kras99 -


How CISOs can manage multiprovider cybersecurity portfolios

In today's cybersecurity market, the as-a-service model reigns. That means, as they increasingly rely on outsourcing, CISOs must learn to juggle multiple third-party providers.

Traditionally, CISOs primarily managed their own in-house teams, but thanks to both the cyber-skills shortage and the explosion of the cybersecurity-as-a-service model, many are now juggling fewer internal employees and more third-party providers. The typical organization now outsources at least some cybersecurity services.

Using managed services from multiple vendors can have significant benefits, often enabling organizations to achieve more advanced and reliable cybersecurity than they could afford on their own.

But, while CISOs can delegate functionality to third parties, they can't delegate responsibility -- the buck ultimately stops with them. And effectively coordinating and managing multiprovider cybersecurity portfolios require a distinct skill set.

Let's examine the following challenges of the multiprovider cybersecurity model, as well as strategies for dealing with them.

1. Integration


A cybersecurity program that uses multiple service providers often has tools that don't seamlessly integrate with each other. This results in visibility gaps and operational inefficiencies.


Consider deploying a security orchestration, automation and response (SOAR) tool, which can help analyze data and automate workflows across multiple security products, bridging gaps and creating a more cohesive security posture.

CISO responsibilities
In addition to their many existing responsibilities, CISOs must increasingly also manage multiple third-party service providers.

2. Vendor overlap and redundancy


When managing products and services from multiple vendors, the risk grows that cybersecurity tools' functionality overlaps. This not only inflates costs, but creates confusion.


Review and audit the multiprovider cybersecurity portfolio on a regular basis, identifying areas of overlap and considering tool consolidation where possible. When investing in new tools, aim to select those that either offer broad cybersecurity capabilities or that integrate well with the existing portfolio. Finally, build a security portfolio strategy based on a sound, integrated framework, such as CISA's Zero Trust Maturity Model.

More tools mean more complexity. Managing updates, patches and configurations across various systems can be overwhelming.

3. Increased complexity


More tools mean more complexity. Managing updates, patches and configurations across various systems can be overwhelming.


Invest in a centralized management platform that offers a unified view of the environment and control across multiple tools.

Establish clear security policies that dictate software update timelines and standard configurations, ensuring teams maintain consistency across tools. Also, consider consolidating network and security operations to reduce complexity, but be aware that doing so may result in further tool overlap.

4. Inconsistent reporting and alerts


Vendors use different methods to report threats, vulnerabilities and incidents. This inconsistency makes threat detection and response more challenging.


Look into SIEM systems, which aggregate data from traditional infrastructure sources, such as intrusion prevention systems, firewalls and antimalware software. A SIEM system then provides a unified platform for monitoring, analyzing and reporting incidents.

If possible, consider also or instead implementing SOAR, which differs from SIEM in its ability to ingest data from a wider variety of internal and external sources, including infrastructure components, endpoint security software and threat intelligence feeds. SOAR also uses AI and automation to prioritize alerts and automatically contain or resolve issues.

5. Vendor lock-in and dependency


Vendor dependency can hinder operational and strategic flexibility, especially if you wish to shift to newer, more efficient approaches in the future.


Consider selecting products based on open standards that prioritize interoperability. This increases the chance that a new tool interoperates with others in a multiprovider cybersecurity environment.

And, after selecting a service, insist on contract terms that allow for flexibility and adaptability as the security program's needs change.

6. Security skills gap


A multiprovider cybersecurity approach requires enterprise security teams to be proficient in using each product or service. This can be a tall order, as more and more security tools get integrated into the environment.


Vendor-provided training should be an essential part of the procurement process. Ask vendors what support and training they offer, and get recommendations for third-party support companies.

Hiring new security staff remains a challenge for organizations of all types and sizes. Consider cross-training nonsecurity personnel. And, as you hire, look for professionals with certifications or experience in specific tools currently in use in the portfolio.

7. Security vendor performance assessments


When multiple tools are responsible for managing security events, assessing the performance and ROI of a specific cybersecurity tool can be daunting. Even similar security vendors often emphasize different metrics and structure pricing differently.


When weighing a new cybersecurity product or service, consider first and primarily how well it meets the security program's requirements -- rather than comparing it to its competitors. And, for each existing tool in a multivendor cybersecurity portfolio, establish clear performance metrics and KPIs that are based on the organization's needs, not the vendor's capabilities.

Use integrated dashboards to track performance and ensure every tool is delivering value. And keep in mind that, if the organization decides to integrate network and security operations, these metrics will not necessarily be the exclusive domain of security.

The challenges of managing a multiprovider cybersecurity portfolio are daunting, but with planning and a little creativity, CISOs can successfully tackle them. The key is to remember that, while diversifying your tools can strengthen your defense, it's equally essential to ensure these tools work in concert with the entire trained IT staff and environment.

Jerald Murphy is senior vice president of research and consulting with Nemertes Research. With more than three decades of technology experience, Jerry has worked on a range of technology topics, including neural networking research, integrated circuit design, computer programming and designing global data centers. He was also the CEO of a managed services company.

Dig Deeper on Security operations and management

Enterprise Desktop
Cloud Computing