Agencies Turn to Dozens of Tools to Improve Network Visibility

With more platforms comes more risk, warn cybersecurity experts.

LISTEN

Your browser doesn’t support HTML5 audio

The majority of state and federal government agencies are running an increasingly complex mix of more than 20 security tools and platforms to boost network visibility, according to the 2024 CDW Cybersecurity Research Report.

Such tools create a need for increased training and strain an already stretched workforce, per the report, which is based on a survey of more than 70 state and federal IT and security officials.

The survey found 24 percent of respondents work at an organization that runs 20 to 49 security tools and platforms, 29 percent at one running between 50 and 99 security tools and 10 percent at one using 100-plus such tools. That level of infrastructure can help senior leaders best understand what’s happening on their systems, but experts warn there is a trade-off.

“We always put the risk lens on this for our customers, and we say, ‘Hey, the more third-party relationships you have and the more third-party technology, the more risk there is to the organization,’” says Stephanie Hagopian, vice president of physical and cybersecurity solutions at CDW.  “It adds a lot of complexity to your environment, your infrastructure, where it’s much harder to determine root cause when you’re trying to look at how an event happened, a breach, and there are all of these different things you have to unravel to be able to know what caused this.”

Click the banner below to read the “2024 CDW Cybersecurity Report.”

 

Where Agencies Are Investing to Boost Network Visibility

The tools that are most effective at providing visibility into an organization’s environment are those that use security information and event management, respondents said. SIEM combines event, threat and risk data into one system to detect and fix security issues. More than 88 percent of respondents said such technology was “very effective” or “somewhat effective.”

Other popular strategies included investing in network monitoring, identity and access management and data governance/access management, the survey found.

“More tools means more at risk and more visibility to that risk, so they feel like they have overall greater visibility to it,” says Buck Bell, global security strategy office leader at CDW.

A higher number of tools can also create distractions, false positives and an abundance of data — all of which can be difficult to manage, he adds.

“One of the challenges, at least in theory, of adding a bunch of tools is it disfavorably begins to bias the signal-to-noise ratio,” Bell says. “All of a sudden, you have an awful lot of data that security operations center teams, by way of example, might have to wade through  — and all of a sudden, they’re beat.”

Related Content:

Develop a comprehensive cyber resilience strategy.

Explore why zero trust and cyber resilience go hand in hand.

Discover how NTSB is improving its security posture with microsegmentation.

Detect and remove threatening web shells.

Learn how to boost cyber resilience against Kerberoasting.

 

Agencies’ Cyber Training Conundrum

The report also found that training to improve security was one of the most helpful tools and services for organizations’ cyber efforts. More than 77 percent of respondents “somewhat” or “strongly” agreed that training was helpful.

Training was also the top task leaders were outsourcing (46 percent of respondents), but at the same time, training was the part of the approach that most respondents said was missing from their cybersecurity strategy (40 percent).

“There’s staffing overhead involved,” Hagopian says. “The more tools, the more people who have to learn the tool and manage the tool. It’s really difficult when you have staffing issues and staffing limitations.

Hagopian adds she isn’t surprised training remains an issue, given how hard it is to find talent familiar with the sheer breadth of tools out there. About 21 percent of respondents said their agency’s IT department was understaffed or “severely understaffed.”

However, conducted properly, spending on new training can also help government agencies adopt more automation.

Looking at the 80,000th false incident from some system, not only is that stressful, but it’s just deadening.”
Buck Bell

Global Security Strategy Office Leader, CDW

“Automation is to fulfill the low-value tasks, and then you have to build up your workforce to focus on the high value of the tough stuff,” Hagopian says. “Training’s really essential so that people are equipped to handle the tough stuff. And a lot of it relates back to tool sprawl. It’s product training to ensure they understand how to operationalize it.”

That training can also be another way for government leaders to show IT workers they’re invested in their career success.

“Everybody wants to feel, as a human, I believe, like they’re contributors,” Bell says. “They want to feel like their work matters. And looking at the 80,000th false incident from some system, not only is that stressful, but it’s just deadening. Your attention span goes away.”

Job rotation can help by putting people into new roles to let them gain additional experience.

“Obviously, putting together some kind of training strategy for these people, as a way to help them secure and develop their own careers, I think that’s a huge value-add for companies looking to retain staff,” Bell says.

More On Data Management, Network Monitoring, Training, Identity Management,