The over-proliferation of tools in the cybersecurity field is all too common. Promotional emails about tools dominate security team inboxes. Conferences are filled with vendors promoting their latest tools.
Given the circumstances, it’s common for teams to have excess tools, a problem sometimes referred to as shelfware. This can strain precious team resources such as time, focus, and budget. This analysis will explore different techniques to optimize your portfolio to create a more sustainable, and manageable, set of tools for security teams.
First, let’s step back and look at the big picture. Tools like the Cyber Defense Matrix can map every tool in the portfolio, providing insights on:
- Overlap in coverage (protecting devices or identifying assets)
- Gaps in coverage (areas not yet protected by a cybersecurity tool)
Depending on the organization, breaking down the asset classes in this matrix (device types, application types, network types, etc.) may be necessary. If overlapping tools are identified, and there isn’t a strong reason for the two (or more) to coexist, there’s very likely an opportunity for consolidation.
During portfolio mapping, it’s essential to ask whether each tool is actually being used. If it’s not, the tool should still be included but with a qualifier that it’s not being actively used or has become full-blown shelfware.
Not all tools offer rich integration capabilities, such as a well-documented application programming interface (API) or connectors to other security/IT tools. There is an emerging trend across cybersecurity teams to stitch multiple tools together to create powerful workflows. But if tools don’t offer any means of seamlessly integrating with other systems in your environment, they will likely require lots of manual work and intervention.
Aggressively review your tools portfolio for those tools that necessitate manual work or require your team to be stuck in that tool’s interface to make it work — as opposed to integrating via an API to a programmatic workflow.
Cost vs. Benefit Analysis
With a full breakdown of the tools currently supported in the budget, it can be incredibly enlightening to fully enumerate what the environment looks like. Cost comes in many forms, not just what is represented on a budget spreadsheet. Look at each of the tools from the following perspectives:
- Annual cost in dollars
- Person time spent maintaining the tool
- Person time spent actually using the tool
- Coverage across the environment by the tool; for example, a SaaS Security Posture Management (SSPM tool) that is only being used on 2% of the organization’s application portfolio needs to be heavily scrutinized.
Quantifying the benefit of a given tool is not always possible, especially given the diversity in the field. To that end, qualitative statements of the benefit being received from a given tool can be useful to weigh alongside the hard cost.
Cybersecurity tool bloat is a real problem in many teams. So often, tools are purchased with the best of intentions. The tool sounds promising in the sales process; customer service is there to help with the more complicated parts of a tool’s interface or to resolve problems. But as things come up and draw focus away from deploying and capitalizing on a given tool, tools can quickly start to collect dust as they are used on a limited basis.
The work isn’t cutting edge, but going through the process of managing a portfolio of tools and optimizing it step by step can help teams create a more sustainable workload. It will also have a positive budget impact. Using fewer tools overall, but using them to the absolute maximum potential without unnecessary strain, is a worthy outcome of evaluating your cybersecurity portfolio.
Want more cybersecurity insights? Subscribe to the Cybersecurity as a Business Enabler channel: