While there are many great products security pros use daily to keep their organizations secure, every one of them has things about them that could be better. However, as security stacks get increasingly complex, all these “less than ideal” items taken together can result in a daily nightmare. The key for security team leaders is to realize when the pain the security stack is inflicting is more than the team can handle.
We have over 7,000 customers using our Open XDR SecOps Platform. When talking with our customers, they often discuss how they could eliminate redundant, less valuable products from their security stack due mainly to the number of capabilities built into our platform. I heard three frustrations repeatedly in those conversations, which gave me the idea to write this blog.
Here are three tell-tale signs you might be ready to change your security stack.
1.) You spend more time chasing down your vendor than the attacker.
Every product developed has defects. That said, not all defects are created equal. Security analysts are used to working around minor issues in the product that, while annoying, allows them to complete investigations. However, their ability to deliver security outcomes comes to a grinding halt when something critical crumbles.
Once in a very long while, this can happen with any security product, but when it becomes a regular occurrence, that is a big red flashing warning sign. If your vendor constantly has to roll out hotfixes, which end up breaking other things, it’s time for you to start weighing your options to say bon voyage to that vendor and their broken product.
2.) Your vendor contact list is longer than your phone book.
Years ago when cybersecurity was “simple” (insert laugh here), security teams dealt with just a handful of products to get their jobs done. However, many security teams are working with over fifty different products and vendors today. While it can be appealing to always add the latest and greatest product to a security stack, it’s easy for things to get out of hand.
Years ago, when I was working with a company on a potential deal, the CISO of this company asked a question I always remember. We were pitching his team on a new technology that consolidated a few products most security teams were familiar with. However, since our product and product category was emerging, it wasn’t explicitly clear to him that our product could replace some of his team’s products.
During the meeting, he said,“Tell me exactly what I can get rid of if I bring your product in.” I remember taking a beat, surprised he didn’t see it, but once I got over my shock, I told him the technology he could eliminate if he selected our product.
The fact is that modern security teams have more than enough technology, too much, in fact, from too many vendors, evident from the list of vendors security leaders work with. Even if they purchase products through a trusted security partner company, there is still a lot of brain power and time consumed keeping track of who sold you what. If this sounds familiar, start looking for ways to consolidate (aka clean house) your security stack from fewer vendors.
3.) "FP” and “DA” come up way too often.
It would be fantastic if all vendors of cybersecurity products worked together to deliver a common data model with the ability to share data and processing power to ensure everyone’s products generated minimal false positive and duplicate alerts, but that is just not going to happen.
Typical vendors are not keen to work with other vendors; if they do, they tend to do the bare minimum. On top of that fact, cybersecurity products suffer from scope creep, which means a product meant to deliver capabilities to solve problem X may end up with some noisy features that claim to solve problems Y and Z.
So, security analysts routinely expend effort investigating a threat that ends up being a false positive or, even worse, a duplicate alert from another product that some other analyst is already investigating. If this sounds familiar, now is the time to make changes for everyone’s sanity.
There is no one-size-fits-all cybersecurity approach. There are so many options in the market, but that doesn’t mean security teams must piece-meal their security stack together.
We routinely help organizations eliminate the complexity and cost of their security stack with our Open XDR Platform. With Next Gen SIEM, Threat Intel Platform, Security Analytics, UEBA, NDR, IDS, Malware Analysis, and SOAR capabilities included in our platform, and our ability to work with any other products they use via our data-agnostic integration architecture, these organizations not only streamlined their security stack but are now delivering better, more consistent security outcomes.
The bottom line: You can change what you use today. Watch out for these three signs and make a move when the time is right.