What does cybersecurity tool sprawl look like?
Today, cybersecurity tool sprawl is characterized by an overabundance of security tools, often numbering in the dozens or even hundreds within large organizations. At the 2019 RSA Conference, Matt Chiodi, former chief security officer of public cloud at Palo Alto Networks, noted that small organizations average 15-20 tools, medium-sized businesses 50-60, and large enterprises over 130 tools.
These tools span various categories, including endpoint protection, intrusion detection, threat intelligence, identity management, and more. Despite this extensive array, research and industry reports indicate that only a small fraction of these tools are actively used, with many going underutilized due to their complexity or redundancy.
According to Richard Watson from Ernst & Young, most organizations utilize only 10% to 20% of the technology they own, while continuing to pay higher license costs for technology that they have not leveraged for other business needs.
Watson, in his article, “Simplify to Survive: How Organizations Can Navigate Cyber-Risk,” suggests that a technology declutter is required:
“Simplification will make…
