How many IT Security tools are you currently using to keep your IT environment secure? Odds are, it’s too many.


There’s a big, big problem taking hold in the IT world today: IT/security teams are constantly expanding tooling and architecture to protect their organization from the latest threats. A recent research report from Optiv highlighted that the average number of IT security tools currently in use in any given enterprise environment is 75.

It’s true that it’s a big, bad cybersecurity world out there. It’s true that attackers are getting more and more sophisticated and they do everything they can to stay one step ahead of the good guys.

However, the approach of acquiring more and more information security technology as a means of keeping up runs counter to what our goal should be as IT security professionals. The level of these new IT security tooling implementations is unsustainable for most organizations outside the Fortune 100.

This way of approaching the issue forces us to face down a dangerous arms race we have little hope of winning. It’s my hypothesis that we should instead use fewer IT tools to be more secure.

With Security Infrastructure, Less Can Be More

For most organizations, IT security resources are finite. This includes limited access to funds for personnel and technology, and time is short as well. For those without infinite resources, putting your people and technology on the most relevant and most critical possible cyber threats takes on major importance.

Because of this, your enemy is risk distraction. Chasing the latest and greatest cyber threats out there may not be your best risk decision depending on how your organization profiles and what your biggest risks are on a day-to-day basis.

As a rule of thumb, if you have implemented and are managing more than two tools per IT/security professional on your team, it may be time to reconsider your approach. You have to consider your force multipliers in this count (that includes your MSSPs, champions, proxies and vendors).

Then, consider if you’ve truly implemented these IT security tools in question to their fullest capability. If you haven’t done that, you’ve likely created a bigger cyber risk as a result with a false sense of security.

If you’re planning on attending the Gartner Security & Risk Management Summit at National Harbor, Md. from June 17-20, visit Mimecast at Booth 307 and sign up here to schedule some time to talk with us. We'd love to chat with you about your cyber resilience plans and how you can simplify your IT security environment.

Sie wollen noch mehr Artikel wie diesen? Abonnieren Sie unseren Blog.

Erhalten Sie alle aktuellen Nachrichten, Tipps und Artikel direkt in Ihren Posteingang

Das könnte Ihnen auch gefallen:

Verdeckte dateifreie Malware: Die neuen Toolkits der Cyberhacker näher betrachtet

Das Neueste aus den Mimecast Research Labs i...

Das Neueste von Mimecast Research Labs beinhaltet eine Malware te... Mehr lesen >

Dor Zvi

von Dor Zvi

Sicherheitsforscher, Mimecast

Posted May 31, 2019

Echte Beispiele für Bedrohungen, die von E-Mail-Sicherheitssystemen übersehen wurden

A new view of the Mimecast Email Securit…

A new view of the Mimecast Email Security Risk Assessment. … Read More >

Matthew Gardiner

von Matthew Gardiner

Principal Security Strategist

Posted Jun 03, 2019

Baltimore Ransomware Attack Highlights Vulnerabilities in Municipal IT…

Resource-thin IT departments need a plan…

Resource-thin IT departments need a plan for cyber resilienc… Read More >

Marc French

by Marc French

CISO and Managing Director

Posted May 31, 2019