Too many disconnected cybersecurity tools (cooks) create blind spots and overwhelm teams, increasing risk (spoilt soup). What are the mitigative approaches?
Amid increasingly sophisticated cyber threats, some organizations may have added disparate addition cybersecurity tools to their infrastructure to cope.
However, if not properly managed, the growing number of cybersecurity tools in an organization, called “tool sprawl”, may cause hidden risks. Multiple disconnected products can create blind spots, or overwhelm smaller teams with too many alerts and maintenance calls, reducing overall security effectiveness.
What are some practical ways to address tool sprawl without compromising organizations’ cybersecurity posture. In this Q&A with CybersecAsia.net, Mark Lukie, Director of Solutions Architects (APAC), Barracuda offers some practical insights.
CybersecAsia: In your work, why are complexity and misconfiguration some of the biggest hidden risks today?
Mark Lukie (ML): Complexity and misconfiguration of security stacks are things I see all the time. The issue is that the risk builds quietly. One tool here, another there, and before you know it, your security stack includes dozens of tools, each with its own dashboard, alert system and update cycle.
Each tool could be great on its own, but together? They can create blind spots. In our own research, we found that only about a third of respondents had felt completely confident their tools were properly configured. For the remaining two thirds, the sentiment was that “it’s like locking every door in your house but forgetting a window.”
Working with mid-sized organizations it is not uncommon to find that organizations may have invested in multiple solutions, but a simple misconfigured firewall rule had left them exposed. Attackers only need to successfully exploit one security gap, once.
CybersecAsia: How can IT and security teams, especially in smaller or resource-constrained organizations, reduce risk?
ML: With cybersecurity threats constantly evolving and escalating, IT and security teams may start to feel like they are juggling too many tools. Smaller teams do not have the luxury of dedicated specialists for every tool. An organization may have six different security solutions in efforts to cover their bases, but they will be drowning in alerts with little to no visibility.
When these tools and vendors cannot integrate, a fragmented environment is created, which is difficult to manage and secure — only adding to the risk.
The unsung hero in such scenarios may be simplification: The key is to focus on what truly matters. Map your tools to your top risks. If a tool does not help mitigate a priority threat or integrate well with other tools, it is probably adding noise; and further assessment is needed.
CybersecAsia: What are the ways to solve the problem of tool sprawl when external help is needed?
ML: Cyberattackers only need to get it right once; defenders need to get it right every time.
When an organization wants to solve tool sprawl problems, there are two approaches:
- Integrated platforms help level the playing field: They give organizations greater visibility across an environment, reduce the risk of misconfiguration, and streamline responses. I have seen this in action. Overwhelmed by siloed tools and constant false positives, organizations switching to an integrated platform with the optimal support can find that they not only reduce incident volume but also catch misconfigured tools before they become problems.
- Managed service providers (MSPs) are equally vital, especially in regions where talent shortages are real: MSPs bring scale, expertise, and 24/7 coverage. They are expected to provide not just solution but to work as strategic partners to help organizations move from reactive firefighting to proactive defense.
CybersecAsia: What are you seeing regionally in the Asia Pacific region: How are organizations coping with these challenges?
The region is incredibly diverse, but the challenges across international markets are strikingly similar. Whether it is a country with advanced infrastructure or a less-advanced one with fast-growing enterprises, organizations are grappling with security tool sprawl.
However, in the grand scheme, simplification is not just about cutting tools; it is about cutting complexity.
What I am seeing in the region is that more organizations are realizing that complexity reduces cyber resilience. They may then consolidate cybersecurity tools, prioritize observability, and seek external consultancy to tackle the problem. That mindset change is encouraging. It shows that APAC organizations are not just reacting to threats, they are meeting them head-on. And that is where real cyber resilience begins.
CybersecAsia thanks Mark for sharing his cybersecurity insights with our readers.
