Don’t aim for a 10 out of 10 solution from the get-go. If you don’t have insight into what you exactly want to achieve just yet, start off with some open-source tools. Buying a 500k/year SIEM solution won’t help you any better than an open-source SIEM if you don’t have proper processes in place yet, or don’t know what to look for.
Prevent information overload. This is a pitfall for a lot of cyber defenders, but more information is not necessarily better. Think of a use case you want to be able to detect within your network and only onboard the information needed to do so. Tools like the MiTRE ATT&CK and DETTECT framework are great tools in helping you do so.
Tools are means to an end. Figure out what your cybersecurity program needs to accomplish and pick the tools that help you do so. If you want to know whether you need certain tools in a modern cyber defense program, the answer should always be: it depends. Ask yourself what your budget is (in terms of money and staffing) and what risks you (or the company) are comfortable with. Then find a way to use your budget most effectively to address the cybersecurity risks you want to cover in your system or network, which might mean a shift away from more and more tools and onboarding dedicated defenders.
Evolving into a modern cyber defense program that focuses on detecting and responding to actual breaches using a risk-centric approach is essential in today’s rapidly changing threat landscape.