It seems almost obvious that a single, composite view is superior to a layered approach. So one must ask – Why is the industry proliferated with the point solution approach?
How Did We Get Here?
The most straight-forward explanation is simply the fact that the underlying technology itself developed in a piecemeal fashion. The specialized tools, and expertise to manage them, organically reflect the history of technology development. Attacking as a practice, predates IT and internet – there were “telephone hacks” for example before IT and web surfaced. As attackers developed approaches to leverage new access points, cyber security suppliers developed tools for those new layers of concern.
The Marketplace Itself Embraced Point Solutions
As each layer-focused toolset matured, the industry would position and rank them within the scope of each layer. The question was (and still currently is for the industry) what tool is best for each layer? The more important question should have been (and should be today), how can I have a more accurate and more comprehensive view as the attacker? How can I have a solution that accurately detects vulnerabilities and weakness that matter to our organization regardless of where they occur? How can I focus on what really matters?
How Bad is the Problem?
While it might seem intuitive in the abstract to advocate for a single, full-stack solution – does the industry reality reflect the fact that we have built up an unwieldy plethora of point solutions dedicated to each stack layer? Is the CISO officer really loaded with an unmanageable amount of point solution tools? The answer is – It’s probably worse than you imagined.
Houston, We Have Proliferation Problem
Here are some interesting highlights from Gartner’s Top Security and Risk Trends for 2021:
- Security Leaders have Too Many Tools – What’s the number? – SIXTEEN. Yes, sixteen or more tools in their portfolio! And 12% have 46 or more!
- What’s the Problem with Proliferation? – Security Ops has become too complex and requires too much headcount to manage it all.
- How Many Enterprises Recognize the Need for a Fix – 80% of organizations are interested in a vendor consolidation strategy!
- Solution Provider Response – Large security vendors are responding with better integrated products but not taking on the challenge of a full stack solution.
- Correcting History is Not Easy – Consolidation is not easy. According to Gartner on average it takes YEARS to roll out.
- Surprising Conclusion – Lower Cost with Improved Security Posture – While Cost Reduction might initially be the driver, consolidation delivers both streamlined operations and lower security risk.
Takeaway
It is a problem. It’s a big problem. And the industry wants to fix the problem.
Does History Define Our Vulnerability Management (VM) Approach?
Now here is the rub. If a Cyber Security Department has followed the industry path of an individual layered approach, does it have to make the best of a flawed approach by optimizing the individual tools and manually consolidating data? The answer is no – there are Single Full Stack Solutions available to provide a corrective course of action.
To learn more about why Single Full Stack VM Matters, click the button below