The Uphill Battle of Consolidating Security Platforms

A recently conducted survey of 51 CISOs and other security leaders a series of questions about the current demand for cybersecurity solutions, spending intentions, security posture strategies, tool preferences, and vendor consolidation expectations. While the report highlights the trends around platform consolidation over the short run, 82% of respondents stated they expect to increase the number of vendors in the next 2-3 years. Over the longer term, however, the analysts expect a 50% reduction in the number of cybersecurity vendors in use over the next 5-10 years.

I spoke with Ed Bailey, Cribl’s lead technical evangelist, about this possibility of consolidation. Unsurprisingly, we have some thoughts about consolidation. While the idea sounds appealing, the journey towards a single security platform is riddled with challenges, such as uneven product capabilities and limited integration between tools. In this blog, we delve into the complexities that hinder seamless consolidation and explore the ramifications of vendors’ restrictions on data export and tool usage.

Uneven Product Capabilities

While the pressure to consolidate on a single platform is evident, not all capabilities within these platforms are equally robust. Organizations may find that certain components, like event correlation, excel, while others, like case management or UEBA, fall short. This shortfall compels teams to seek additional tools offering superior capabilities in those specific areas. Despite the drive for consolidation, organizations will routinely resort to utilizing best-of-breed tools for specific functions, resulting in a fragmented security landscape and higher costs.

Data Flow and Integration

To reinforce their security operations, security teams often seek to establish reinforcement loops with custom analytics conducted in their security data lakes and other analytical platforms. However, many platforms operate as walled gardens, limiting the seamless exchange of data between vendors. This lack of data sharing slows the creation of effective reinforcement loops and inhibits organizations from leveraging the full potential of their security ecosystem. Other vendors support data export, but they intentionally remove essential fields and tags necessary to get value from the data in other tools, or with homegrown analytics.

The Role of Open Standards

Open standards, such as the Open Cybersecurity Framework (OCF), hold promise as potential solutions to the integration challenges faced by enterprises. However, widespread support and consistent adoption of these standards across the security tooling landscape remain elusive. The security community must collectively commit to embracing these open standards to overcome the hurdles of integration and unlock the true potential of consolidated security platforms.

Conclusion

The quest for a single security platform presents formidable integration challenges for enterprises. The unevenness of product capabilities, limited data sharing, and the absence of seamless integration pose significant obstacles. Organizations must carefully evaluate their needs, consider best-of-breed tools where necessary, and actively drive the adoption of open standards. By navigating these challenges with strategic planning and collaboration, enterprises can move closer to achieving a unified and resilient security architecture that safeguards their digital assets effectively.

If you want to dive into this topic in more detail, here’s a live stream recording where we discussed the same topics.