At most enterprise organizations, cybersecurity infrastructure grew organically over time. The security team implemented each security control in response to a particular threat, such as if antivirus software appeared on desktops, gateways were added to the network, sandboxes were deployed to detect malicious files, etc.
As the security infrastructure grew over the past 10 or 15 years, most enterprises didn’t really have a security technology architecture or strategy at all. And this lack of a cohesive security technology strategy has transcended into real problems. A recent ESG research survey illustrates some of the challenges associated with managing an assortment of security products from different vendors, including the following:
- 27% of survey respondents (i.e., cybersecurity professionals) say that their security products generate high volumes of security alerts, making it difficult to prioritize and investigate security incidents. Thus, more security tools = more alerts = more work = more problems.
- 27% of survey respondents say that each security technology demands its own management and operations, straining my organization's resources. Other ESG research indicates that 51% of organizations have a problematic shortage of cybersecurity staff and skills, so there simply aren’t enough people for the necessary care and feeding of all these security tools.
- 24% of survey respondents say that their organization needs different solutions for different infrastructure environments that are managed by separate teams, creating operational inefficiencies. In other words, they have security tools for data centers, endpoints, virtual servers, public cloud workloads, etc. Coordinating policy and control across these areas is no walk in the park.
- 22% of survey respondents say the number of security technologies used at their organization makes security operations complex and time consuming. No surprise here.
- 20% of survey respondents say that purchasing from a multitude of security vendors adds cost and purchasing complexity to the organization. So, just like security operations, purchasing efficiency and pricing is impacted by the number of security tools used.
Too many security tools and not enough time to use them correctly is not a new problem, but I would say that the ramifications of this situation are growing increasingly worse all the time. This explains why CISOs are looking to consolidate and integrate their security infrastructure with platforms and architectures.
In the past, the security industry had a high population of best-of-breed point tools vendors, but the overall market is undergoing a profound change. The future of the security industry will be dominated by a few big vendors selling enterprise-class integrated solutions.