Advyz Cyber Risk Services Blog – Tools Rationalization

Successful cybersecurity programs are made up of three parts: people, process, and technology. Most organizations invest a great deal of resources to make sure they have the right people. Those people in turn create processes to accomplish the organization’s mission. The technology and tools that support the processes, and in turn the people, become more complex over time. Tools in particular have enabled businesses and teams to rapidly solve complex business problems but an overlooked side effect often troubles us all – rationalizing an ever-expanding suite of products. Thankfully, the answer to stemming the tide of products comes in the form of a tool’s rationalization. A tools rationalization assesses five key metrics—deployment, operationalization, maturity, gap analysis, and feature overlaps.

• Deployed – The rationalization should assess how deployed tools are in the environment. Many organizations struggled to identify if the tools they own are actually deployed to all the endpoints in the enterprise. The tools rationalization helps to answer questions like: How deployed are the tools? What percentage of endpoints have an agent or are supported agelessly and when did they last check in with the management server?
• Operationalized – Misconfigurations top the list of breach causing incidents. Tools are typically deployed with minimal configuration as initial professional services are focused on installation with minimal configuration. Are you getting what you paid for? Statistically, you are ONLY getting what you paid for.
• Mature – Software manufacturers vary when it comes to the maturity of products when compared to peers in the industry. Often, product is installed to satisfy a single use case or a combination of use cases. Studies show that use cases change over time and more capabilities are added to software platforms. It is important to assess existing tools to identify if they are doing what they are supposed to be doing as well as understanding if new capabilities have been added over time.
• Gap Analysis – Organizations can own multiple tools and still have gaps in coverage, especially when it comes to cybersecurity solutions. The MITRE ATT&CK framework is a great metric that helps identify if there is a gap in a cybersecurity program and should be used in any tool’s rationalization.
• Feature Overlaps – With an ever-expanding list of tools, it becomes more likely that an organization has multiple tools that can accomplish the same task. Larger organizations are notorious for buying technology to satisfy specific use cases. The problem with this approach is they end up having several tools that do the same thing and were purchased to address specific problems.

A tools rationalization validates the approach an organization is taking by making sure that the technology they own is providing the right support to people and processes. Overwhelmingly, leadership wants to know—are the tools that they have invested in still needed, used, and doing what they are supposed to be doing? A tools rationalization is especially valuable in a climate where budgets are shrinking, OPEX is tight, and CAPEX requires ironclad business justification.