Episode 192 - Security Waste

It's not just a security problem but we often add to our arsenal without fully (or even mostly) utilizing the tools that we do have.

Problems associated with this are:

  • Have more complexity in your environment

  • Needing more staff or requiring current staff to stretch themselves thin to support differing tools

  • Increased cost (capital, operational, support)

  • Information overload - even with a SIEM more data requires more analysis

    • Increased chance of missing key events
    • Increased false positives
  • What am I missing?

How do we work through this when you're not the decision maker?

  • "Operational Excellence" - Martin's story

How do we work with our vendors to ensure that we are leveraging their tools without over dependence on one tool or vendor?

Advantages of security debt

  • All eggs not in one basket
  • Ability to leverage different technology sets to catch more bad stuff
  • In a larger environment what works in one area of the network may not work well in another
  • Necessity of increased staff that has experience in other areas that can be leveraged by team