Sign up to save your podcasts
Or
Share Tool Consolidation
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Tool Consolidation
All links and images can be found on CISO Series (https://cisoseries.com/defense-in-depth-tool-consolidation/)
While cybersecurity professionals always want more tools, more often than not they're dealing with too many tools delivering identical services. The redundancy is causing confusion and more importantly, cost. Why should you pay for it? How does it happen and how do InfoSec leaders consolidate tools?
Check out this post and discussion for the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Adam Glick, vp, cybersecurity, Brown Brothers Harriman.
Thanks to this week's podcast sponsor, SpyCloud.
Learn more about how you can protect employees and customers from account takeover with SpyCloud.
On this episode of Defense in Depth, you'll learn:
- The tools bloat problem does not happen overnight.
- Often you have no choice with tools bloat. It's a function of the industry that companies add new capabilities and they acquire companies so you start to get redundancy even if you didn't plan on it.
- You can run into the trap of having excellent independent tools, but then they cause overlap and because they're independent and not integrated you eventually fall on the side of going with the lesser tool because it has integration with other capabilities.
- Best of breed doesn't sit still. It starts to morph and doesn't necessarily become the best anymore.
- Even if you did a great job consolidating, you can't set it and forget it. Given the industry's behavioral morphs and your growing needs, you'll need to revisit the issue at least once or twice a year.
- You need to do a tools audit.
- A lot of political issues will come into play as people will defend the tools they love, built upon, and use. If you can't figure out a way to mediate, you'll need to hire a third party to do the audit and make the assessment.
- Integration is critical. If there aren't APIs and other ways for the tools to communicate, it doesn't matter how awesome it is, the tool will need to be dumped.
View all episodes
By David Spark, Steve Zalewski, Geoff Belknap
4.8
7373 ratings
All links and images can be found on CISO Series (https://cisoseries.com/defense-in-depth-tool-consolidation/)
While cybersecurity professionals always want more tools, more often than not they're dealing with too many tools delivering identical services. The redundancy is causing confusion and more importantly, cost. Why should you pay for it? How does it happen and how do InfoSec leaders consolidate tools?
Check out this post and discussion for the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Adam Glick, vp, cybersecurity, Brown Brothers Harriman.
Thanks to this week's podcast sponsor, SpyCloud.
Learn more about how you can protect employees and customers from account takeover with SpyCloud.
On this episode of Defense in Depth, you'll learn:
- The tools bloat problem does not happen overnight.
- Often you have no choice with tools bloat. It's a function of the industry that companies add new capabilities and they acquire companies so you start to get redundancy even if you didn't plan on it.
- You can run into the trap of having excellent independent tools, but then they cause overlap and because they're independent and not integrated you eventually fall on the side of going with the lesser tool because it has integration with other capabilities.
- Best of breed doesn't sit still. It starts to morph and doesn't necessarily become the best anymore.
- Even if you did a great job consolidating, you can't set it and forget it. Given the industry's behavioral morphs and your growing needs, you'll need to revisit the issue at least once or twice a year.
- You need to do a tools audit.
- A lot of political issues will come into play as people will defend the tools they love, built upon, and use. If you can't figure out a way to mediate, you'll need to hire a third party to do the audit and make the assessment.
- Integration is critical. If there aren't APIs and other ways for the tools to communicate, it doesn't matter how awesome it is, the tool will need to be dumped.
More shows like Defense in Depth
View all
Hacked
187 Listeners
Security Now (Audio)
2,008 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
Risky Business
371 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
CyberWire Daily
1,021 Listeners
Smashing Security
319 Listeners
Click Here
415 Listeners
Darknet Diaries
8,061 Listeners
Cybersecurity Today
179 Listeners
Hacking Humans
315 Listeners
CISO Series Podcast
188 Listeners
Cybersecurity Headlines
139 Listeners
Risky Bulletin
44 Listeners
Hacker And The Fed
168 Listeners