A well functioning and capable security program requires a blend of tools and solutions. Organizations typically make purchases based upon their immediate needs (or maybe those they had 12 months ago when the thought first crossed someone’s mind), and then hopefully implement said purchases. Buying and implementing though is just a portion of the lifecycle of those tools. What’s often forgotten along with things like daily care and feeding, is to periodically reassess that investment.
As business requirements and the threat landscape changes, there’s a habit to look for whatever is new and sexy, rather than re-examining the capabilities of prior security investments. This might be caused by discontent with the existing solution that grows as users become more familiar with it. Negativity is louder and easier than positivity. Often perceived issues with solutions are the result a myriad of issues including the solution not being fully or properly implemented, not being properly maintained, poor adoption, or maybe it was a bad choice - in which case, go ahead find something new.
Replacing solutions causes disruption, work, and cost though, so before deciding it was a bad choice, re-examine that investment to determine whether you are actually maximizing the return on the initial investment. Unless they have been abandoned by their creators, solutions and tools constantly evolve. Instead of replacing or layering additional tools, look again at current capabilities - not what was there when you implemented. This is especially true of SaaS solutions that rapidly and easily evolve over time. It’s easy to miss or ignore improvements in SaaS because you are not doing the software update yourself. One constant for change within software is convergence as it grows. Over time, solutions start offering more features outside of their original and core functionality, and you might find that a missing capability or suitable surrogate has been added to something you already have.
A well functioning security program is a journey, not a destination. Periodically evaluate the maturity of your program by maintaining an inventory of your tools and solutions. Reassess capabilities, factor in business and threat changes, and this becomes your new security program recipe.