How Exposure Management Can Ease the Pain of Security Tool Sprawl

Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, the first of two parts, we explore how exposure management can help ease the pain of having too many siloed security tools. You can read the entire Exposure Management Academy series here. 

To address complex security challenges, cybersecurity teams are employing a wide variety of tools to keep their organizations safe. Large organizations use as many as 140 security tools to solve specific issues. As a result, it’s a huge challenge to coordinate and monitor all those tools so, stuck in their siloes, they’ve failed to live up to their promise. As a result, exposures linger and risks grow. 

When tools for vulnerability management, endpoint detection and response (EDR), cloud security and application security testing — and the teams responsible for using them — all operate in siloes, it's difficult for you to understand where your true exposures lie. Without the ability to gain a full picture of your organization's risk, whenever a senior executive asks questions about the organization’s risk posture, you probably launch a mad scramble across siloed sources of data on multiple spreadsheets, with no easy way to obtain an accurate assessment of risk. 

What if there were a way to ease this pain? What if all siloes streamed data into a centralized repository where you could analyze it all contextually and create unified workflows to streamline remediation? Better yet, what if you could use this contextualized data to get a complete view of the riskiest areas of your attack surface and quickly show your executives where the organization is most exposed? 

Sounds like a good idea, doesn’t it? But it’s more than just a concept now. The core of an effective exposure management program rests on the need to break down siloes and unify security data from multiple tools so you can quickly gain a cohesive and continuous view of your organization’s risk. 

Security professionals face three main challenges from tool sprawl. We outline them here and share how an exposure management program and platform can help.

Challenge 1: Overcoming operational inefficiencies

In an attempt to stay secure, organizations have bolted on numerous tools, with the average organization working with 60 to 80 and, as we noted earlier, some using as many as 140. Each tool operates independently, creating siloes that don’t communicate with each other. 

What does this look like in practice? Each of these tools requires security teams to follow a process that involves: 

• Analyzing the data 
• Prioritizing issues
• Managing exposures based on risk
• Taking action such as deploying compensating control, changing configuration and/or creating a remediation ticket
• Creating reports to communicate updates or status

Multiply these steps by the number of tools in use and we’ll wager that “efficient” isn’t the first word that pops into your head. Making matters worse, blind spots crop up where you need visibility.

Talk to a CISO or anyone on a security team and you’ll hear a common refrain: 

• “My data is spread across too many tools.” 
• “I don’t have the context I need.” 
• “It’s difficult to prioritize risks or even answer basic security questions.”

These complaints underscore how the life of security teams is complicated by all those tools they added in an attempt to improve security. Instead of achieving the peace of mind these tools promised, security teams are dealing with more headaches — the operational inefficiencies of constantly jumping from one silo to the next and using multiple tools with redundant workflows. 

Problem is, the bad guys don’t care about your security siloes. They search for your weakest links and move laterally across platforms and identities, looking to exploit issues without regard for those artificial barriers. 

One solution is to look for an exposure management platform that can ingest the various types of security data and knit together this patchwork of information and tools. An exposure management platform helps you correlate all your information and puts it in context so it’s easier to understand where your true exposures lie. 

Must have: A breadth of integrations

When you’re evaluating exposure management software, ask whether the platform can ingest data from your array of security tools, including vulnerability management, dynamic application security testing, cloud security posture management, and endpoint detection and response.

Challenge 2: Dealing with so many spreadsheets 

If you went into security to protect assets and fight the bad guys, we’d bet you didn’t count on being an Excel and PowerPoint jockey as well. But that’s the lot in life for most security professionals. 

You spend countless hours manually consolidating reports and coordinating your efforts across siloed security tools, which gets in the way of remediating your most critical exposures.

All of the data those tools produce is important for an effective exposure management program. Using spreadsheets to collect and analyze their findings is so “late 1900s.” So you need a platform that integrates and streams it directly into risk scoring engines, dashboards and workflows. An exposure management platform can help you do just that.

With the right integration, exposure management platforms will:

• Give you a cohesive view into your entire attack surface: By ingesting datasets from a variety of security tools, including vulnerability data, cloud configuration baselines, identity graphs and behavioral indicators, an exposure management platform lets you continuously monitor and fix the places where your organization is most exposed. 
• Relieve the “spreadsheet scramble”: By normalizing and correlating data into a unified view, an exposure management platform enables you to analyze the output from your many siloed tools in a centralized view, giving you insights you can’t get from spreadsheets. You’ll be able to analyze all your siloed security data across domains like endpoints, cloud, identity and applications all in one place.
• Give you a more accurate picture of risk: This centralized view of your vast array of security tools means you’ll always be ready to answer questions like: “Where are we exposed?” and “Are we at risk?”
• Enable you to prioritize your remediation efforts: An exposure management platform can analyze the data from across your siloed tools and provide automated prioritization recommendations. You’ll be able to zero in on the true exposures across your ecosystem.

Must have: Unify visibility 

Look for an exposure management tool that deduplicates and normalizes data, provides business and technical data in context, and enables consistent risk scoring that can help address your true exposures. 

Challenge 3: Maximizing the value of existing tools

Those security tools all have a reason for being. You had a problem, found a solution, installed the tool and were off to the races. But if you can’t monitor or track all those tools, how do you know if you’re getting any value at all?

And how do you spot overlapping capabilities and redundant processes? The short answer: You don’t. As Peter Drucker famously said, “You can’t manage what you don’t measure.” 

When security tools operate in isolation, disconnected from one another, they fail to deliver their true value. So how will you ever know their ROI? 

An exposure management platform centralizes all the security data coming from these tools. It deduplicates and normalizes all your security data, which helps streamline processes, cut costs and extract the most from your existing security investments. Plus, you’ll understand the technical and business context of those combined data sets and you’ll be able to create a consistent risk scoring approach that can identify and address your true exposures. 

Must have: Prioritize actual exposures

Find an exposure management platform that provides the context you need across all your security tools so you can prioritize actual exposures. With these connections in place, the team will be more effective and you’ll get your arms around the return on investment of all those tools.

Takeaways

Organizations that continue to operate with siloed visibility will struggle to keep up with building threats. The ability to unify data across multiple siloed security tools is no longer a nice-to-have; it is a requirement for understanding and addressing risk in an interconnected world.

The ability to analyze previously isolated data coming from multiple tools in a unified way enables security teams to make well-informed decisions, reduce attack paths and proactively defend against emerging threats. 

In next week’s Exposure Management Academy post, we’ll dig a bit deeper and look at ways exposure management can move you from disparate sources to a unified view of your exposures.

Have a question about exposure management you’d like us to tackle?

We’re all ears. Share your question and maybe we’ll feature it in a future post.