When it comes to Security Technology and Security Technology configurations -- let's say "I've seen some head scratching stuff". I see some shops with all the toys and in some cases multiple pieces of the same security technology, other security shops with nothing and cobbling together disparate pieces of security tech in order to just do the minimum level of security. For the shops with too much security technology, it's really a double edge sword in that they have a really expensive security paper weight sitting on the shelf collecting dust and a problem that less funded security shops would love to have.
I've seen all sorts of security technologies on the shelf, most commonly I see Security Incident and Event Management (SIEM) devices followed by Intrusion Detection and Intrusion Prevention Devices (IDS/IPS), Web Application Firewalls (WAF) and Governance Risk Compliance (GRC) tools. Some of the main reasons why perfectly capable security tools end up in the land of misfit toys are:
- Business politics or lack of business alignment preventing deployment of feature set.
- Lack of security staff to operationalize the tool set.
- Customer purchased the tool to satisfy a very specific need (e.g. compliance).
- Lack of expertise/time on security team to fully implement the security tool.
- The tool doesn't deliver the features set needed. (e.g. over-promised features during purchase or lack of ongoing development of the tool).
If you find yourself in the high-quality situation of having too much security technology of the shelf, there's a few things you can do to resurrect your security technology:
- Enable more features in the tool. Check out your security road map, can your security shelfware help mature your program? If you have the security staff to support the tool, try enabling some additional features.
- Call your vendor. Your vendor wants you to keep their tools. Give them a call, they can provide assistance from configurations or just answering general questions about features. If they are unwilling to help then my personal recommendation is to clear it off the shelf.
- Seek buy-in from internal business peers. If your security tech is collecting dust because of lack of business alignment or stakeholder support, try to obtain support for your business case. Once you can demonstrate the tool is there to help, you might have better success partially of completely turning on the tool.
If you find yourself in the position of looking to consolidate, optimize, or automate your toolset call us. We've helped many organizations and we're good at curing the shelfware hangover.
