Overinvestment breeds overconfidence among security pros

My conversations with infosec professionals gives a different picture. They are heartily fed up with having to manage multiple security ‘solutions’ that don’t integrate well and the so-called ‘single pane of glass’ approach hasn’t worked either. How’s this for a radical suggestions: if someone wants to introduce a new security technology, they have to be able to retire two existing systems…:

[…] Respondents to the survey said they employed a wide variety of security tools and technology, but according to Panaseer, this leaves them with “point-in-time assessments” that force them to cobble together data from various systems to truly understand their security posture. It said this approach was “reactive, labour-intensive and insufficient in scale”.

Moreover, it led to a disconnect between appearances and reality – 86% of respondents said they were either confident or very confident that they had no gaps in their security controls, whereas in reality this was clearly very unlikely to be the case.


Original article here