool falsely report that an attack has been blocked. Such errors render the entire environment vulnerable to unidentified intrusions. Security stacks are only as strong as their weakest link, and the broader the vendor and tool spread, the greater the attack surface to be exploited.
When breaches slip through the cracks in a supposedly robust security stack, there’s a temptation to paper over the issue with a further layer of security that promises increased depth. This is a costly and often short-sighted approach to the problem. Additional tools can even exacerbate the lack of security cohesion that’s allowing threat actors access to an organisational environment. It may seem counterintuitive to pare back and consolidate solutions to strengthen security posture, but more layers don’t always guarantee more protection.
The more solutions deployed, the more onerous the task of managing and optimising them becomes. With a sprawling selection of vendor tools, the potential for internal conflicts and misconfigurations spikes. Even the smallest misconfiguration can create a system vulnerability, and when teams must scrutinise every tool in their arsenal to locate and resolve errors, cyber criminals have time to attack.
With each new solution comes a new interface and functionality to master, requiring training and internal upskilling. At a time when security teams are already overstretched, with a worker shortage of approximately 3.4 million owing to an increasing cyber security skills gap, few organisations can dedicate the necessary time. Without proper training, new solutions are at best underutilised, and at worst a vulnerability.
Data analysis can also prove a drain on resources. An organisation’s security stack should work in harmony with teams to complement their expertise and assist in security implementation. In an under-resourced team, attentions are already focused on day-to-day security maintenance and threat resolution, with little breathing space. When a growing number of tools require manual interpretation and analysis of data, security teams’ workload can become unmanageable. In overworked teams, burn out and struggles with retention are likely.
A single threat alert prompts action. An endless stream of threat alerts desensitises staff and creates alert fatigue, an unfortunate side effect of vendor sprawl for analysts.
As their multitude of solutions flag a potential incoming threat, the number of alerts generated becomes impossible to track and action. If alerts provide differing responses to a threat, manual data correlation is often required to pinpoint the true risk factor at the bottom of a growing pile of alerts.
It’s no surprise that when cyber security staff are tasked with monitoring the alerts of an increasingly unrealistic number of solutions, 44 per cent of alerts are not investigated.
What’s the Solution?
Vendor consolidation can be a useful antidote to an overinflated suite of security tools. If your stack has become unmanageable and breaches more frequent, condensing your solutions may be the route to an easier, more secure life.
Key security players including Microsoft, Palo Alto and Symantec are now offering cohesive platforms as consolidated versions of their solutions. Platforms offer teams a single point of management and insight with cohesive data across the stack. While organisations may find that no single vendor offers all their required capabilities in a platform, streamlining is almost always possible. Many decision makers are finding that consolidation via a security platform can provide a majority coverage, with select niche tools bridging the few remaining gaps.
To improve the long-term complexity of your security stack and equip your security team with control and visibility, a shift to platform play is worth consideration.