CISO Series Newsletter
Posts
You Look Fantastic! Did you Shed Some Security Tools?

You Look Fantastic! Did you Shed Some Security Tools?

June 20, 2019

View this email in your browser

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

Tool Consolidation

On this episode of Defense in Depth:

Co-host Allan Alford and our guest Adam Glick, vp, cybersecurity, Brown Brothers Harriman, discuss the following:

The tools bloat problem does not happen overnight.
Often you have no choice with tools bloat. It's a function of the industry that companies add new capabilities and they acquire companies so you start to get redundancy even if you didn't plan on it.
You can run into the trap of having excellent independent tools, but then they cause overlap and because they're independent and not integrated you eventually fall on the side of going with the lesser tool because it has integration with other capabilities.
Best of breed doesn't sit still. It starts to morph and doesn't necessarily become the best anymore.
Even if you did a great job consolidating, you can't set it and forget it. Given the industry's behavioral morphs and your growing needs, you'll need to revisit the issue at least once or twice a year.
You need to do a tools audit.
A lot of political issues will come into play as people will defend the tools they love, built upon, and use. If you can't figure out a way to mediate, you'll need to hire a third party to do the audit and make the assessment.
Integration is critical. If there aren't APIs and other ways for the tools to communicate, it doesn't matter how awesome it is, the tool will need to be dumped.

Special thanks to this week's Defense in Depth podcast sponsor, SpyCloud.

Learn more

about how you can protect employees and customers from account takeover with SpyCloud.

Lee Vorthman, sr. director, global security engineering and architecture, Pearson. on good enough is probably what I want

Come find us in Las Vegas

Mike Johnson and I will be in Las Vegas for the first week of August where there will be non-stop security extravaganza going on from BsidesLV to Black Hat to DefCon. We're planning live recordings, videos, and more fun stuff. We want to see you, and if you're interested in sponsoring any of our coverage, just reply to this email or contact us via CISO Series.

Allan Alford, co-host, Defense in Depth on where to find a company's crown jewels

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.