Jul 23, 2021

Do You Have Too Many Cybersecurity Tools, Too Little Visibility?

Federal agencies have plenty of security tools. But to stay safe, they still need real-time visibility into all their endpoints, no matter where those devices are located.

By Matt Marsden, Vice President, Technical Account Management, Federal, Tanium

It’s not how many cybersecurity tools you have that matters. What really keeps your organization safe is the ability to provide real-time and accurate data on your endpoint devices.

For many federal cybersecurity managers, that’s still a big challenge. A recent survey finds nearly half of these managers have anywhere from 11 to 25 security tools. But few say they’re confident in the ability of those tools to provide real-time, accurate data. And without that visibility, their IT security teams can’t see what’s happening in the network, and they can’t tell who’s accessing sensitive data.

In today’s world, where endpoints are widely distributed beyond that traditional perimeter, adversaries have a lot more opportunities to access endpoints outside the safety of the network perimeter. That’s a big change. Ten years ago, federal agencies could put a significant portion of their security budget towards perimeter security. That meant making sure that all data and assets within the perimeter stayed secure — and that adversaries stayed out.

Today’s security challenges

Today’s distributed endpoints have greatly simplified the work of bad actors. A cybercriminal need only compromise a single endpoint once. From there, they can hitch a ride back through the perimeter on that same endpoint to move laterally across the network.

To be sure, federal agencies have tried to get value from their investments in security tools, often by bolting on additional tools and features. But in so doing, many have ended up with tool sprawl. This obscures risk decision-making, fails to scale and weakens defenses in a borderless environment. Tool sprawl can also inflate costs, complicate management workflows and lower staff productivity.

At a time where agencies and organizations face more threats and vulnerabilities than ever before, decision-makers need to truly understand risk in context. That way, they can prioritize and remediate problems, then communicate up and down the chain of command.

We need to do a better job of managing and evaluating the tools we already have. The challenges agencies encounter today are different than those of the past. As such, they require new approaches and solutions.

Yet according to the survey, fewer than half of federal cybersecurity managers feel confident that their agency tools can provide accurate data, real-time information and the right data for lowering their cyber risk.

Cleaning out the toolkit

As a first step, federal IT teams should rationalize their available tools. That means deciding which tools to keep and which to replace, retire or merge. This can improve tool utilization, increase interoperability, reduce costs, and enhance functionality, the survey found.

And there’s another issue. Nearly a third of IT decision-makers say their end users are not updating software, new research finds. This highlights the need to prioritize asset inventory and software updates. They’re powerful ways to strengthen both networks and endpoints against potential attacks.

Because there’s more than one way to rationalize tools, every federal agency will need to develop its own plan, based on its unique needs. That doesn’t mean the costs have to be prohibitive. Government legislation — such as the Modernizing Government Technology Act and Technology Modernization Fund — provide agencies with funding for modern technology solutions and improving the delivery of citizen services.

As federal agencies strengthen their security approaches with baseline controls and tool rationalization, they also need a modern approach to comprehensive, real-time visibility and control at scale. That means visibility across endpoints on the network, regardless of where that endpoint is physically located.

Federal agencies also need a single, ubiquitous, real-time platform that integrates endpoint management and security. This unifies teams, breaking down the data silos and closing the accountability, visibility and resilience gaps that often exist between IT operations and security teams.

This can also help the IT team eliminate disjointed solutions. Instead, they can reallocate funds and other scarce resources for greater visibility into the security landscape.


Learn more from the full US Cybersecurity Magazine article: More Federal Cyber Tools Doesn’t Equal Better Security

Learn how Tanium helps federal agencies protect endpoint devices and networks from any location.