Protecting the enterprise takes a lot of tools — network firewalls, Web application firewalls, end-point protection, identity and access management — and that’s just a standard defence. Sophisticated organizations have disk encryption, intrusion detection, behavioural analytics … there can be a long list.
In fact one source estimates an organization can have up to 75 security products, although sometimes that’s because of acquisitions.
Small wonder that at a session I covered at RSA Conference 2016 one panellist said enterprises need a chief simplicity officer. “If we don’t do that we’re not going to be able to detect and respond in seconds,” said Patrick Gorman of startup CyberGRX. He also warned about the separation of network operations and security teams, which often duplicates work.
But generally the CISO with a layered defence faces a lot of tools. That creates two problems, according to a recent article: Redundancy and multiple alerts. The question is what should infosec pros do about it?
“Look at whether you really need this product that is monitoring this information. Build outwards based on information and people rather than building inwards,” Geoff Webb, vice president of solutions strategy at Micro Focus is quoted as saying. “Take a hard look at what the problem we are trying to solve is as opposed to putting tools in to prevent what was a previous security risk,”
Another expert urges CISOs to winnow down the number of tools in their arsenal by either finding significant overlap between one problem and another or determining which tools provide the best actionable information, and then remove or significantly reduce all others over time.
Whatever the solution its a problem that has to be faced.