Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.

How Do I Reduce Security Tool Sprawl in My Environment?

When it comes to tool consolidation, focus on platforms over products.

Yotam Segev, Co-Founder and CEO, Cyera

June 1, 2023

3 Min Read
Basic hand tool set in a blue jean back pocket
Source: Freer Law via Alamy Stock Photo

Question: We have too many security tools. How do I consolidate and reduce tool sprawl in my environment?

Yotam Segev, Co-Founder and CEO, Cyera: Security teams are dealing with too many alerts coming out of too many tools. They can’t reduce risk because the alerts lack context, such as their severity and potential impact. Alerts without context are largely meaningless. Many security professionals complain about feeling as if they are running at full speed but not making any progress.

To security teams, tool consolidation is an opportunity to be more efficient and effective. It also appeals to C-suite executives because it means working with fewer vendors and eliminating hardware, licensing, maintenance, and support costs.

3 Keys to Tool Consolidation

Tool sprawl exists because IT has changed so quickly and dramatically. Many of these tools were created for another era — the precloud days when enterprises relied on the moat-and-castle architecture for defense — which means security teams are using one set of tools for securing on-premises systems and another for the cloud. Here's how to remediate that.

1. Take Inventory and Seek Alignment

Take an inventory of all the tools the security team is using. Poll the team and make them part of this process. Get an understanding of what is being used, what is being pushed aside, what they can live without, and what they can't.

A recent Verizon report found that security teams use between 55 and 75 security products or applications total, on average. All these tools mean dozens of management consoles, onboarding and training programs, and employee upskilling requirements. Things get more complicated depending on where the tools are deployed — on-premises or cloud — and what permissions are used.

Involving the team is important because it shows that you are addressing an issue that is important to them and impacts their day-to-day jobs. It will also give you great insights into the tools and capabilities they rely on. Once you understand the tool landscape in full and in practice, you will see the delta between what is being used and what can be cut.

From here, evaluate the top use cases that the team faces and determine whether the tools used adequately address these use cases.

2. Choose Cloud-Native Platforms, Not Products

The solution to tool sprawl is to invest in platforms that can address multiple core use cases, from on-premises to the cloud. Tools that were built for the cloud tend to mirror that functionality on-premises. This is the first and best place to identify opportunities for consolidation.

For example, legacy data loss prevention (DLP) solutions are hugely expensive and complex products that take months to deploy, configure, and train. For all of that, they often produce too many false positives, resulting in noisy alerting mechanisms that create friction within the business. Cloud DLP exists, but it creates new data silos, making securing data challenging. A platform solution, however, can provide DLP functionality across different environments, including cloud, containers, and virtual machines.

3. Automate

Platforms that were built for the cloud are designed to enable automation of tasks that used to be done manually, such as inventory and classification of assets, devices, data, and software-as-a-service (SaaS) partners. Most cloud-native solutions will automate this across multiple environments, including infrastructure-as-a-service (IaaS), SaaS, and platform-as-a-service (PaaS), as well as on-premises.

Declutter Your Network

Cybersecurity exposures and risks associated with cloud workloads are inherently different from those of legacy, on-prem infrastructure. Employing too many tools can leave security teams ill-equipped to quantify, understand, or mitigate the exposure of sprawling cloud environments. A cloud-native security stack enables tool consolidation and broad automation, both of which are most welcome developments for your teams.

About the Author

Yotam Segev

Co-Founder and CEO, Cyera

Yotam Segev is the co-founder and CEO of Cyera. Prior to Cyera, he — alongside co-founder Tamar Bar-Ilan — built and ran the cloud security division for the Israeli Defense Force's (IDF) elite Unit 8200 and served as a Senior Class Commander in the IDF's prestigious Talpiot Leadership Academy. During this time, Yotam gained firsthand experience leading teams and deploying cybersecurity technologies in the field. He also gained valuable insight to recognize the challenges involved in ensuring business stakeholders have access to critical, sensitive data in a secure manner, and the need to develop a solution. These insights inspired Segev and Bar-Ilan to found Cyera in 2021. As CEO, Yotam leads strategic direction and operations, and guides the company to develop technology and tools through customer-inspired innovation.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights