How to Manage Cybersecurity Tool Sprawl

In our latest The Wall Street Journal piece, Arun Perinkolam and I explore why many organizations have reached the point of diminishing returns with their cybersecurity tools and vendors (https://deloi.tt/3KPJP8w).   With the average enterprise managing 60–70 security tools and more than a dozen vendors, complexity becomes the enemy of security. Yes, each solves a specific problem – however, together they create inefficiency, integration challenges, and unnecessary risk.   Simplifying the stack isn’t just about consolidation. It’s about clarity. Platformization can streamline operations, reduce cost and duplication, and strengthen the foundation for AI-driven innovation across the enterprise.   For CISOs facing pressure to do more with less, a deliberate, phased approach to rationalizing the tech stack can unlock new value. It can simplify integrations and governance, improve efficiencies across tools and teams, and make way for new capabilities, like agentic and Gen AI.    The result is a cyber program that’s more secure and better aligned to longer-term strategies.  

Could your security tools be making you less secure? Microsoft tracks over 600 𝒎𝒊𝒍𝒍𝒊𝒐𝒏 𝒄𝒚𝒃𝒆𝒓𝒂𝒕𝒕𝒂𝒄𝒌𝒔 𝒅𝒂𝒊𝒍𝒚 — spanning ransomware, phishing, and identity-based threats. Their analysis reveals that more security tools don’t necessarily mean better security. Data from a recent survey conducted by Foundry supports this: - Companies using fewer security tools reported an average of 10.5 security incidents. - Those relying on more tools reported 15.3 incidents—a 31% increase in security breaches. The question is: Are you still using multiple security tools? Here’s why you should reconsider: 🔗 𝐃𝐢𝐬𝐜𝐨𝐧𝐧𝐞𝐜𝐭𝐞𝐝 𝐓𝐨𝐨𝐥𝐬 𝐂𝐫𝐞𝐚𝐭𝐞 𝐆𝐚𝐩𝐬 Overlapping solutions can result in inconsistent policies and configurations, inadvertently opening doors for attackers. 📊 𝐅𝐫𝐚𝐠𝐦𝐞𝐧𝐭𝐞𝐝 𝐕𝐢𝐬𝐢𝐛𝐢𝐥𝐢𝐭𝐲 A lack of cohesion between tools leads to missed connections, allowing advanced threats to slip through undetected. ⏱️ 𝐒𝐥𝐨𝐰𝐞𝐫 𝐑𝐞𝐬𝐩𝐨𝐧𝐬𝐞 𝐓𝐢𝐦𝐞𝐬 Siloed systems mean teams waste precious time piecing together data from disparate sources instead of responding swiftly. 💡 𝐓𝐨𝐨𝐥 𝐅𝐚𝐭𝐢𝐠𝐮𝐞 𝐚𝐧𝐝 𝐎𝐯𝐞𝐫𝐡𝐞𝐚𝐝 Managing multiple tools can overwhelm security teams, increasing complexity and administrative overhead. Solution: 𝑼𝒏𝒊𝒇𝒊𝒆𝒅 𝒔𝒆𝒄𝒖𝒓𝒊𝒕𝒚 𝒑𝒍𝒂𝒕𝒇𝒐𝒓𝒎𝒔. An integrated security solution helps with: 🤝 𝐒𝐭𝐫𝐨𝐧𝐠𝐞𝐫, 𝐒𝐭𝐫𝐞𝐚𝐦𝐥𝐢𝐧𝐞𝐝 𝐃𝐞𝐟𝐞𝐧𝐬𝐞𝐬: Unified tools eliminate gaps caused by disconnected systems, improving the overall security posture. 🤝 𝐈𝐦𝐩𝐫𝐨𝐯𝐞𝐝 𝐓𝐡𝐫𝐞𝐚𝐭 𝐃𝐞𝐭𝐞𝐜𝐭𝐢𝐨𝐧: A consolidated view helps teams identify complex attack patterns faster. 🤝 𝐂𝐨𝐬𝐭-𝐄𝐟𝐟𝐞𝐜𝐭𝐢𝐯𝐞 𝐎𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧𝐬: Reducing tool sprawl cuts unnecessary expenses while simplifying management. 🤝 𝐄𝐧𝐡𝐚𝐧𝐜𝐞𝐝 𝐀𝐮𝐭𝐨𝐦𝐚𝐭𝐢𝐨𝐧: Integrated platforms allow for better orchestration of responses, leveraging AI and automation to stay ahead of attackers. As cyberattacks grow in volume and sophistication, 𝒔𝒊𝒎𝒑𝒍𝒊𝒇𝒚𝒊𝒏𝒈 𝒚𝒐𝒖𝒓 𝒅𝒆𝒇𝒆𝒏𝒔𝒆𝒔 might be the smartest move you make. What’s your take on unified vs. diverse security portfolios? Let’s discuss in the comments! #UnifiedSecurity #Cyberattacks #IntegratedSolutions

Your biggest cyber risk isn’t attackers. It’s your complexity. Everyone wants to “do more” for security. More dashboards More alerts More tech But here’s the paradox: The more complex your environment becomes: ❌ increases risk ❌ increases breach cost ❌ increases chance of breach 🧙🏼♂️The data is clear: orgs w/ fragmented or overlapping security systems see breach costs nearly 37% higher:  $5.28M vs. $3.84M for those with simpler environments. Avg breach costs $4.45M, jumps to $7.45M when detection takes more than 200 days. That delay? Almost always tied to complexity. U.S. get's hit hardest $10.22M avg / breach, driven by tool sprawl, duplicated alerts, and siloed detection workflows. And it’s not just cost. 🔻 Firms w/ 20+ tools report more breaches, not fewer. 🔻 86% of leaders say complexity increases vulnerability. 🔻 41% of them experienced at least one breach last year because of it. So why keep adding more?...because: buying tools feels easier than building strategy. dashboards look like progress. “more” feels like safety Here’s the truth: Security isn’t about stacking tools. It’s about designing systems that work together. Here’s how to keep your environment simple and secure: ✅ Know what you have Maintain a real asset inventory and know what matters most You can’t protect what you don’t understand ✅ Prioritize by risk, not hype Let business impact, not headlines, guide your roadmap A “critical” CVE on a non-critical system isn’t critical to you ✅ Consolidate where possible Fewer platforms = less noise Faster response = lower cost ✅ Invest in integration, not just tools The value isn’t in more products it’s in how well they work together Maintain modern SecOps ✅ Train your people A skilled team with the right tools will outperform an over tooled team every time End user training = biggest impact, go beyond annual CBTs ✅ Have a forward-looking program Avoid "Shiny Object Syndrome.  Build a strategy that evolves with your risk landscape 💡 The takeaway: Complexity doesn’t equal maturity. In cybersecurity, simplicity is strength. Do the basics. Do them well. Do them consistently. Everything else is noise. 💬 How many tools do you think your org actually needs? 🔄 Repost to help others reduce complexity & risk 📲 Follow Wil Klusovsky for wisdom on cyber & tech business

If I were leading or advising a security program right now, I would not waste time searching for the "silver bullet" solution. There isn't one. No tool will fix weak fundamentals. No AI engine will replace disciplined execution. And no dashboard will save you from a bad process. Here's exactly what I would focus on instead👇 1️⃣ I would master the basics. Strong identity management, least privilege, and asset inventory may not be exciting, but they can significantly reduce the likelihood of breaches. Most incidents can be traced back to a misconfigured account, an unpatched server, or a forgotten endpoint. Basics win. 2️⃣ I would simplify the security stack. Too many organizations get lost in overlapping tools they don't utilize. Complexity isn't a sign of maturity. Every platform you add increases the attack surface and creates an admin console that is often left unmonitored. Consolidate, integrate, and cut out the noise. Better yet, find tools that collaborate, not necessarily a vendor ecosystem, but vendors that have chosen to work together to make the tools much more effective. 3️⃣ I would establish accountability, rather than just sending alerts. Security isn't about flashing lights — it's about people consistently doing the right thing. Develop tactics, techniques, and procedures; then train, test, and verify. Make it clear who owns what. Ownership reduces risk faster than automation. 4️⃣ Prioritize visibility. You can't defend what you can't see, and you can't patch what you don't know exists. Start with an accurate asset inventory and data flow map — that's your "common operational picture" in cybersecurity. 5️⃣ I would measure outcomes, not activities. Patching 1,000 servers doesn't matter if the one you missed gets exploited. Focus on metrics that show risk reduction — mean time to detect, mean time to respond, number of high-value assets without MFA. VPN without MFA. 6️⃣ I would start having risk-based discussions. The organization doesn't have an unlimited budget. Stop trying to protect everything equally. Start by protecting your highest-risk assets first, according to your organization's risk appetite and tolerance levels. The basics aren't just "old-school security." The basics are security. ✅ Tools enhance fundamentals. ✅ They do not replace them. Stop searching for the magic product. Start enforcing the basics with precision and discipline. That's how you build resilience. That's how you win. ✨ What's one "basic" your organization still struggles to execute consistently?

#GartnerSec takeaway this AM: Cybersecurity leaders today are battling complexity more than threats. In the process, many are losing the forest for the trees. 🎤 As Gartner VP Analyst Dionisio Zumerle shared: The modern cybersecurity stack is bloated, fragmented, misaligned, and inefficient. The consequences? • Misaligned posture across overlapping tools • Alert fatigue from inconsistent log formats • Ownership conflicts between teams • Procurement inefficiencies from redundant RFPs Many organizations respond by aiming to “consolidate.” But then they realize that the real goal isn’t about purchasing fewer tools, rather, it’s about better integration. Security leaders want to scale insight, not just reduce vendors. So how do we get there? ✅ We need a framework that works beneath the stack, connecting controls across endpoint, identity, email, web, cloud, and SecOps to: • Ingest log data • Benchmark configurations • Prioritize based on exposure • Push back optimization guidance And when we evaluate vendors like Microsoft, Crowdstrike, Tenable, Cisco, Palo Alto we realize that yes….they offer breadth. But breadth without integration ≠ value. 💡The hidden insight? It’s not about how many products a single vendor has. It’s about whether they work together and WITH OTHERS to drive cohesive security outcomes. 📌 As you map your 2025 cybersecurity roadmap, ask: • “What’s actually working together?” • “Where are we duplicating effort?” • “Are we exposing gaps by trying to fill gaps?” Consolidation isn’t subtraction. It’s strategic unification & integration for insight, efficiency, and resilience. #GartnerSEC | #CybersecurityStrategy | #ToolRationalization | #SecurityValidation

Enterprise security teams run 43 tools across 20 vendors. Yet they only catch 42% of breaches internally. Where's the gap? It's not a tool problem. It's a context problem. Each tool sees a slice: cloud risks, identity risks, endpoint risks. But no one sees how they connect or what it means for the business. SOC, IT, DevOps, SecEng - all working from separate dashboards. Separate data. Separate views. The result? Configuration drift goes unnoticed. Investigations are manual. Cross-domain attacks hide in the noise. Gartner calls the solution Cybersecurity Mesh Architecture (CSMA): a unified security fabric that connects your existing tools without replacing them. Mesh Security operationalizes this vision - delivering continuous, enterprise-wide visibility that maps relationships, quantifies risk, and proves security posture in real time. Most enterprises already own the right tools. What's missing is the layer that connects them.

80% of observability teams are actively working to consolidate their tools. Why? Because the hidden costs of tool sprawl are crippling our effectiveness. Think about it: 1. Cognitive overload during incidents 2. Never-ending training for new team members 3. Integration nightmares that make you want to pull your hair out 4. Budget bloat that leaves no room for innovation Consolidation isn't a walk in the park either. We're talking about conflicting requirements, competing priorities, and let's not forget the emotional attachment some folks have to their favorite tools (you know who you are!). So, what's an SRE to do? Here's my battle-tested approach: 1. Audit your toolset ruthlessly 2. Define non-negotiable features 3. Prioritize integration capabilities 4. Embrace open standards like OpenTelemetry 5. Champion change management (yes, that means dealing with people) 6. Start small and scale up 7. Consider unified platforms that offer integrated solutions The payoff? Faster incident response, improved collaboration, and more time for actual innovation instead of tool juggling. Remember, it's not about having the fewest tools, it's about having the right tools that work together seamlessly. What's your take on tool consolidation? Have you successfully streamlined your observability stack? Let's chat in the comments! #Observability #SRE #ToolConsolidation #DevOps #AIOps https://lnkd.in/eZ9mWhwi

I just audited a 200-person company. Found 47 different AI tools being used. IT knew about 8 of them. This is Shadow AI - and it's your biggest security risk in 2025. Most companies respond with panic and bans. That doesn't work. Your team will just hide it better. Here's the 5-step framework I use instead: STEP 1: DISCOVER → Survey teams anonymously → Check credit card statements → Monitor browser extensions → Ask: "What AI tools make your job easier?" Don't shame. Just discover. STEP 2: ASSESS RISK For each tool, ask: → What data does it access? → Is there a compliance issue? (HIPAA, SOC2) → What's the security posture? → Could this cause a breach? Create a risk matrix: High/Medium/Low  STEP 3: CATEGORIZE  High-value, low-risk: Keep and formalize High-value, high-risk: Replace with secure alternatives Low-value: Eliminate Mission-critical: Prioritize governance NOW  STEP 4: CREATE APPROVED LIST → Vet tools properly (security, compliance, cost) → Negotiate enterprise agreements → Document approved use cases → Make it EASY to use approved tools STEP 5: GOVERN WITHOUT BLOCKING → Set clear policies (what's allowed, what's not) → Train teams on safe AI usage → Build AI champions, not AI police → Monitor and iterate quarterly  REAL RESULT: One client went from 47 chaotic tools to 8 strategic, secure ones. Outcome: → Productivity up 40% → Risk eliminated → Costs down $84K/year → Team happiness up  The goal isn't to ban AI. It's to harness it safely and strategically. What's your approach to managing AI tools in your organization? 🎧 More at: bry.net/ai #ShadowAI #AIGovernance #CTO #TechLeadership #AIStrategy #Cybersecurity

Let's get back to some basics. 83 security tools. Only 22% matter. That’s the brutal math of modern enterprise security stacks according to reports from IBM & Palo Alto Networks (“Capturing the Cybersecurity Dividend: How security platforms generate business value.") and IDG & ReliaQuest ("2021 Security Technology Sprawl Report" 𝗪𝗵𝘆 𝘀𝗽𝗿𝗮𝘄𝗹 𝗶𝘀 𝗸𝗶𝗹𝗹𝗶𝗻𝗴 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗥𝗢𝗜 🔹Redundancy tax: Dozens of overlapping point products siphon budget and head-count. 🔹Alert overload: More consoles → more false positives → slower response. 🔹Blind spots: Siloed data leaves gaps attackers love. 🔹Burnout accelerator: Analysts spend more time babysitting tools than blocking threats. 𝗥𝗮𝘁𝗶𝗼𝗻𝗮𝗹𝗶𝘇𝗲 𝗼𝗿 𝗿𝗲𝗴𝗿𝗲𝘁 🔹Inventory & overlap map: visualize where “two is one, one is none.” 🔹Consolidate into integrated platforms: fewer panes, richer context. 🔹Decommission shelfware: reclaim budget for talent & automation. 🔹Quarterly ROI checks: every tool proves value or packs its bags. CISOs: tool count is vanity; utilization and outcomes are sanity. What’s your owned : trusted ratio, and how are you shrinking the gap? Tool rationalization isn't only about reducing costs and increasing ROI. It's also about regaining control. #Cybersecurity #CISO #ToolRationalization #SecOps