Cybersecurity Myth Busted: Tools Are the Solution

By: Justin Wray and Tim Grelling | October 12, 2021

When thinking about security, people often gravitate towards implementing various security tools, solutions, or products. If you bring up a security issue or gap, somebody can usually list example products that can assist with mitigation. However, tools are not a full solution; as we discussed on our previous webinar, security consists of continuous risk management processes. Trying to secure an organization, data, or an environment is not a process that revolves exclusively around tool deployment. That’s not to say that tools aren’t part of the picture. It’s just that the tools must be managed with ongoing processes and procedures.

You Can’t Set It and Forget It

No current security products let you “set it and forget it.” The products don’t let you deploy them, configure them once, and then walk away and get continuous security and coverage. There must be some management and monitoring that takes place around those tools.

And it’s not just the alerts. It’s also true management of those products and solutions. Obviously, there’s some type of maintenance and ongoing management that needs to take place, just like any other product or tool. Just like any other software solution, there are updates, patches, and security fixes for security products. In some cases, those updates include new features which might provide new capabilities to protect against new threats or detect new threats that the adversaries are putting forward.

Security tools also need to be monitored. They often provide alerts that individually may not hold a lot of value, but in aggregate, especially with other solutions and tools, your overall risk management process provides you with the information to act.

Security Tool Configuration Need to Stay Up to Date

Your organization isn’t static. Your organization and technical environments are changing, which means the configuration for the security products and solutions also need to be updated to meet your business needs. As your business evolves and your technical environment changes, so too must your tools change to match. As mentioned, security tools can have their own vulnerabilities that need to be patched – so make sure your tools are up to date.

Security Is a Process

Security is a process; there is no silver bullet. There’s a lot to it like third-party risk management, incident response planning, disaster recovery planning, and so on. No tools solve all those problems. It also requires business input. It requires you to go through risk management processes. Therefore, tools are not the solution; tools are part of the solution, but security products are not an exclusive or full solution – the full solution is to treat security as a risk management process.

Ransomware Drives Home the Point

The one example we’ve seen repeatedly over the last year that drives home this point is ransomware. It’s so prevalent in our clients and the security environment. So many organizations had solutions to back up their systems, and they’ve had them in place for many years. However, since they didn’t manage that tool, they didn’t look at current threats / vulnerabilities, and they were still doing backups the exact same way on a Windows Server connected to the network. Ransomware often attacks windows servers and can attack and encrypt those backup servers.

Tool management includes ensuring that your tools’ configurations, architecture, and controls are still applicable and are looking at new threats and challenges. It also includes asking yourself if you need to modify how you’re using your tools to make you more secure and ensure that your tools don’t become useless in the case of a ransomware attack.

Security Requires Full-Time Attention, Dedicated Staff, and Specialized Tools

Security is a risk management process; it’s focused on business risk. It’s not focused exclusively on technology, and it’s not focused exclusively on tools. It requires full time attention, dedicated staff, and specialized tooling that’s different from what’s generally used in IT. It’s continuous risk management – not tool deployment.

If you want to defend your organization against modern threats, then ask us about our Secure by Design offering. It combines managed services with technical consulting to form a comprehensive security program that reduces risk, accelerates threat response, and decreases total cost of IT ownership – all while improving your security posture. Learn more.

New call-to-action

As the Managing Director of Security Advisory at Core BTS, Justin helps organizations strategically maximize their security investments. With over 15+ years of industry experience, he has a unique perspective on the type of cybersecurity threats organizations face today.
As the Director of Innovation of Core BTS’ Security Practice, Tim specializes in helping clients develop strategies that cover all aspects of their IT security. Having been in the industry for 20+ years, Tim has worked with numerous Fortune 500 companies in various industries on their cybersecurity assessments.

Subscribe to our Newsletter

Stay informed on the latest technology news and trends

Relevant Insights

Your Imagination Isn’t the Limit—Your Infrastructure Is

Leading organizations immediately become more competitive when they discover and act on this one secret. Today, we spill the proverbial...
Read More about Your Imagination Isn’t the Limit—Your Infrastructure Is

Unleashing the Power of Conversation: How AI Can Transform Your Business

Learn how to unlock the potential of your organization’s data through the power of conversational AI Data overload is definitely...
Read More about Unleashing the Power of Conversation: How AI Can Transform Your Business

What A Good Data Center Assessment Should Include

A thorough evaluation of your data center is crucial to protect and optimize its operations and safeguard it from future...
Read More about What A Good Data Center Assessment Should Include