Actions Stations, Someone? There Aren't Enough Specialists to Man Security Tools

Security tools are an important part of enterprise resilience. As security has been recognized as a vitally important part of the enterprise, many organizations have busily acquired a growing number of tools to help them secure their operations. Yet, it appears that many of those organizations are finding that abundance of tools to be more of a hindrance than a help.

Too Many Tools, Not Enough Staff

One of the principal problems enterprises have here is that they have too many tools to manage effectively. There simply aren’t enough people to actually manage the multitude of tools in their stack.

ReliaQuest and Ponemon’s 2021 study, Making Security Possible and Achieving a Risk-oriented Security Posture, found that half (46%) of companies had one staff member responsible for between four and ten tools. Just over one-tenth said that a single staff member could be responsible for over ten tools.

These tools aren’t simple to use either. They often employ advanced technologies like artificial intelligence or machine learning and require a high level of technical understanding to be used appropriately. That range of tools might also use different languages, have different user interfaces and be built with guiding principles that are starkly different from one another.

For one engineer to be in charge of multiple tools is often too much to ask. As those stretched security professionals scramble from one tool to another, a security incident can take from 18 hours to two days to effectively detect, investigate and respond to.

Not Enough Skills, Either

The problem here is twofold. On the one hand, there are too many tools, but on the other, there isn’t enough staff.

One of the basic problems most modern enterprises deal with is finding enough security talent. Demand simply outstrips supply. According to the 2021 ISC2 Cybersecurity Workforce Study, there are 2.72 million cybersecurity positions left unfilled, and the talent pool would need to grow by 65% to keep up with demand.

Metrics That Go Nowhere

The problems don’t stop there. Many of the tools that currently burden security teams don’t provide truly meaningful information. They provide a range of data points but often don’t offer the necessary context. Furthermore, they commonly don’t integrate with one another, leaving engineers to paste together the data pieces to create a full picture of what’s going on.

So, while an organization might be tracking various metrics, they often can’t extract meaningful information from it, spot false positives and find potential gaps or insights that might help them secure their infrastructure.

This is a significant obstacle for a security team. A supposed 64% say that security progress is difficult to measure because of the lack of standardized metrics.

In real terms, that leaves these organizations unable to improve their problem areas, demonstrate their successes to management teams or establish their own risk profiles. The aforementioned Ponemon report showed that metrics used by many organizations could not reveal risk or support a risk-based management program: 64% of respondents said there’s a lack of standardized metrics to measure risk management programs.

The Result: Confusion, Stress and Weakened Security Postures

It’s this arrangement that leaves vital security staff overworked, exhausted and frustrated. It fogs that crucial view of the network which a secure organization requires to resist threats. It wastes money and fails to capture the true value of the myriad tools that an organization has acquired. Above all, it harms the resilience of an organization.

Specifically, it hampers an organization’s ability to detect, investigate and respond effectively. Our 2021 Ponemon study showed that it is one of the key reasons behind this problem. Nearly half (47%) said that the lack of alert fidelity from security tools was the key reason behind this, 40% said that the complexity of their security stack was the key reason and 43% said that it was a case of spending too much time on managing and administering these security tools.

But the resulting problems go further than merely protecting the enterprise from everyday threats. Executive buy-in is one of the critical aspects of a successful security program. They often can’t get backing unless they can clearly communicate their needs to management and the board. For that crucial task, information that can benchmark performance, justify budgets and demonstrate success or failure is absolutely necessary.

The problem here is not with the tools themselves. The real problem is that security is about strategy and management, not products. When security analysts and engineers work with too many tools to effectively manage, things start breaking down, risks spiral and threats become all the more dangerous. Organizations need to find a way to capture the real value of their tools and metrics if they want to protect themselves and their data.

What’s Hot on Infosecurity Magazine?