x
Security Platforms

The Uphill Battle of Consolidating Security Platforms

August 1, 2023
Written by
Nick Heudecker's Image

Nick Heudecker leads market strategy and competitive intelligence at Cribl. Prior to join... Read Moreing Cribl, he spent over seven years as an industry analyst at Gartner, covering the data and analytics market. With over twenty years of experience, he has led engineering and product teams across multiple successful startups in the media and advertising industries. Read Less

Categories: Learn

A recently conducted survey of 51 CISOs and other security leaders a series of questions about the current demand for cybersecurity solutions, spending intentions, security posture strategies, tool preferences, and vendor consolidation expectations. While the report highlights the trends around platform consolidation over the short run, 82% of respondents stated they expect to increase the number of vendors in the next 2-3 years. Over the longer term, however, the analysts expect a 50% reduction in the number of cybersecurity vendors in use over the next 5-10 years.

I spoke with Ed Bailey, Cribl’s lead technical evangelist, about this possibility of consolidation. Unsurprisingly, we have some thoughts about consolidation. While the idea sounds appealing, the journey towards a single security platform is riddled with challenges, such as uneven product capabilities and limited integration between tools. In this blog, we delve into the complexities that hinder seamless consolidation and explore the ramifications of vendors’ restrictions on data export and tool usage.

Uneven Product Capabilities

While the pressure to consolidate on a single platform is evident, not all capabilities within these platforms are equally robust. Organizations may find that certain components, like event correlation, excel, while others, like case management or UEBA, fall short. This shortfall compels teams to seek additional tools offering superior capabilities in those specific areas. Despite the drive for consolidation, organizations will routinely resort to utilizing best-of-breed tools for specific functions, resulting in a fragmented security landscape and higher costs.

Data Flow and Integration

To reinforce their security operations, security teams often seek to establish reinforcement loops with custom analytics conducted in their security data lakes and other analytical platforms. However, many platforms operate as walled gardens, limiting the seamless exchange of data between vendors. This lack of data sharing slows the creation of effective reinforcement loops and inhibits organizations from leveraging the full potential of their security ecosystem. Other vendors support data export, but they intentionally remove essential fields and tags necessary to get value from the data in other tools, or with homegrown analytics.

The Role of Open Standards

Open standards, such as the Open Cybersecurity Framework (OCF), hold promise as potential solutions to the integration challenges faced by enterprises. However, widespread support and consistent adoption of these standards across the security tooling landscape remain elusive. The security community must collectively commit to embracing these open standards to overcome the hurdles of integration and unlock the true potential of consolidated security platforms.

Conclusion

The quest for a single security platform presents formidable integration challenges for enterprises. The unevenness of product capabilities, limited data sharing, and the absence of seamless integration pose significant obstacles. Organizations must carefully evaluate their needs, consider best-of-breed tools where necessary, and actively drive the adoption of open standards. By navigating these challenges with strategic planning and collaboration, enterprises can move closer to achieving a unified and resilient security architecture that safeguards their digital assets effectively.

If you want to dive into this topic in more detail, here’s a live stream recording where we discussed the same topics.

 


 

Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.

We offer free training, certifications, and a generous free usage plan across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started. We also offer a hands-on Sandbox for those interested in how companies globally leverage our products for their data challenges.

.
Blog
Feature Image

Cribl and CrowdStrike Partner to Transform Data Management for SIEM Solutions

Read More
.
Blog
Feature Image

Mastering Tail Sampling for OpenTelemetry: Cost-Effective Strategies with Cribl

Read More
.
Blog
Feature Image

The Stream Life Podcast 110: Microsoft Azure + Cribl – Better together

Read More
pattern

Try Your Own Cribl Sandbox

Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.

box

So you're rockin' Internet Explorer!

Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari

Got one of those handy?