September 4, 2018 By Christophe Veltsos 3 min read

As chief information security officers (CISOs) grapple with a broad range of duties — including cyber risk management, security investigations oversight, incident response, security road mapping, and providing regular updates to the C-suite and the board — the stakes are too high to go without the right tools for the job. That said, a larger arsenal of security tools isn’t always better.

Security leaders should review the set of tools they currently use and ask themselves whether each one truly supports and enables them to be as effective as they need to be. Companies often implement solutions from as many as 70 vendors, according to ZDNet. This raises concerns about the number of third parties accessing your enterprise network and data, as well as how effective all these solutions are as an aggregate.

Why CISOs Are Burdened With a Mountain of Security Tools

CISOs have a habit of implementing more and more security programs over time without decommissioning old ones, according to Intelligent CISO. This makes for a messy situation on the security bridge: We’re surrounded by security tools, and yet drowning in cyber risk. What can we do about it?

Picture the CISO getting to work and launching his or her dashboard. What does this dashboard look like today? Does it show a strategic-level view of the organization, how far along various security initiatives are and whether risks fall within agreed-upon ranges? What about potential causes and future consequences should issues remain unaddressed?

Unfortunately, the CISO today is left managing a bundle of security activities with the equivalent of an abacus instead of a graphing calculator. For decades, the security function has invested in narrow-purpose (if not single-purpose) tools, a trend we must now reverse to supplant quantity of tools with efficacy — but how?

How to Evaluate Your Security Toolbox

Every tool will have its own scope of coverage, pros and cons, dashboard, configuration, and potential customizations for our enterprise. Examining each tool one at a time to decide whether it should stay or go and what should replace it sounds like a massive headache. A better approach is to think about the value that tools should bring to the CISO and the organization. As the Intelligent CISO article put it, each tool should align to your organization’s security framework, reduce risk, and be able to measure and sustain the level of reduction.

The good news is that the past few years have seen a flurry of security investments and mergers and acquisitions (M&A) activity, which has resulted in new tools and partnerships among leading security platforms. That means the new security tool you’re considering might have the ability to integrate with existing tools, thus reducing the number of dashboards to monitor and improving the overall picture of cyber risk. Better yet, some tools leverage artificial intelligence (AI) to make sense of all of the data they have ingested.

Do Your Tools Support Your Security Strategy?

Not all tools are about risk reduction. Some tools won’t impact the confidentiality, integrity or availability of sensitive data at all. We’re talking about tools for setting strategy, reporting the organization’s maturity in its various security processes, and enabling the CISO to track, aggregate and report the levels of cyber risk to which the organization is exposed, their potential impact on business objectives, and how the organization has decided to deal with those risks.

As CISOs find themselves spending more time on the business side of the house, they should review the tools they use to ensure that they’re able to squeeze out as much useful information as possible. That includes having the right ticketing programs (in partnership with the help desk), incident response applications (in partnership with IT), incident escalation channels (in partnership with HR, legal and many more) and risk management tools (in partnership with the legal and compliance functions).

But perhaps one of the most important tools is the one that allows the CISO to think strategically about where the organization is today and where it needs to be tomorrow. This might take the form of a custom-made spreadsheet, a project management tool or a process tracker. Most importantly, such a tool should allow the CISO to assess and reflect on how effectively the organization manages its cyber risks. If a CISO were to fail in his or her ability to look at cyber risks holistically and strategically, that in itself would be a risk to the organization — not to mention the CISO’s tenure there.

The right tools should help the CISO be a more effective security leader and position the cybersecurity function as a partner of the organization. Improving the management of cyber risks means improving the quality of the data we collect, our analysis of threats and their potential impact, and our ability to discuss options for dealing with residual risks while enabling the organization to compete in a global marketplace. Waiting for the one tool that can do it all isn’t an option, but neither is continuing on the path of trying to make sense of as many as 70 security tools.

Listen to the podcast series: Take Back Control of Your Cybersecurity Now

More from CISO

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today