More tools, more threats?

2021 ReliaQuest Security Technology Sprawl Report reveals rapid increase in security tools limiting return on investment while increasing the risk of cyber threats.

ReliaQuest has published the findings of its 2021 Security Technology Sprawl Report with IDG, which surveyed 400 IT and security decision makers at companies with more than 1,000 employees on the effectiveness of their current security tools and technology stacks. The study found that on average, enterprises maintain 19 different security tools, with only 22% of such tools serving as vital to primary security objectives. The report also unveiled a lack of meaningful ROI metrics when reporting on security progress, as well as disparate opinions on objectives, tool effectiveness and security awareness amongst the organization between executives and operations on security teams.

Additional findings include:

  • Most security tools are not being utilized to their full potential: Less than half (47%) of existing IT security tools are used daily. Most security decision makers (85%) believe they are adding technologies faster than they can productively use them, with 71% admitting most existing tools are underutilized.
  • Security actually suffers as a result of uncontrolled tool sprawl: 71% of security decision makers believe the increasing amount of time they spend managing tools inhibits their ability to effectively defend against threats. Teams need better integration and automation of disparate tools, as well as better visibility across tools to help them operationalize proactive security programs.
  • Security executives and operations teams are misaligned on program objectives:Security leaders view investment and direction differently than those charged with execution. Executives at the CISO and Vice President levels have their eye on strategic business goals and ROI, while security directors and their staff, on the other hand, are typically faced with putting out fires, spending a growing amount of time managing tools, and manually piecing together data from across these tools to identify threats. Generally, 57%believe they deactivated a tool due to a better option. However, 52% of topsecurity executives said the tool was not providing proper return on investment, compared to only 20% of security operations professionals. Additionally, one in three(35%)executives felt the reason for replacement was due to lack of in-house expertise, compared to 13% of the operations team.
  • Lack of meaningful ROI metrics is hindering security progress:Most enterprises struggle to measure ROI for security tools, the survey found. Respondents most often measure their investments using these three metrics: the number of critical vulnerabilities identified (52%), tool functionality (49%), and the percentage increase in visibility (48%). Only 29% of respondents said they measure the level of visibility contributed by tools across the environment, and only 33% look at how fast they can detect and respond to threats. Additionally, 63% of security operational managers don’t think the board understands the value of new security technologies, versus only 41% of upper management.

According to Aaron Sherrill, Senior Analyst at 451 Research, part of S&P Market Intelligence, “As enterprises add more security tools to their arsenal, they are finding that it is becoming increasingly challenging to integrate those disparate tools into their operational processes and find information across the different data silos within those tools. The problem is only becoming worse as enterprises continue to expand IT ecosystems across multiple environments and rapidly adopt new, emerging technologies.[1] Additionally, too often, security leaders report on metrics that are largely qualitative, focusing on discrete technical aspects of the cybersecurity program, or delivering data points with no context. To be meaningful, C-level leaders need measurements in terms that are easy to understand and relatable at the business level.[2]

“Security is not a game of chance, but one of strategy. Each year, the number of security tools drastically increases, causing alert fatigue and security team burn out,” said Brian Murphy, CEO of ReliaQuest. “But there is light at the end of the tunnel. Enterprises must adopt a focused, strategic approach to security, rooted in vendor-agnostic tool integration.”

Murphy added: “With Open XDR, organizations can now gain visibility into relevant security data, regardless of where it resides. Traditional approaches to XDR use just a subset of security data belonging to one provider or a limited few. Open XDR provides comprehensive visibility, rich investigations, as well as access to data and actions, allowing organizations to gain all the insights needed to align on key metrics including those that matter to the board, as well as security management and operations teams in the trenches. This alignment is a game changer for organizations.”

Research shows ‘game needs to be changed,’ with security innovation years behind that of the attackers, the board a decade behind security discussions and regulation needing more industry input.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that the UK’s Mid-Market IT Leadership expects to see a shortfall in IT spend in 2022. While 52% of IT decision-makers believe their 2021 budget met the ambitions of their team, there seems to be less certainty and confidence about future finances — 61% think their budget will need to increase in 2022, but only 13% expect it to.
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and operational cloud services that is unique on the market, enabling clients across the world to meet the challenges of managing their data in the edge to cloud continuum, in line with the highest jurisdictional data governance requirements. Part of the Atos' OneCloud initiative, Atos OneCloud Sovereign Shield is a comprehensive edge to cloud platform ecosystem and highly secure service that improves the level of control clients have over the data they produce and exchange, helping them regain control and effectively deal with legal dependencies.
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets across Europe with further expansion into APAC planned.
Research from Avast has found that employees in almost a third (31%) of Small and Medium Businesses (SMBs) in the UK are connecting to the corporate network using personal devices that do not have any security controls in place, according to IT Decision Makers (ITDMs) within SMBs.
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53% offer backup services.
Trend Micro has published new research revealing that 90% of IT decision makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals. Additionally, 82% have felt pressured to downplay the severity of cyber risks to their board.
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real terms’ during 2022 – leading to increased cyber vulnerability.