Is there such a thing as having too many security tools?

1.4k views5 Comments

Managing Partner in Services (non-Government), 11 - 50 employees
The various parts of our security tool set don't really talk to each other and they're all on different upgrade cycles. We need to put more pressure on the vendor community to quit making us hobbyists. Stop coming up with point solutions. Give me a real solution, not a tool that is a component of a solution.

We're technology people so we tend to drive into the tools a little early. Our clients are getting all these alarms and alerts, but they get so many because they don't have any thresholds set for the ignore factor. If you're getting blasted with alert smog, there are so many alarms that you don't pay attention to them anymore. But some of those alerts are for real threats. There's a signal to noise ratio to get filtered out, but how do I do that?
CISO in Software, 51 - 200 employees
In the security rainbow, at the bottom are the mission-critical assets, and they’re surrounded by data security, application, endpoint, network, perimeter security, prevention, operations, etc. There's not one solution or one framework that you can follow to meet all of this criteria and reduce your risk.

We've been seeing these security incidents for years, and it's just history repeating itself over and over again. I'm waiting for some innovative startup to come along and fix a good portion of the rainbow. We need to figure out the best way to approach zero trust without overdoing the tool situation to detect everything.
2 2 Replies
Managing Partner in Services (non-Government), 11 - 50 employees

You could spend your entire IT budget on security tools. Most CIOs I know complain that I keep adding more security tools, but I never take anything out. You end up laminating over this stuff and the tools are tripping over each other and their update cycles are wrong.

The VC community is still pumping lots of money into point solutions in the security space, that's the problem. Because they're playing for an exit strategy of an acquisition by somebody bigger: “let's make some cool, niche thing so somebody will buy us.” And then they have a hodgepodge of things that don't work together. Security has been a big thing for the last 10 years and I haven't seen anybody come up with the “all-singing all-dancing” solution, or even architecture for one.

Head of IT Business Applications in Software, 501 - 1,000 employees

That's a good point. And that's been a problem in all of IT, not just security.

Senior Director, Business Intelligence and Data Management, 10,001+ employees
Today there are 15-20 different locations for our data. There is value in tying them together and analyzing that information, drowning out the noise to pick up the signals, and correlating the signals from your market conditions to what you are selling, therefore improving your offerings. But, how does the analyst come in? What is the right setup as you start bringing in information into the data lake? What is the right level of access when our data lake has information from—in our case—roughly 130 different applications that we pump information through?

Content you might like

Community User in Software, 11 - 50 employees

organized a virtual escape room via - even though his team lost it was a fun subtitue for just a "virtual happy hour"
Read More Comments
10.8k views26 Upvotes63 Comments





71.9k views166 Upvotes58 Comments

Founder, Self-employed
Work travel is a privilege. Embracing your experience to meet new people, and see the beauty of nature and culture wherever you go.
Read More Comments
74.3k views71 Upvotes42 Comments




Non-production DBs (Dev, Training, QA, etc.)31%


1.3k views1 Upvote