How CISOs can manage multiprovider cybersecurity portfolios

1. Integration

Challenge

A cybersecurity program that uses multiple service providers often has tools that don't seamlessly integrate with each other. This results in visibility gaps and operational inefficiencies.

Strategy

Consider deploying a security orchestration, automation and response (SOAR) tool, which can help analyze data and automate workflows across multiple security products, bridging gaps and creating a more cohesive security posture.

2. Vendor overlap and redundancy

Challenge

When managing products and services from multiple vendors, the risk grows that cybersecurity tools' functionality overlaps. This not only inflates costs, but creates confusion.

Strategy

Review and audit the multiprovider cybersecurity portfolio on a regular basis, identifying areas of overlap and considering tool consolidation where possible. When investing in new tools, aim to select those that either offer broad cybersecurity capabilities or that integrate well with the existing portfolio. Finally, build a security portfolio strategy based on a sound, integrated framework, such as CISA's Zero Trust Maturity Model.

More tools mean more complexity. Managing updates, patches and configurations across various systems can be overwhelming.

3. Increased complexity

Challenge

More tools mean more complexity. Managing updates, patches and configurations across various systems can be overwhelming.

Strategy

Invest in a centralized management platform that offers a unified view of the environment and control across multiple tools.

Establish clear security policies that dictate software update timelines and standard configurations, ensuring teams maintain consistency across tools. Also, consider consolidating network and security operations to reduce complexity, but be aware that doing so may result in further tool overlap.

4. Inconsistent reporting and alerts

Challenge

Vendors use different methods to report threats, vulnerabilities and incidents. This inconsistency makes threat detection and response more challenging.

Strategy

Look into SIEM systems, which aggregate data from traditional infrastructure sources, such as intrusion prevention systems, firewalls and antimalware software. A SIEM system then provides a unified platform for monitoring, analyzing and reporting incidents.

If possible, consider also or instead implementing SOAR, which differs from SIEM in its ability to ingest data from a wider variety of internal and external sources, including infrastructure components, endpoint security software and threat intelligence feeds. SOAR also uses AI and automation to prioritize alerts and automatically contain or resolve issues.

5. Vendor lock-in and dependency

Challenge

Vendor dependency can hinder operational and strategic flexibility, especially if you wish to shift to newer, more efficient approaches in the future.

Strategy

Consider selecting products based on open standards that prioritize interoperability. This increases the chance that a new tool interoperates with others in a multiprovider cybersecurity environment.

And, after selecting a service, insist on contract terms that allow for flexibility and adaptability as the security program's needs change.

6. Security skills gap

Challenge

A multiprovider cybersecurity approach requires enterprise security teams to be proficient in using each product or service. This can be a tall order, as more and more security tools get integrated into the environment.

Strategy

Vendor-provided training should be an essential part of the procurement process. Ask vendors what support and training they offer, and get recommendations for third-party support companies.

Hiring new security staff remains a challenge for organizations of all types and sizes. Consider cross-training nonsecurity personnel. And, as you hire, look for professionals with certifications or experience in specific tools currently in use in the portfolio.

7. Security vendor performance assessments

Challenge

When multiple tools are responsible for managing security events, assessing the performance and ROI of a specific cybersecurity tool can be daunting. Even similar security vendors often emphasize different metrics and structure pricing differently.

Strategy

When weighing a new cybersecurity product or service, consider first and primarily how well it meets the security program's requirements -- rather than comparing it to its competitors. And, for each existing tool in a multivendor cybersecurity portfolio, establish clear performance metrics and KPIs that are based on the organization's needs, not the vendor's capabilities.

Use integrated dashboards to track performance and ensure every tool is delivering value. And keep in mind that, if the organization decides to integrate network and security operations, these metrics will not necessarily be the exclusive domain of security.

The challenges of managing a multiprovider cybersecurity portfolio are daunting, but with planning and a little creativity, CISOs can successfully tackle them. The key is to remember that, while diversifying your tools can strengthen your defense, it's equally essential to ensure these tools work in concert with the entire trained IT staff and environment.

Jerald Murphy is senior vice president of research and consulting with Nemertes Research. With more than three decades of technology experience, Jerry has worked on a range of technology topics, including neural networking research, integrated circuit design, computer programming and designing global data centers. He was also the CEO of a managed services company.