Is there such a thing as having too many security tools?
Sort by:
In the security rainbow, at the bottom are the mission-critical assets, and they’re surrounded by data security, application, endpoint, network, perimeter security, prevention, operations, etc. There's not one solution or one framework that you can follow to meet all of this criteria and reduce your risk.
We've been seeing these security incidents for years, and it's just history repeating itself over and over again. I'm waiting for some innovative startup to come along and fix a good portion of the rainbow. We need to figure out the best way to approach zero trust without overdoing the tool situation to detect everything.
You could spend your entire IT budget on security tools. Most CIOs I know complain that I keep adding more security tools, but I never take anything out. You end up laminating over this stuff and the tools are tripping over each other and their update cycles are wrong.<br><br>The VC community is still pumping lots of money into point solutions in the security space, that's the problem. Because they're playing for an exit strategy of an acquisition by somebody bigger: “let's make some cool, niche thing so somebody will buy us.” And then they have a hodgepodge of things that don't work together. Security has been a big thing for the last 10 years and I haven't seen anybody come up with the “all-singing all-dancing” solution, or even architecture for one.
That's a good point. And that's been a problem in all of IT, not just security.
The various parts of our security tool set don't really talk to each other and they're all on different upgrade cycles. We need to put more pressure on the vendor community to quit making us hobbyists. Stop coming up with point solutions. Give me a real solution, not a tool that is a component of a solution.
We're technology people so we tend to drive into the tools a little early. Our clients are getting all these alarms and alerts, but they get so many because they don't have any thresholds set for the ignore factor. If you're getting blasted with alert smog, there are so many alarms that you don't pay attention to them anymore. But some of those alerts are for real threats. There's a signal to noise ratio to get filtered out, but how do I do that?
Today there are 15-20 different locations for our data. There is value in tying them together and analyzing that information, drowning out the noise to pick up the signals, and correlating the signals from your market conditions to what you are selling, therefore improving your offerings. But, how does the analyst come in? What is the right setup as you start bringing in information into the data lake? What is the right level of access when our data lake has information from—in our case—roughly 130 different applications that we pump information through?