Best Practices

Avoiding Security Solution Tunnel Vision

Tunnel vision, or in other words losing sight of the bigger picture, due to intense focus on a specific problem, ...


Tunnel vision, or in other words losing sight of the bigger picture, due to intense focus on a specific problem, solution, or technology is a situation that I feel we cyber professionals battle with daily. Management needs a solution to a problem, or new mandates require action or answers in a certain timeframe which can easily lead to focusing on one solution or product. In turn, the result commonly ends with not seeing the broader impact or capabilities already available to meet the needs of such asks. With the large amount of tools and solutions available for the many threats and attacks we see daily, we need to step back, look broader, and use a different perspective to solve cybersecurity challenges today.

The cybersecurity market has no shortage of tools and solutions to solve challenges and provide protection from threats. Probably the best visual depiction of this is the CYBERscape graphic as shown below.

Figure 1: Momentum Cyber’s CYBERSCAPE
Figure 1: Momentum Cyber’s CYBERSCAPE

When looking at the plethora of solutions available do you see one vendor that solves or protects against every threat there may be? No! Vendors sell solutions to a threat but not ALL of them. The stark reality is that this has led to most customers just buying more tools. Security teams from big enterprises now have an average of 76 security tools – an increase from 2019 when the average team was grappling with 64 security tools.

This brings up another relation to the tunnel vision problem that I like to call the “silos of excellence”. All too often we see security operations teams that have all the tools that may be needed to satisfy the risk profile and tolerance of the environment but guess what, they don’t talk to each other or integrate in any way, they work in their own silo of excellence and in many cases perform redundant or duplicative tasks of other solutions in the environment. So, how can we look at these problems differently and become more effective, efficient, and secure?

The key is to step back and look at the desired outcome and the CAPABILITIES needed to achieve that goal. By removing the boundaries of the solution or product in mind you can see how the puzzle pieces fit, or need to fit, together in a more integrated architecture. Taking a look at a non-exhaustive sample of a Next Generation Firewall:

Figure 2: Next Generation Firewall Capabilities
Figure 2: Next Generation Firewall Capabilities

We can see that the solution has many functions or capabilities that can fit the outcome in mind. As security practitioners, we need to assess and identify how these capabilities can be used singularly or through integration to potentially address the outcome. By breaking down the functions we can start to draw these connections more easily rather than focusing on a product-by-product mentality. Once all available solutions, ignoring license limitations, in the environment have been broken down into capabilities there are typically two stark realities that come to the surface. First is the realization of the number of overlapping capabilities deployed in the network like multiple firewalling capabilities. Second, is the recognition that the capabilities needed for the desired outcome already exist or can be added with licensing and implemented with minimal design manipulation or rearchitecting of the network. And …… VIOLA! Hopefully, the trigger has fired and the dots are starting to connect for you at this moment.

Once the dots have connected, or are in the process of being connected,  you are well on your way to your outcome with a likely large savings of procurement and project delivery costs. All too often we see customers following the white rabbit that leads to the “strange” place of complex network designs and new product after new product when the capability existed already and just wasn’t recognized. Just remember; Step back, look around, and assess the required outcome capabilities against the available capabilities before you go down the rabbit hole.

ModernCyber’s Assessment Services

If you are looking for guidance on top-of-mind outcomes like Zero Trust or Ransomware Readiness check out our services where we use this methodology to provide strategy, architecture, and technical implementation plans for success.

Schedule some time to speak with one of our experts.

Similar posts