Five Ways to Simplify Your Cybersecurity Tool Stack

The complexity of cybersecurity technology stacks has emerged as one of the biggest challenges facing security teams.

Organisations juggle an average of 83 different security solutions from 29 vendors, according to a 2025 IBM report.

This vast architecture is impacting organisations’ ability to keep their systems secure due to factors such as lack of harmonisation in tech stacks and difficulties analysing across different platforms. Vast volumes of tooling also increases workloads and financial costs on teams.

According to research by Palo Alto Networks, almost two-thirds (64%) of UK organisations cited technology complexity and a lack of interoperability as the most significant challenge towards building a sophisticated security posture.

Simplifying security tool stacks should therefore be a core priority for security leaders. Here are five ways this can be achieved.

Recent years have seen large technology vendors look to broaden their cybersecurity offerings, often via acquisitions. This trend means that in theory, one, or just a few suppliers, can meet the security needs of an entire organisation.

An example of this “platformisation” approach is Google Unified Security, a product unveiled by the tech giant in April 2025. This converged AI-powered solution encompasses all of Google’s cybersecurity offerings, including cloud security, Google SecOps, secure browsing and threat intelligence provided by various sources, such as Mandiant and Google Threat Intelligence.  

The IBM report highlighted the improved operational efficiency that vendor consolidation offers security teams. The firm found that platformised organisations take 72 days less, on average, to detect a security incident and 84 days less to contain one.

This is largely due to seamless harmonisation across tooling, better intelligence sharing and the ability to automate responses to alerts faster when using a single platform.

Palo Alto found that 90% of UK organisations are open to platform-based approach to security, although only 41% have either fully consolidated or mostly consolidated their cyber solutions on security platforms.

Turning to a single, large vendor to meet an organisation’s security needs is arguably the simplest way security teams can simplify their tooling.

While platformisation will be tempting for many organisations, this approach does have its drawbacks. Relying on a single vendor’s capabilities means organisations are highly vulnerable if that one provider is compromised.

Using layers of security capabilities from multiple suppliers can help build defence-in-depth, if approached in the right way.

Security leaders should do their homework to ensure they select the right vendor for their organisation. This includes ensuring any prospective tooling fits within the existing technology architecture and strategy.

Startup vendors are worth considering in this regard. They are effective at tailoring their solutions to different customer needs and the tools startups develop are often designed to complement existing infrastructure.

Commenting for a recent Infosecurity article, Marianna Lopert-Shaye, global head of strategic partnerships & innovation, at financial services firm BNY, noted: “Startups can complement your existing stack with targeted capabilities that fill gaps, reduce latency or improve detection. And by engaging early, you shape their roadmap while strengthening your own.”

Many vendors will jump on such trends and end users will receive substantial marketing around new products or upgrades to existing tooling.

Organisations risk being sucked into such “hype cycles,” resulting in the procurement of new costly tools that are not necessarily appropriate or effective within business risk requirements.

Security leaders should be looking to enhance their capabilities, including with emergent technology, but need to ensure that new tools will make a meaningful difference to their organisation’s security.

This requires taking a holistic view of their entire architecture before implementing such tools. This approach can help prevent the build-up of convoluted security tool stacks.

Matt Muller, Field CISO, at Tines, advised end users to find AI tools that can be plugged in, tested and swapped out without disrupting the overall cybersecurity programme.

Governments across the US, EU and UK have pushed for technology providers to implement security by design into their products and services.

This includes the US government calling for the transition to memory safe programming languages, such as Rust, replacing memory unsafe languages like C and C++ in software.

A UK government-backed initiative called Digital Security by Design (DSbD), aims to go further, encouraging the development of hardware capabilities that prevent memory safety software vulnerabilities from occurring.

Other secure by design approaches include having multi-factor authentication (MFA) required by default and strict access controls built into a system from the outset.

Security by design can play a significant role in reducing the complexity of organisations’ security architecture by removing the need for additional security solutions, from vulnerability management to privileged access management.

While government guidance and regulation in this space is putting pressure on technology suppliers to implement secure by design principles, it is likely that end user pressure will be the biggest driver of change.

Security leaders should try and ensure their organisation demands stringent default security measures as part of the procurement process for any new technology.

In many crucial industries, including governments and energy firms, legacy technologies are still prevalent.

These are ageing technologies that are no longer supported with security updates from their original vendor and are usually incompatible with modern cybersecurity controls.

Legacy technologies add significant complexity for security teams as they require extra management in terms of identifying vulnerabilities and other weaknesses. Additionally, they often interact with modern applications and environments, further widening the attack surface.

Undertaking a robust plan to identify any legacy systems and replace them can help reduce the complexity of technology environments that security teams contend with.

In addition, a process should be put in place to replace systems early, before they are out of date.

Complex cybersecurity technology stacks are one of the key challenges facing security teams today, with fragmented tools making it harder to manage risk across their organisation and increasing the workload for cyber professionals.

There are a range of approaches security teams can take to reduce this complexity in their procurement strategies, from embracing a platform-based approach from a single vendor, to taking great care to ensure that all tools fit with existing architecture.

Additionally, the need for external security solutions can be significantly reduced by both demanding security is in-built into the technology infrastructure used by the organisation and phasing out legacy technology as soon as possible.

ADVERTISEMENT

Enjoyed this article? Make sure to share it!

Looking for something else?