John Edwards, Technology Journalist & AuthorMay 1, 20254 Min Readnarong yuenyongkanokkul via Alamy Stock PhotoThere can never be too much cybersecurity, right? Wrong, says Jason Keirstead, vice president of security strategy at AI security developer Simbian. "Cybersecurity is not always a place where more is better," he observes in an online interview. "Having redundant tools in your security stack, duplicating functions, can create increased churn and workloads, causing security operations center analysts to deal with superfluous, unnecessary alerts and information." The problem can grow even more serious if a tool is redundant because it's outdated. "In that scenario, the outdated tool might not be keeping pace with the latest tactics and techniques being used by adversaries, causing blind spots," Keirstead warns. Additionally, outdated tools can directly affect employees, hampering organizational productivity. Aaron Shilts, president and CEO of security technology firm NetSPI, agrees. "For IT and security teams, redundant and obsolete security tools or measures increase workflows, hurt efficiency, and extend incident response and patch time," he explains via email. "When there's excessive or ineffective tools in the security stack, teams waste valuable time sifting through redundant and low-value alerts, hampering them from focusing on real threats." Related:Obsolete security tools can also falsely flag safe behaviors or, worse yet, not flag unsafe ones, says Sourya Biswas, technical director, risk management and governance, at security consulting firm NCC Group. "The world of security is ever-changing, and attackers with their dynamic tactics, techniques, and procedures need to be countered with up-to-date information and tooling," he states in an online interview. Additionally, even best-of-breed tools can cause harm when used incorrectly. "Some organizations spend money buying the best security tools the market has to offer, but not on deploying them optimally, such as by fine-tuning alert rules for their specific environments." Other organizations may add tools that perform a duplicate function, resulting in inefficiencies. "In time, when business sees security is not delivering the intended results, the buy-in collapses and the security posture degrades." Prime Offenders Most obsolete or redundant tools reside in the detection space, Keirstead says. A prime example is endpoint security agents. "Some enterprises have up to three or four different security tools deployed on the endpoint, each one consuming resources and reducing employee productivity," he notes. Additionally, excessive security controls, such as overly intrusive multi-factor authentication, can create employee friction, slowing down and challenging collaboration with partners, vendors, and customers, Shilts says. "This often results in employees finding workarounds, such as using their personal emails, which introduces security risks that are difficult to track and manage." Related:Another headache are firewalls or security gateways offering features, such as IPS/IDS capabilities, that overlap with other tools but may not be able to perform the task as well as a purpose-built system, says Erich Kron, security awareness advocate for KnowBe4, a security training firm. Unified threat management (UTM) devices, for example, can be great for small or medium businesses, but tend to be far less scalable than purpose-built equipment. "Larger organizations with complex networks and higher bandwidth throughput, or more stringent security needs, may find themselves in a situation where these all-in-one devices can't keep up with the demand, or fail to perform as needed," he observes in an online interview. Weed Control Conducting occasional audits of network equipment and the capabilities they provide, along with their limitations, can help organizations avoid unpleasant surprises created by overcomplicated configurations, underpowered devices, or outdated gear, Kron says. "Many organizations fail to audit their network devices networks on a regular basis, feeling that the effort required may not be worth the rewards," he observes. "However, when organizations do take this step, they often find devices they weren't aware of, or are vulnerable, on the network." Related:In general, an organizational security posture, including tools and procedures, should be assessed annually or even earlier if a major change is implemented, Biswas says. Ideally, to prevent conflicts of interest, such assessments should be performed by independent, expert third parties. "After all, it’s difficult for an implementor or operator to be a truly impartial assessor of their own work," he explains. "While some organizations may be able to do so via internal audit, for most it makes sense to hire an outsider to play devil’s advocate." "Having good relationships with your vendors can be very helpful when trying to make sense of new or improved capabilities, old or outdated equipment, or potential incompatibilities,” Kron says. "A good sales engineer will have the experience and knowledge to point out potential issues before they get out of hand, and a good vendor will be willing to help organizations manage the world of security devices." Keeping Pace Security tooling is not the problem -- misalignment between tools and business needs is, Shilts says. "A well-implemented security strategy supports the pace of development rather than hindering it," he explains. "By carefully selecting, configuring, and integrating tools, organizations can enhance security without sacrificing speed or efficiency." About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like