Avoiding Security Solution Tunnel Vision

Tunnel vision, or in other words losing sight of the bigger picture, due to intense focus on a specific problem, solution, or technology is a situation that I feel we cyber professionals battle with daily. Management needs a solution to a problem, or new mandates require action or answers in a certain timeframe which can easily lead to focusing on one solution or product. In turn, the result commonly ends with not seeing the broader impact or capabilities already available to meet the needs of such asks. With the large amount of tools and solutions available for the many threats and attacks we see daily, we need to step back, look broader, and use a different perspective to solve cybersecurity challenges today.

The cybersecurity market has no shortage of tools and solutions to solve challenges and provide protection from threats. Probably the best visual depiction of this is the CYBERscape graphic as shown below.

_{Figure 1: Momentum Cyber’s CYBERSCAPE}

When looking at the plethora of solutions available do you see one vendor that solves or protects against every threat there may be? No! Vendors sell solutions to a threat but not ALL of them. The stark reality is that this has led to most customers just buying more tools. Security teams from big enterprises now have an average of 76 security tools – an increase from 2019 when the average team was grappling with 64 security tools.

This brings up another relation to the tunnel vision problem that I like to call the “silos of excellence”. All too often we see security operations teams that have all the tools that may be needed to satisfy the risk profile and tolerance of the environment but guess what, they don’t talk to each other or integrate in any way, they work in their own silo of excellence and in many cases perform redundant or duplicative tasks of other solutions in the environment. So, how can we look at these problems differently and become more effective, efficient, and secure?

The key is to step back and look at the desired outcome and the CAPABILITIES needed to achieve that goal. By removing the boundaries of the solution or product in mind you can see how the puzzle pieces fit, or need to fit, together in a more integrated architecture. Taking a look at a non-exhaustive sample of a Next Generation Firewall:

_{Figure 2: Next Generation Firewall Capabilities}

Once the dots have connected, or are in the process of being connected,  you are well on your way to your outcome with a likely large savings of procurement and project delivery costs. All too often we see customers following the white rabbit that leads to the “strange” place of complex network designs and new product after new product when the capability existed already and just wasn’t recognized. Just remember; Step back, look around, and assess the required outcome capabilities against the available capabilities before you go down the rabbit hole.

ModernCyber’s Assessment Services​

If you are looking for guidance on top-of-mind outcomes like Zero Trust or Ransomware Readiness check out our services where we use this methodology to provide strategy, architecture, and technical implementation plans for success.