Skip to main content

Consolidating your tech stack improves your cybersecurity posture

HP Wolf Security
(Image credit: HP)

CISOs and IT security leaders today must address both rapid change across the threat landscape and rapid evolution of the IT environment. Cybercriminals continue to evolve new and more sophisticated attack methods. At the same time, attack surfaces continue to expand with the adoption of cloud, the growth of IoT, and more commonplace work-from-anywhere practices. 

Faced with a more complex threat environment and a more complex infrastructure to defend, many IT executives have invested in more and more point solutions in the ongoing hunt for the next best-of-breed silver bullet. The result is tech stack sprawl which, ironically, can put mid-sized companies at even greater risk as complexity interferes with protection. The answer is consolidation — replacing multiple single-purpose products with fewer multi-function ones.

The evolution of tech stack

IDC maps the progression of security capabilities across three time periods. Prior to 2015, protection consisted of signature-based anti-virus, firewalls, intrusion detection solutions (IDS), email security, and log management.

From 2015 – 2019, security vendors brought to market Security Information and Event Management (SIEM) software to replace log management with real-time analysis of security alerts, later enhanced with Artificial Intelligence (AI) for Machine Learning (ML) analysis and prioritization. Other new capabilities included threat intelligence, Endpoint Detection and Response (EDR), and advanced detection and analytics techniques. Organizations began to bring all these capabilities together in a Security Operations Center (SOC) where the infrastructure can be monitored 24/7/365.

The first wave of consolidation appeared with the introduction of Unified Threat Management (UTM) appliances or software combining multiple functions, such as anti-virus, anti-spyware, anti-spam, network firewalling, intrusion detection and prevention, content filtering, and leak prevention. 

For technology development from 2020 through today, we see increasing adoption of User Behavior Analytics (UBA) to detect malicious activity in an IT environment. Other capabilities being added include Security Orchestration and Automation (SOAR), Multi-Factor Authentication (MFA), Zero Trust networking, threat hunting, forensics, and incident response. 

Evolution of security technology for mid-sized organizations 

Up to 2015

  • Anti-virus
  • Firewalls
  • Intrusion detection
  • Email security
  • Log management

2015 – 2019

  • SIEM
  • Threat intelligence
  • EDR
  • AI/ML
  • Advanced detection and response
  • 24/7/365 SOC

2020 to today

  • UBA
  • SOAR
  • MFA
  • Zero Trust networking
  • Threat hunting
  • Forensics
  • Incident response

When does “enough” security technology become “too much”? 

There are numerous issues raised by tech stack sprawl. Companies handling all their security in-house can end up with dozens if not hundreds of IT vendors in their infrastructure. Each product carries the heavy load of talent acquisition, skills development, onboarding, management, maintenance, and a new vendor relationship to oversee, adding cost to the infrastructure. 

In addition to higher costs, tech stacks comprised of multiple best-of-breed products end up with many features of each that go unused. Moreover, each cybersecurity product brings its own console, segmenting visibility and hampering threat correlation. Many vendor relationships can also create more work for your team, and inevitable frustrations.

The proliferation of security technologies that must work together seamlessly increases risk by creating more opportunities for error. The Verizon 2021 Data Breach Investigations Report finds that although errors are no longer the leading cause of data breaches, they are still prevalent, and misconfiguration is the leading source of errors. (What eclipsed errors? Phishing and other social engineering attacks, in 2021.) It’s no surprise, then, that the first tactic used by cybercriminals is to perform reconnaissance against a network, looking for security holes like unpatched vulnerabilities or configuration errors.

Consolidate the security stack and improve your security posture

Thanks to the proliferation of high-visibility attacks from cyber gangs and nation-state actors, cybersecurity is on the radar of every c-suite executive and board member. So, now is a good time to restructure your security stack through tool consolidation or, alternatively, by outsourcing the consolidation to a Managed Security Service Provider (MSSP). Taking the MSSP approach offers the opportunity to both consolidate and extend capabilities without investing in new security infrastructure. 

With either approach, you will end up with fewer vendors to manage, simplified day-to-day operations, and more importantly, a stronger cybersecurity posture as the result of these advantages.

Optimize staff and skills. 

A consolidated environment helps address the never-ending staff and skills shortage. With fewer products to master and manage, your security specialists can focus on closing security gaps. They can also focus on strategic initiatives like reevaluating network architecture and addressing security for cloud and remote work infrastructure.

Improve cybersecurity performance and effectiveness. 

Fewer tools can free up resources to focus on prevention and early detection. Through consolidation and outsourcing, you can fill gaps in your layered defenses — such as monitoring and analyzing user activity, the network, and deployed technology to achieve 24/7/365 visibility of your infrastructure — and respond in real-time to security events. 

Reduce Mean Time to Detection (MTTD). 

Industry reports and numerous surveys confirm that most cyberattacks are detected on average six months after the initial breach. Greater visibility, coordination across people, processes, and technology, and most importantly, strong skills on the part of security analysts can help you reduce the time an attacker lurks in your infrastructure.

Employ emerging technologies to strengthen security. 

Machine Learning, automation, and big data capabilities enable you to find the proverbial “needle in a haystack” by detecting and alerting on real threats and minimizing false positives. Cybersecurity platforms such as SOAR can reduce response times, accelerate remediation, and increase SOC productivity. More routine threats are neutralized, leaving more complex and sophisticated threats for the SOC experts to manage 24/7/365.

Next steps

The security marketplace is heavily fragmented, with thousands of solutions in dozens of categories. Start with your established vendors and determine who has brought consolidated solutions to the marketplace. You can evaluate those options against using an MSSP to handle part or all of your security infrastructure. 

Also consider the increasing sophistication of today’s cybercriminals. Recognize that the continuous evolution of cybersecurity tools is the reality we all live with — so use this opportunity to enhance your capabilities today and choose a path that will simplify continuous improvement in the future.

Mark Cornwell, CIO, Netsurion

As CIO at Netsurion, Cornwell draws on more than 20 years of progressive cross-industry IT leadership experience to lend his expertise to the broader cybersecurity sector and oversee Netsurion’s engineers.