printer friendly version

Tackling enterprise security ‘tool sprawl’

Michael de Neuilly Rice.

South African ICT solutions provider NEC XON is advocating a shift away from fragmented cybersecurity toolsets towards unified platforms, arguing that ‘tool sprawl’ is undermining the effectiveness of enterprise security operations.

Speaking about recent client engagements, Michael de Neuilly Rice, principal security architect at NEC XON, said organisations are increasingly struggling to manage sprawling collections of disconnected security tools.

“Across both new and existing environments, we consistently find a proliferation of point products,” De Neuilly Rice said. “Each tool is licensed separately, configured independently, and maintained in isolation. That places a heavy burden on already stretched security teams.”

De Neuilly Rice said modern security architecture must still address a wide range of domains - including endpoint, network, email, applications, data, identity, cloud and attack surface - but warned that simply adding more tools is not the answer.

“It only takes a single vulnerability for a threat actor to gain access, but adding more tools does not necessarily reduce that risk. In many cases, it increases complexity and introduces new points of failure.”

A platform approach eliminates the lack of integration

A key issue, according to De Neuilly Rice, is the lack of integration between tools, which limits visibility and slows response times. “Security teams often cannot see the full progression of an attack across systems. Analysts are forced to jump between multiple dashboards, manually correlate alerts, and respond in silos. That delay can be critical during an incident.”

He added that traditional approaches, where logs are funnelled into a SIEM (Security Information and Event Management) and automated through separate SOAR (Security Orchestration, Automation and Response) platforms, often compound the integration challenge rather than solve it.

NEC XON is instead promoting a platform-based model built around Palo Alto Networks’ Cortex suite, particularly Cortex XSIAM, which consolidates multiple security functions into a single environment.

“The shift is towards platformisation,” De Neuilly Rice said. “With Cortex XSIAM, you can ingest data from across the environment, apply correlation and analytics, and automate response - all within one platform. It effectively replaces the need for separate SIEM, SOAR and endpoint tools.”

The platform also integrates capabilities such as endpoint detection and response via Cortex XDR, alongside add-ons covering cloud security, attack surface management, data loss prevention and identity threat detection.

“One of the biggest advantages is the unified data lake,” he said. “All telemetry sits in one place, which enables centralised threat hunting and gives analysts a complete, end-to-end view of an attack.”

He said advances in AI and machine learning are further enhancing this approach. Machine learning helps correlate events that would otherwise appear unrelated, while agentic AI can assist with investigation, threat hunting and automation. That allows analysts to focus on higher-value work rather than managing tools.

Emergence of the modern SOC

De Neuilly Rice argued that this model represents a broader shift in how security operations centres (SOCs) are designed and run. “The modern SOC is no longer about stitching together dozens of products. It is about operating a unified platform where you can see the full attack narrative, respond quickly, and continuously improve your security posture.”

According to NEC XON, organisations that adopt this approach can reduce operational complexity, improve response times and achieve faster returns on their security investments. “Ultimately, this is about enabling security teams to do what they’re meant to do - detect, respond to and prevent threats - without being held back by their own technology stack.”

Share this article:

Further reading: