There can never be too much cybersecurity, right? Wrong, says Jason Keirstead, vice president of security strategy at AI security developer Simbian. “Cybersecurity is not always a place where more is better,” he observes in an online interview. “Having redundant tools in your security stack, duplicating functions, can create increased churn and workloads, causing security operations center analysts to deal with superfluous, unnecessary alerts and information.”
The problem can grow even more serious if a tool is redundant because it’s outdated. “In that scenario, the outdated tool might not be keeping pace with the latest tactics and techniques being used by adversaries, causing blind spots,” Keirstead warns. Additionally, outdated tools can directly affect employees, hampering organizational productivity.
Aaron Shilts, president and CEO of security technology firm NetSPI, agrees. “For IT and security teams, redundant and obsolete security tools or measures increase workflows, hurt efficiency, and extend incident response and patch time,” he explains via email. “When there’s excessive or ineffective tools in the security stack, teams waste valuable time sifting through redundant and low-value alerts, hampering them from focusing on real threats.”
Obsolete security tools can also falsely flag safe behaviors or, worse yet, not flag unsafe ones, says Sourya Biswas, technical director, risk management and governance, at security consulting firm NCC Group. “The world of security is ever-changing, and attackers with their dynamic tactics, techniques, and procedures need to be countered with up-to-date information and tooling,” he states in an online interview. Additionally, even best-of-breed tools can cause harm when used incorrectly. “Some organizations spend money buying the best security tools the market has to offer, but not on deploying them optimally, such as by fine-tuning alert rules for their specific environments.” Other organizations may add tools that perform a duplicate function, resulting in inefficiencies. “In time, when business sees security is not delivering the intended results, the buy-in collapses and the security posture degrades.”
Prime Offenders
Most obsolete or redundant tools reside in the detection space, Keirstead says. A prime example is endpoint security agents. “Some enterprises have up to three or four different security tools deployed on the endpoint, each one consuming resources and reducing employee productivity,” he notes.
Additionally, excessive security controls, such as overly intrusive multi-factor authentication, can create employee friction, slowing down and challenging collaboration with partners, vendors, and customers, Shilts says. “This often results in employees finding workarounds, such as using their personal emails, which introduces security risks that are difficult to track and manage.”
Weed Control
Conducting occasional audits of network equipment and the capabilities they provide, along with their limitations, can help organizations avoid unpleasant surprises created by overcomplicated configurations, underpowered devices, or outdated gear, Kron says. “Many organizations fail to audit their network devices networks on a regular basis, feeling that the effort required may not be worth the rewards,” he observes. “However, when organizations do take this step, they often find devices they weren’t aware of, or are vulnerable, on the network.”
“Having good relationships with your vendors can be very helpful when trying to make sense of new or improved capabilities, old or outdated equipment, or potential incompatibilities,” Kron says. “A good sales engineer will have the experience and knowledge to point out potential issues before they get out of hand, and a good vendor will be willing to help organizations manage the world of security devices.”
Keeping Pace
Security tooling is not the problem — misalignment between tools and business needs is, Shilts says. “A well-implemented security strategy supports the pace of development rather than hindering it,” he explains. “By carefully selecting, configuring, and integrating tools, organizations can enhance security without sacrificing speed or efficiency.”
Explore CXO Insider for the latest innovations in Operations, IT, and Finance, featuring valuable insights from top C-Level industry leaders!
