Those with many security tools must ensure that staff, expertise, & proper organisational alignments, expectations, & structures are in place.
However, not only does your enterprise probably have too many security tools but doing so hinders your incident response effectiveness! The Ponemon Institute concludes this, based upon an analysis of insight from 3,400 security & IT professionals globally.
The latest Ponemon Institute Cyber Resilient Organisation Report, sponsored by IBM, found that formal, enterprise-wide security response plan adoption is increasing. During the last 5 years, enterprise incident response planning adoption has witnessed a 44% growth rate.
Far less reassuring for security professionals are the findings that relate to the number of security tools being used by organisations. On average, enterprises use a total of 45 different security tools & 19 of these will be employed in response to one incident. More does not mean better when it comes to security tools & incident response.
The Ponemon Institute research discovered that, on average, those enterprises employing over 50 security tools were 8% less effective in detecting, & 7% less effective in responding to, a security incident than those using less tools. This negative benchmarking proved to be applicable across many categories of the threat lifecycle, says the report.
Info security professionals were asked for an opinion:-.
“All this ‘study’ shows is that organisations with larger budgets are more likely to doubt their ability to counter dedicated threat actors,” Richard Bejlich, Principal Security Strategist at Corelight, explains. “In other words, they have accepted that prevention eventually fails.
To make any claims about effectiveness of security tools or budgets, you would need to analyse how often various organisations are compromised, to what degree, impact, etc.”
Javvad Malik, Security Awareness Advocate at KnowBe4, added that “complexity is indeed the enemy of security, having more security tools doesn’t always equate to better security, & security shelf-ware remains an issue in many organisations.” Malik warned that ‘defence in depth’ can all too easily become expense in depth for many enterprises.
Is orchestration the answer? “Orchestration can be useful, but it will only be as good as the underlying tools it is orchestrating,” Malik advises, “so, it’s important to have the right tools in place.”
Chad Anderson, Senior Security Researcher at Domain Tools, observed that “you cannot fix an enterprise’s security by throwing more tooling & capital at the problem.” There is no “electronic vest of mithril” here, he continues, & you should run if you see a vendor ever speaking in absolutes.
“Security is hard & often unforgiving as you just can’t get defence right every time,” he commented, “tools need to be effective & rolled into the daily process for security teams & they need to be integrated into other systems with a goal towards automation.”
“Multiple tools performing similar functions can produce contradictory results,” comments Theresa Lanowitz, Director at AT&T Cybersecurity & a former Gartner analyst, “understanding which result is incorrect can be challenging.”
Lanowitz argues that organisations become encumbered with a plethora of tools because adversaries innovate, & so the enterprise is “led down the path of believing more tools is equal to more and better security but this is false.” Those with many tools “must make sure the staff, expertise, & proper organisational alignments, expectations, & structures are in place,” she added.
Ilia Kolochenko, CEO at ImmuniWeb concluded “Eventually, cybersecurity teams just waste their valuable time trying to configure & correlate countless systems lacking consistency & missing a long-term strategy. They follow the hype, but miss the wood for the trees,” he observed.