How to start consolidating your cybersecurity tools

In part 1 of this two-part blog series, we looked at why cybersecurity tool sprawl has become a critical risk and cost issue for modern enterprises. From overlapping functionality and alert fatigue, to slower incident response and increased maintenance burden, the downsides of fragmented tooling are clear and growing.

Now, we move from why to how. If your organization is ready to simplify, reduce risk, and improve efficiency, this practical guide outlines the first steps toward a more unified, strategic approach to cybersecurity.

»Getting started with cybersecurity consolidation

There are three overarching steps you should take to kickstart a cybersecurity consolidation.

»1. Bring cybersecurity, compliance, and platform teams together

The first step in any modernization effort is the people element. Once platform teams are established and working more closely with cybersecurity and compliance, the cybersecurity and compliance teams can integrate their requirements into the platform itself rather than working separately from it.

At this stage, many of the tool consolidation opportunities will become apparent. The platform team should lead the tool-buying process because they are focused on the big picture. They can look outside of the traditional cybersecurity vendor bubble and start buying product platforms and ecosystems instead of many single-point solutions, increasing cost efficiency and productivity.

»2. Assess the tool and vendor sprawl

With buy-in from cybersecurity and platform teams, the next step is to understand your tooling landscape.

»Take an inventory of tools

Get stakeholders from every relevant team into a room: this can include networking, cybersecurity, DNS, firewall, cryptography, platform, cloud, datacenter sysadmins, architecture, GRC, CI/CD or release engineers, etc. Each team should discuss the consolidation initiative and give an inventory of their tool stacks, while also looking for any untracked (possibly shadow IT) tools being used by smaller teams or individuals.

Document all the security (or security-adjacent) tools and list all of their capabilities. Seeing all of the functionality your tools offer in one place will help you make decisions in the next steps.

• Do you have multiple instances of the same tool?
• Do you have multiple tools with overlapping functionality?
• Do you have tools from many vendors when a few could offer the same functionality?
• Which tools aren’t necessary or aren’t being used?

Research your existing and potential security product vendors to see which ones have large, compelling solution portfolios that could replace some of your point solutions from unique vendors. Find the answers to a few questions:

• Who are the vendors with multiple, synergistic products built around a platform mindset, who also have substantial case study collections?
• Are there any opportunities for tighter integration and shared observability between products if some of your tools are replaced with products from a single vendor?
• What are the support efficiencies (one vendor to call) and cost savings you could get from consolidating some functionality needs into one vendor relationship?

After you’ve identified tools that aren’t being used, your teams will also want to take a hard look at tools that, despite being used, aren’t actually necessary for your cybersecurity goals. Sometimes rigorous examination of tooling will uncover certain products that are overkill for your threat model.

Read about the consolidation journey taken by Roche healthcare, which includes several more detailed takeaways from their experience.

»3. Start with the most impactful, risk-reducing tools

Think about the most common security breach methods today. They’re not AI attacks or the latest zero-day discovery. The most common attack vectors are still social engineering, mainly through phishing, and credential management.

Start your cybersecurity consolidation journey with those two product use cases. For social engineering, your main defenses will be phishing prevention tools and strong org-wide cybersecurity training.

For credential management, these are the key steps for re-orienting and consolidating your cybersecurity around this key area:

1. Identity-based security is the foundation — use tools built around this.

2. Choose one central secrets management platform to be your nerve center for credential management and tracking. Secrets management products also act as the main identity broker for service and cloud infrastructure access.

3. Pick a platform that integrates well with version control systems (VCS), continuous delivery (CI/CD), and infrastructure provisioning.

4. The platform should have native governance, risk, and compliance (GRC) guardrails such as static/dynamic testing and policy as code.

5. The platform should also include native, or same-vendor, secret scanning, public key infrastructure (PKI), and access management solutions. From there, your tooling can branch out, but the focus should be picking 1-2 vendors and product suites that can provide that initial cybersecurity foundation focused on protecting the most common threat: credential theft.

Platforms built by the same vendor from the ground up are much more robust, integrated, and scalable, and they offer a unified experience. However, don’t be pressured to buy more features than you need, unless you expect to need those features in the future.

»Learn more

Organizational leaders should push their cybersecurity, engineering, and infrastructure operations teams to reduce complexity by centralizing and consolidating on a handful of security platforms rather than a litany of smaller cybersecurity tools.

We’ve seen Roche and many other companies run successful cybersecurity product consolidation initiatives and we’d love to share more insights. We’ve reduced risk for thousands of companies including Vodafone, Deutsche Bank, Canva, and more.

Download Secure by design: How to reduce cloud risk and maintain compliance to learn how we can consolidate the number of Security Lifecycle Management tools you use.