Organizations want to ensure they have every attack vector covered with a tool that’s the best at solving
            a particular problem. For example, endpoint detection and response (EDR) to find suspicious endpoint
            activity, network detection and response (NDR) to monitor network traffic, and so on.

            According to research by Panaseer, there are at least 76 solutions deployed in a typical SOC – a number
            that is growing each year.

            However, the risk in chasing best-of-breed is that spending can end up replacing strategy.

            It can be very reassuring for management to know they have the latest detection and response toolset
            deployed in every part of their environment. However, an overfocus on individual tools’ performance can
            do damage to security operations.

            Having many sets of detection rules across different systems can pick up more threats, but it shouldn’t
            be normal to be bombarded by hundreds of alerts from dozens of security tools each day. Or for analysts
            to have to connect the dots between disparate data sets to understand whether an alert is a real threat
            or a false alarm.

            And yet, despite record spending on security programs, activity and behavior still have to be manually
            connected and assessed by sorting through a variety of endpoint logs, user activity, and network traffic
            analysis sources. False alerts are such a persistent problem that analysts are turning off whole categories
            of alerts to avoid burning out altogether.


            The outcome of this security dysfunction is missed attacks. A recent example is when security teams at
            VoIP vendor 3CX confused a real attack with a false alert.

            Without the capacity to cope, SOCs can end up consumed by the tools their companies bought to help
            them. The tail ends up wagging the dog.



            Security Teams Want Integration

            Our survey data shows how awareness of security tool sprawl impacts security buyer priorities.

            When it comes to buying new security solutions, two of our respondents' top three priorities were how
            easily new tools integrate with existing tech (51%) and whether they are easy to implement (42%).

            While the top priority for buying any new tool was stopping specific threats (59%), the close second and
            third priorities for our respondents were, to put it bluntly, making life easier rather than harder.

            Our findings show that security buyers don’t want best-of-breed tools if they don’t play nice with the rest
            of their environment. Security leaders also told us that the average new tool deployment time, excluding
            training new staff, takes 2.5 months. Time they would rather spend doing almost anything else.

            There is also a growing awareness of the risks that a bigger security tool ecosystem creates. 30% of
            respondents working in companies with more than 5,000 people said third-party risks were their top
            priority.






                                                                                                              94