So what is the answer?
Its time for organisations to take a deep breath, look at what they are trying to actually achieve, and put processes in place to make it happen. Of course tools are important, but their job is to feed useable information to the security folks who are there to stop the bad guys. Aggregation of information, correlation of events, and real, useful security intelligence is whats needed.
Much as in Macbeths quote from the beginning of this piece, the meaningless tales told by disjointed and non-integrated security tools tell us nothing. Over the last few years, security information and event management (SIEM) technologies have taken some steps to address this problem, but they do not go far enough by themselves. What is needed is something far more systemic and broad, crossing silos of security, identity management and operations.
Good processes that ensure the security team gets information on events when they need it and only when they need it, good filtering of the background noise, intelligent integration with other business technology (especially change management), and even automated response can and will provide both the tactical support for security teams to do their job more effectively, as well as the strategic gains of extending the value of the tools already in place.
This approach is good security because it actually lessens complexity. Its good for the security teams because at least they have better information that is more easily accessible. Ultimately its good for the business as a whole, extending as it does, the power of people and technology already in place.
Geoff Webb is senior manager of Product Marketing, NetIQ.
Sign up for Computerworld eNewsletters.