Cybersecurity tool sprawl has become a pressing concern as companies grapple with expanding data resources. Wrangling several disparate tools and platforms created exploitable cracks for cyber attackers to exploit.

Discussing cybersecurity tooling strategy with ICE’s Ryan Hebert.

Dealing with tool sprawl, while aligning business and technical objectives, is a crucial responsibility for today’s business information security officers.

“About four years ago, we knew we had a pretty bad sprawl problem because we were building and buying things like crazy,” said Ryan Hebert (pictured), business information security officer of the Clear Credit business units of the New York Stock Exchange, Fixed Income & Data Services and Intercontinental Exchange Inc. “We’ve got 40 different major business units spanning a lot of different things. All essentially the same, trying to give transparency to our customers across markets of different instruments. We’re different in a lot of cases to most people in the fact that we have to secure on-prem and data centers we own, some places that we silo information but also in the cloud across all three major providers.”

Hebert spoke with theCUBE Research’s John Furrier and Savannah Peterson at the Black Hat USA event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed strategies for companies to streamline and optimize tools to reduce complexity and stay ahead of emerging threats through a combination of in-house innovation and strategic vendor partnerships.

Building vs. buying: A strategic approach to tackling tool sprawl

Despite a trend toward consolidation in the industry, the reality for many enterprises is an ever-growing array of tools and solutions. At ICE, this has led to a concerted effort to streamline and optimize the security infrastructure, according to Hebert.

“What we’re doing is, I’m building an internal tool — I’m working with our procurement team,” he said. “And my replacement who now runs GRC in the group, he’s an amazing practitioner, we’re locking together everything that shows what tool affects what risk, if we built it or if we bought it, and then stacking them up against our threats. So in places where we’ve got six belts and suspenders, probably don’t need to do anything there.”

By mapping each tool against the specific risks it addresses and tying this to contract expirations, the BISO can make informed decisions about whether to build in-house solutions or continue relying on external vendors. This approach not only reduces unnecessary complexity but also ensures that the organization remains agile in responding to new threats.

ICE has a cohesive engineering team dedicated to cybersecurity, allowing the organization to take a “build versus buy” approach to many of its security needs. ICE has encouraged the building of in-house solutions when possible, directing the expertise of internal teams to develop tools tailored to its specific requirements, according to Hebert.

“These folks are building stuff that we’re using on a day-to-day basis for root cause analysis, for threat intelligence,” he said. “And piping all of that together through a SIEM or a data lake and identifying and automatically categorizing all cyber incidents, it’s fantastic. To that end, I want to use that ability and span out and sprawl out and see if we’re doing something that we can make ourselves or if we need to work with the subject matter experts in this space and buy this product.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE Research’s coverage of the Black Hat USA event: 

Photo: SiliconANGLE