Cybersecurity tool sprawl is the aftermath of repeated attempts to close evolving security gaps.

“Today, the number of tools outweigh enterprise initiatives,” said Anthony James, vice president of Product Marketing at Infoblox. Having too many cybersecurity tools creates chaos but it’s a hard cycle to break so the problem will only get bigger.

“On one hand, the complexity rises with each added tool, and the ability to keep everything correctly configured greatly diminishes. On the other hand, quickly evolving attackers require you to use new defenses or fail,” said Edy Almer, vice president of products at Cyberbit.

While resellers think this an opportunity to sell more products, and sometimes it is, “customers are often just confused by the services landscape offered by the channel or an MSP,” said Himanshu Verma, head of business development at WatchGuard Technologies.

Indeed, tool sprawl can actually diminish an MSP’s true value to clients.

WatchGuard’s Himanshu Verma

“For MSPs, the total cost of ownership can increase drastically if they continue to manage and maintain multiple redundant tools. Such cases can also lead to overlap with their managed services and diminish the true value MSPs can provide using a unified remote monitoring tool,” Verma added.

MSPs and MSSPs are finding security tool sprawl to be a major cause behind tightening margins, lost efficiencies and budget strain; yet, they too are caught in this never-ending cycle spurred even faster by market hype and customer expectations of the latest and greatest security tools.

“Just by taking a stroll around any security trade show floor, you can see a vast array of companies claiming to be the savior of your network and data, but after a deeper dive, they often show limited incremental value on top of traditional cybersecurity solutions and practices,” explained James.

Hiring an MSP or MSSP is one way enterprises deal with security tool sprawl. So how bad is that sprawl in a typical enterprise seeking to outsource a fix?

AttackIQ’s Stephan Chenette

“The average enterprise uses 75 security products to secure their network; however, the tool sprawl problem is not solely an issue of too many solutions in place, but a lack of insight into whether an enterprise’s current security infrastructure is working properly,” said Stephan Chenette, CTO and co-founder, AttackIQ.

The underlying challenge for MSPs and MSSPs is how to manage tool sprawl without tossing out older tools that are still effective, or ignoring newer tools designed to thwart new threats older tools can’t address. But in any case, tool sprawl has to be reigned in to restore margins, time and cost efficiencies, and free budget dollars for …

… other investments.

Tips for Managing Tool Sprawl

Breaking the cycle means looking at the cause of tool sprawl in a new way and creating a different approach to tool use and integrations. Here are a few tips on how to do that.

Cygilant’s Kevin Landt

“By using continuous security validation to tackle the tool sprawl epidemic, organizations can save money by eliminating redundant tools and ensure critical assets are protected by a properly configured network of security solutions,” Chenette added.

“This is where service providers can add a lot of value if they can fill that people shortage and help stream the output of those tools into a central operations platform, making it easier to digest and take action on the large volume of data coming out of all those tools,” Landt added.

Perimeter 81’s Sivan Tehila

Don’t hesitate to lean heavily on vendors for tool support too, which can help in managing tool sprawl and scheduling tool retirement or replacement.

“Managed service providers should focus on providing unified solutions across the complete IT infrastructure for common use cases, and look for consolidation of vendors and tools when covering the breadth of security use cases across the IT infrastructure,” Verma added.