Fixing the Broken State of Security Portfolios

Most enterprises are drowning in security tools. According to IBM, on average, organizations run more than 80 different products; some of our customers manage hundreds. The result? Bloated portfolios, wasted spend, and security leaders stuck firefighting with spreadsheets, procurement systems, and asset tools that simply aren’t up to the task.

When we founded ESPROFILER, it was after years of helping customers deploy and extract value from security products. I worked across finance, retail, government, and manufacturing, and no matter the sector, the same problems kept repeating:

• Tools poorly implemented or left as shelf ware.
• Products purchased that didn’t align with actual threats and requriements.
• Solutions purchased in silos, with no awareness of what other departments already had.

A Broken Cycle

I remember speaking with consultants who had been in the field far longer than I. One comment stuck:

“Our careers revolve around the same handful of customers. We spend a year implementing a solution, move to the next company to do the same, and by the time we’ve finished a few projects, we’re back replacing what we just put in.”

That struck me as madness. The licensing costs alone were enormous, but when you factored in implementation, the money burned was staggering. Security budgets exist to defend organizations, yet so much of it was simply disappearing into inefficiency.

Disjointed and Reactive

Inside large enterprises, it doesn’t take long to see how this happens. Procurement teams manage contracts in spreadsheets, reacting to whatever’s next. Some organisations rely on sizable architecture or innovation teams to keep track. Others push it onto product owners, most of whom inherit tools based on decisions and requirements before them  and often lack a wider view of the company’s full tooling and broader strategy.

The numbers are eye-opening. IBM’s research suggests the average enterprise has 83 security products. In practice, across our customers, we regularly see portfolios in the hundreds. On a three-year contract cycle, that means an average of two to three renewals every month, often far more.

Each renewal is complex. Teams need to juggle replacement times, contract end dates, notice periods, uplifts, staggered terms, overlaps, and whether the technology still aligns with the company’s strategy. Ideally, they should also scan the market for better options. Miss a notice period, and you’re often forced into a renewal, sometimes at an uplifted rate if not locked into the contract.

Shifting Sands

The landscape is in constant flux. Mergers and acquisitions create overlapping capabilities. Vendors build new native security features into the tools business units already use, often outside the security team’s visibility. Code repository management and CI platforms are good examples of this.

And in the middle of it all sits the CISO. On top of running a first-class security service, they’re expected to reconcile a sprawling portfolio, report to procurement and finance officers, and justify spend. Too often, this is done manually, reactively, and with huge amounts of full-time effort wasted on administration instead of strategy.

Why ESPROFILER Exists

We believed there had to be a better way: one that bridges the commercial, financial, and technical worlds of security. That’s why we built ESPROFILER, a platform for security portfolio management and intelligence.

ESPROFILER continuously discovers what the business is buying (or considering buying) across departments. It builds a renewal decision calendar, highlights overlap and gaps, and provides insights that support compliance and reporting. It captures product-owner sentiment and usage data, then brings everything together so that security leaders can justify cost and deploy their budgets in the smartest, most effective way.

Because security budgets should defend organizations, not get lost in spreadsheets, asset inventories, procure-to-pay systems, and shelf ware.

A Bit of Fun

To highlight this challenge in a lighter way, we created Cyber Snake, a throwback for anyone who remembers the old Nokia game. It’s our analogy for how hard managing a growing security portfolio is using technology from that era.-

Click Here to Play Cyber Snake

We hope you enjoy it.