{"id":25772,"date":"2024-08-11T00:47:22","date_gmt":"2024-08-10T23:47:22","guid":{"rendered":"https:\/\/healthmedicinet.com\/business\/ices-strategic-approach-to-managing-cybersecurity-tool-sprawl-business\/"},"modified":"2024-08-11T00:47:22","modified_gmt":"2024-08-10T23:47:22","slug":"ices-strategic-approach-to-managing-cybersecurity-tool-sprawl-business","status":"publish","type":"post","link":"https:\/\/healthmedicinet.com\/business\/ices-strategic-approach-to-managing-cybersecurity-tool-sprawl-business\/","title":{"rendered":"ICE&#8217;s strategic approach to managing cybersecurity tool sprawl &#8211; Business"},"content":{"rendered":"<p>\n<\/p>\n<div>\n<p>Cybersecurity tool sprawl has become a pressing concern as companies grapple with expanding data resources. Wrangling several disparate tools and platforms created exploitable cracks for cyber attackers to exploit.<\/p>\n<div id=\"attachment_666463\" style=\"width: 310px\" class=\"wp-caption alignright\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-666463\" src=\"https:\/\/d15shllkswkct0.cloudfront.net\/wp-content\/blogs.dir\/1\/files\/2024\/08\/IMG_9850-300x200.jpg\" alt=\"Managing tool sprawl at ICE: Explore strategies for streamlining security, aligning with business goals, and tackling emerging threats.\" width=\"300\" height=\"200\" srcset=\"https:\/\/d15shllkswkct0.cloudfront.net\/wp-content\/blogs.dir\/1\/files\/2024\/08\/IMG_9850-300x200.jpg 300w, https:\/\/d15shllkswkct0.cloudfront.net\/wp-content\/blogs.dir\/1\/files\/2024\/08\/IMG_9850-768x512.jpg 768w, https:\/\/d15shllkswkct0.cloudfront.net\/wp-content\/blogs.dir\/1\/files\/2024\/08\/IMG_9850-800x533.jpg 800w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\"\/><\/p>\n<p class=\"wp-caption-text\">Discussing cybersecurity tooling strategy with ICE\u2019s Ryan Hebert.<\/p>\n<\/div>\n<p>Dealing with tool sprawl, while aligning business and technical objectives, is a crucial responsibility for today\u2019s business information security officers.<\/p>\n<p>\u201cAbout four years ago, we knew we had a pretty bad sprawl problem because we were building and buying things like crazy,\u201d said\u00a0<a href=\"https:\/\/www.linkedin.com\/in\/ryan-hebert-1b420416\/\">Ryan Hebert<\/a> (pictured), business information security officer of the Clear Credit business units of the New York Stock Exchange, Fixed Income &amp; Data Services and Intercontinental Exchange Inc. \u201cWe\u2019ve got 40 different major business units spanning a lot of different things. All essentially the same, trying to give transparency to our customers across markets of different instruments. We\u2019re different in a lot of cases to most people in the fact that we have to secure on-prem and data centers we own, some places that we silo information but also in the cloud across all three major providers.\u201d<\/p>\n<p><span style=\"font-weight: 400;\">Hebert spoke with theCUBE Research\u2019s <a href=\"https:\/\/www.linkedin.com\/in\/furrier\">John Furrier<\/a>\u00a0and\u00a0<a href=\"https:\/\/www.linkedin.com\/in\/savannahpeterson\/\">Savannah Peterson<\/a> at the <\/span><a href=\"https:\/\/www.thecube.net\/events\/informa-tech\/black-hat-usa-2024\"><span style=\"font-weight: 400;\">Black Hat USA event<\/span><\/a><span style=\"font-weight: 400;\">, during an exclusive broadcast on  Media\u2019s livestreaming studio. They discussed strategies for companies to streamline and optimize tools to reduce complexity and stay ahead of emerging threats through a combination of in-house innovation and strategic vendor partnerships. <\/span><\/p>\n<h3>Building vs. buying: A strategic approach to tackling tool sprawl<\/h3>\n<p>Despite a trend toward consolidation in the industry, the reality for many enterprises is an ever-growing array of tools and solutions. At ICE, this has led to a concerted effort to streamline and optimize the security infrastructure, according to Hebert.<\/p>\n<p>\u201cWhat we\u2019re doing is, I\u2019m building an internal tool \u2014 I\u2019m working with our procurement team,\u201d he said. \u201cAnd my replacement who now runs GRC in the group, he\u2019s an amazing practitioner, we\u2019re locking together everything that shows what tool affects what risk, if we built it or if we bought it, and then stacking them up against our threats. So in places where we\u2019ve got six belts and suspenders, probably don\u2019t need to do anything there.\u201d<\/p>\n<p>By mapping each tool against the specific risks it addresses and tying this to contract expirations, the BISO can make informed decisions about whether to build in-house solutions or continue relying on external vendors. This approach not only reduces unnecessary complexity but also ensures that the organization remains agile in responding to new threats.<\/p>\n<p>ICE has a cohesive engineering team dedicated to cybersecurity, allowing the organization to take a \u201cbuild versus buy\u201d approach to many of its security needs. ICE has encouraged the building of in-house solutions when possible, directing the expertise of internal teams to develop tools tailored to its specific requirements, according to Hebert.<\/p>\n<p>\u201cThese folks are building stuff that we\u2019re using on a day-to-day basis for root cause analysis, for threat intelligence,\u201d he said. \u201cAnd piping all of that together through a SIEM or a data lake and identifying and automatically categorizing all cyber incidents, it\u2019s fantastic. To that end, I want to use that ability and span out and sprawl out and see if we\u2019re doing something that we can make ourselves or if we need to work with the subject matter experts in this space and buy this product.\u201d<\/p>\n<p><span style=\"font-weight: 400;\">Here\u2019s the complete video interview, part of SiliconANGLE\u2019s and theCUBE Research\u2019s coverage of the <\/span><a href=\"https:\/\/www.thecube.net\/events\/informa-tech\/black-hat-usa-2024\"><span style=\"font-weight: 400;\">Black Hat USA event<\/span><\/a><span style=\"font-weight: 400;\">:\u00a0<\/span><\/p>\n<p><iframe loading=\"lazy\" title=\"Ryan Hebert, NYSE | Black Hat 2024\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/E0fh5g1BIUs?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<h5><\/h5>\n<div class=\"silic-after-content\" id=\"silic-1455427203\">\n<hr style=\"border: 1px solid; color: #d8d8d8; height: 0px; margin-top: 20px;\"\/>\n<h3><span style=\"font-size: 16px;\"><\/span><\/h3>\n<h3><span style=\"font-size: 16px;\"> \u00a0<\/span><\/h3>\n<h3><a href=\"\"><\/a><\/h3>\n<h3><span style=\"font-size: 16px;\"><\/span><\/h3>\n<div>\n<p>\n \u2013 <\/strong><\/figure>\n<\/p>\n<\/div>\n<p><strong><\/strong><\/p>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity tool sprawl has become a pressing concern as companies grapple with expanding data resources. Wrangling several disparate tools and platforms created exploitable cracks for cyber attackers to exploit. Discussing cybersecurity tooling strategy with ICE\u2019s Ryan Hebert. Dealing with tool sprawl, while aligning business and technical objectives, is a crucial responsibility for today\u2019s business information [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-25772","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/healthmedicinet.com\/business\/wp-json\/wp\/v2\/posts\/25772","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/healthmedicinet.com\/business\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/healthmedicinet.com\/business\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/healthmedicinet.com\/business\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/healthmedicinet.com\/business\/wp-json\/wp\/v2\/comments?post=25772"}],"version-history":[{"count":0,"href":"https:\/\/healthmedicinet.com\/business\/wp-json\/wp\/v2\/posts\/25772\/revisions"}],"wp:attachment":[{"href":"https:\/\/healthmedicinet.com\/business\/wp-json\/wp\/v2\/media?parent=25772"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/healthmedicinet.com\/business\/wp-json\/wp\/v2\/categories?post=25772"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/healthmedicinet.com\/business\/wp-json\/wp\/v2\/tags?post=25772"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}