Building and managing a cyber security stack can quickly snowball into an overwhelming task.
And there are two main reasons why.
First, too many security vendors prey on busy CISOs and IT teams, overhyping their product by falsely claiming it’s the “next big thing.” We talk a lot about these predatory sales techniques and how unethical vendors purposefully target those without a strong understanding of cyber security. The less the buyer knows, the easier the sale.
Second, factor in scaling operations and an ever-evolving threat landscape, and the easiest approach is to just layer new security tools on top of your existing ones. Hence the term cyber security stack.
But, despite spending more on defensive measures, the number of data breaches continue to rise. Clearly, a bigger budget isn’t the answer to the problem.
If your stack keeps growing while your security posture stays the same (or worse, weakens), it may be time to reevaluate what’s in your toolkit. There are a few reasons why you may not see the return you anticipated despite having a healthy security budget.
3 common flaws in cyber security stacks
1. The tools have overlapping functionality
Earlier this month we asked our Twitter community how many tools they use to identify and respond to cyber threats. 25% said they use ten or more tools (and a whopping 33% said they use zero…but that’s a conversation for another day).
It’s normal to use multiple cyber security solutions to detect threats and reduce risks — but there’s a tipping point. It’s possible (and common) to have too many products.
A recent report found that companies with a large security stack have a harder time detecting and responding to an attack than those with a smaller suite. The sheer volume of alerts from multiple tools creates significant noise that quickly becomes overwhelming. Add in the effort it takes to investigate alerts — many of which will likely be duplicates — and it becomes clear why less is often more.
When alert fatigue happens, cyber threats and security gaps may fly under the radar and cause damage. This is especially likely when the tools in your stack have overlapping functionality.
When alert fatigue happens, cyber threats and security gaps may fly under the radar and cause damage.
Cyber security stacks need to be planned thoughtfully; companies need to choose each product with intention. Otherwise, you may mistakenly add a solution that delivers the same features you already have. When this happens, you’re not only paying to configure, secure, and manage yet another tool, but it’s not providing any new benefits or security.
2. The tools aren’t easy to manage
The industry’s worsening talent gap makes it nearly impossible to build out a fully staffed, well-trained security team. This causes yet another challenge for businesses that need qualified experts to oversee increasingly complex security solutions.
A large stack naturally demands more attention than a small one. Each new tool adds pressure and can quickly become overwhelming for already busy security teams. This is why it’s important to regularly review your tools and eliminate any that are unnecessarily taking up your team’s time.
But complex products are frustrating to manage, even with the right resources. Slow portals, messy dashboards, unclear alerts, and buggy systems often cause more harm than good.
A poor user experience makes it harder to detect legitimate threats, giving attackers more time to cause damage and maximize impact. Worse, you may avoid using the product altogether, negatively affecting both your budget and security.
3. The tools don’t integrate well
Poor tool integration is a common roadblock for businesses trying to establish an effective cyber security stack. Point solutions no longer offer the comprehensive capability needed to protect modern businesses — it typically takes layering several products to provide proper coverage.
Unfortunately, there is little incentive for cyber security vendors to create a tool that integrates well with others. Often, the sale is the main goal and interoperability is at the bottom of the priority list.
Unfortunately, there is little incentive for cyber security vendors to create a tool that integrates well with others.
But integration is essential. Without it, you may have many solutions that provide a considerable defence but fail to communicate with each other. This lack of integration can leave the user with an overwhelming volume of data to monitor and aggregate, and an endless stream of alerts to check. Soon, you may start ignoring your notifications or stop using some products entirely.
Optimizing your cyber security stack
No one wants to pay for tools to have them figuratively collect dust. Thankfully, there are ways to streamline and optimize a cyber security stack. By eliminating ineffective products, you can get the most out of your budget without compromising protection.
Some will say to start by curating a complete list of your security solutions, but that skips the critical first step — mapping your threat surface.
Identify and understand your threat surface
If you don’t know your vulnerabilities, you could be paying for products that secure infrastructure you don’t have. When you understand what you’re trying to protect, it’s easier to choose the right tools for the job.
To determine your threat surface, it helps to break it down into two parts:
- The digital threat surface consists of things like cloud services, software, and web applications. It also includes confidential data such as intellectual property (IP) and personally identifiable information (PII).
- The physical threat surface consists of tangible equipment such as desktop computers, laptops, phones, tablets, servers, and routers.
Create an inventory of the tools in your security stack
As your threat surface evolves and cyber criminals orchestrate new ways to attack, it’s easy to fall into the habit of adding a product to address each emerging risk. This has led to cyber security “tool sprawl” — the occurrence of increasingly large and complex stacks.
When you understand what you’re trying to protect, it’s easier to choose the right tools for the job.
If you’re not getting the return on investment you anticipated from your stack, or if it has become unmanageable, create a list of all the cyber security solutions you use.
Determine whether each tool still provides value
The next step is to critique each product and determine whether it’s worth the investment. As you go through the list, ask yourself these questions:
- Does each tool have a distinct purpose? Are any redundant?
- Are any products no longer needed to protect my current threat surface?
- Is my stack manageable?
- Do we have the resources in-house to maintain these products?
- Are these tools producing alert fatigue?
- Would a managed solution make more financial sense?
During this evaluation, it should become clear which tools are no longer necessary or never were. Remember that a once-perfect suite of tools can quickly become inadequate due to the ever-evolving nature of cyber security.
To stay informed about cyber risks and how threat monitoring, detection, and response can protect your business from cyber threats, sign up for our newsletter below.