Part Two: The Dire Consequences of Tool Sprawl

In Part One of this series, we laid out the extent of tool sprawl in the enterprise. According to a recent Enterprise Strategy Group (ESG) survey, two thirds of enterprises utilize ten or more IT management and security applications. One in ten organizations run more than 20!

ESG delved into the consequences of operating so many tools across the enterprise. Researchers unearthed the fact that as the number of tools rises, more and more endpoints go unmanaged. Inevitably, this increases an organization’s attack surface and exposes it to greater risk, such as being the victim of a cyber-attack.

Here’s why: if an organization manages one group of endpoints with tool X, another group with tool Y, and yet another group with tool Z, it is nearly impossible to get a comprehensive view of the enterprise’s endpoints and environment. There is no single source of truth. Gaps are there, but no one notices. Attempts to inventory all endpoints fall far short of achieving full coverage. Patch rollouts may reach many endpoints – but not all. Vulnerability scans cover certain portions of the enterprise but miss others because most vulnerability scanners must be told exactly what to scan – and if you don’t know about it, you cannot scan it.

The Extent of Unmanaged Endpoints

ESG correlated the number of endpoint tools running with the quantity of unmanaged endpoints in existence. The analyst firm found that 50% of organizations operating more than 15 IT management and security tools had more than 20% of their total endpoints unmanaged i.e., despite all those tools in place, one in five endpoints (or more) were not being monitored or patched. A further 37% of businesses with more than 15 tools in action were found to have 11% to 20% of their endpoints completely unmanaged. 8% had 5-10% of their endpoints unmanaged, and the remaining 5% had less than 5% unmanaged. In other words, 100% of organizations with at least 15 tools running had some blind spots within the enterprise that attackers could use to breach security.

Endpoint Security and Management Tool Sprawl Is Having an Effect, ESG Research, 2023

As the number of tools lessened, the zones of non-coverage reduced. Still, 72% of those with 11-15 tools had more than 10% of endpoints unmanaged. That percentage drops to 47% for enterprises with 5-10 tools operating. Yet 15% of those with fewer than 5 tools to deal with still had at least 10% of endpoints unmonitored. 

Unmanaged Endpoints Magnify Cyber-Exposure

ESG followed up by tying lack of comprehensive management of endpoints to cyber-risk and exposure. 53% of organizations with 15 or more management and security tools experienced several cyberattacks related to unmanaged endpoints. Another 37% admitted to one cyberattack and 5% were unsure if any cyberattacks were due to unmonitored endpoints. Only 5% claimed to have not suffered a cyberattack that could be traced directly to unmanaged endpoints.

Endpoint Security and Management Tool Sprawl Is Having an Effect, ESG Research, 2023

One thing is clear: the fewer the tools in existence, the lower the risk of a breach. Only 12% of those with 11-15 tools running didn’t experience a cyberattack on unmanaged endpoints. That figure jumps to 22% for those running 5-10 tools and to 60% for those with fewer than five tools.

By lowering the number of tools running, the enterprise can become more secure. Obviously, those tools have to offer comprehensive coverage of endpoints. A balance is needed between tool consolidation and the ability to manage and monitor the entire enterprise and all endpoints.

Balance Tool Consolidation with Complete Endpoint Coverage

A unified approach to security and endpoint management can provide robust coverage of all endpoints and systems across your enterprise. Whether on-premises, in the cloud, or roaming (as mobile devices often do), a unified security and endpoint management solution detects, inventories, manages, and secures all endpoints.

Syxsense takes this unified approach of end-to-end management of all endpoints even further by offering automated identification and remediation of security vulnerabilities that may impact IT assets. With a built-in security scanner, Syxsense customers can see all devices with operating system (OS) and security vulnerabilities, weak spots, misconfiguration issues, and more. Syxsense pushes an extensive library of vulnerability remediations into its automation engine to resolve issues without significant human intervention (you can choose the level of human interaction based on your corporate risk profile.) And, with Syxsense, organizations can generate out-of-the-box reports for executive management, auditors, and regulatory agencies.

For more information, visit

In Part Three, we discuss the alphabet soup of security point solutions that many businesses have in place as they battle cybercriminals intent on breaking into the enterprise.