Marc French

by Marc French

Senior Vice President & Chief Trust Officer

Posted Jun 11, 2019

How many IT Security tools are you currently using to keep your IT environment secure? Odds are, it’s too many.

GettyImages-823708506.jpg

There’s a big, big problem taking hold in the IT world today: IT/security teams are constantly expanding tooling and architecture to protect their organization from the latest threats. A recent research report from Optiv highlighted that the average number of IT security tools currently in use in any given enterprise environment is 75.

It’s true that it’s a big, bad cybersecurity world out there. It’s true that attackers are getting more and more sophisticated and they do everything they can to stay one step ahead of the good guys.

However, the approach of acquiring more and more information security technology as a means of keeping up runs counter to what our goal should be as IT security professionals. The level of these new IT security tooling implementations is unsustainable for most organizations outside the Fortune 100.

This way of approaching the issue forces us to face down a dangerous arms race we have little hope of winning. It’s my hypothesis that we should instead use fewer IT tools to be more secure.

With Security Infrastructure, Less Can Be More

For most organizations, IT security resources are finite. This includes limited access to funds for personnel and technology, and time is short as well. For those without infinite resources, putting your people and technology on the most relevant and most critical possible cyber threats takes on major importance.

Because of this, your enemy is risk distraction. Chasing the latest and greatest cyber threats out there may not be your best risk decision depending on how your organization profiles and what your biggest risks are on a day-to-day basis.

As a rule of thumb, if you have implemented and are managing more than two tools per IT/security professional on your team, it may be time to reconsider your approach. You have to consider your force multipliers in this count (that includes your MSSPs, champions, proxies and vendors).

Then, consider if you’ve truly implemented these IT security tools in question to their fullest capability. If you haven’t done that, you’ve likely created a bigger cyber risk as a result with a false sense of security.

If you’re planning on attending the Gartner Security & Risk Management Summit at National Harbor, Md. from June 17-20, visit Mimecast at Booth 307 and sign up here to schedule some time to talk with us. We'd love to chat with you about your cyber resilience plans and how you can simplify your IT security environment.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

Marc French

by Marc French

Senior Vice President & Chief Trust Officer

Posted Jun 11, 2019

You may also like:

Nader bekeken: Verdoezelde bestandsloze malware in de toolkits van cyberaanvallers

The latest from Mimecast Research Labs i…

The latest from Mimecast Research Labs includes a malware te… Read More >

Dor Zvi

by Dor Zvi

Security Researcher, Mimecast

Posted May 31, 2019

Echte voorbeelden van dreigingen gemist door allerhande e-mailbeveiligingssystemen

A new view of the Mimecast Email Securit…

A new view of the Mimecast Email Security Risk Assessment. … Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Enterprise Security Campaigns

Posted Jun 03, 2019

Baltimore Ransomware Attack Highlights Vulnerabilities in Municipal IT…

Resource-thin IT departments need a plan…

Resource-thin IT departments need a plan for cyber resilienc… Read More >

Marc French

by Marc French

Senior Vice President & Chief Trust Officer

Posted May 31, 2019