A rapid increase in the number of security tools used by large companies is limiting their return on investment while increasing the risk of cyber threats, according to ReliaQuest.
Security tool tipping point
The survey of 400 security decision makers at companies with more than 1,000 employees found there is a security tool tipping point where the number of cybersecurity solutions becomes overwhelming and increases organizational risk levels.
The result is underutilized technology, ineffective use of valuable security resources and overwhelmed and inefficient teams that spend more time trying to manage their wide range of tools than proactively defending against threats.
Key research findings
- Security teams are deploying more tools than ever. Almost three-quarters (70%) of respondents say they’ve invested in more than five new technologies in the last year, including 19% who say they’ve invested in more than 20.
- Teams are struggling to implement the tools. Seventy-one percent report they are adding security technologies faster than they are adding the capacity to productively use them.
- The burden of tools maintenance compromises threat response. Sixty-nine percent report their security team currently spends more time managing security tools than effectively defending against threats.
- A majority of enterprises are less secure today as a result of tools sprawl. 53% say their security team has reached a tipping point where the excessive number of security tools in place adversely impacts security posture.
Enterprises need to shift focus
“Cyber threats continue to rise and require companies to mitigate risk,” said Brian Murphy, CEO of ReliaQuest. “While it’s tempting to think another piece of technology will solve the problem, it’s far from true – in fact, this survey proves more tools can worsen enterprise security by adding complexity without improving outcomes.
“Enterprises need to shift focus to getting more out of the investments they’ve already made while becoming more selective with new technology acquisitions and ensuring fit with their existing security models. The ultimate goal: tight integration and transparency across their entire environment.”
The survey found that the longer term consequences of vendor sprawl can be damaging to the overall security posture of an organization. A large number of disparate tools can be difficult to manage and lead to gaps in coverage, with 66% of respondents reporting that the excessive number of tools makes it harder for their teams to effectively address threats.
“Ultimately, security technologies help enterprises stay a step ahead of rapidly evolving threats. Vendor sprawl and the financial and operational pains it causes are avoidable. But to ensure technologies collectively deliver greater transparency, security leaders should reassess overarching business goals, align tools to their security models and then recalibrate the process and people to achieve the best outcomes.”