AdobeStock_603038431-2

The Uphill Battle of Consolidating Security Platforms

Last edited: August 1, 2023

A recently conducted survey of 51 CISOs and other security leaders a series of questions about the current demand for cybersecurity solutions, spending intentions, security posture strategies, tool preferences, and vendor consolidation expectations. While the report highlights the trends around platform consolidation over the short run, 82% of respondents stated they expect to increase the number of vendors in the next 2-3 years. Over the longer term, however, the analysts expect a 50% reduction in the number of cybersecurity vendors in use over the next 5-10 years.

I spoke with Ed Bailey, Cribl’s lead technical evangelist, about this possibility of consolidation. Unsurprisingly, we have some thoughts about consolidation. While the idea sounds appealing, the journey towards a single security platform is riddled with challenges, such as uneven product capabilities and limited integration between tools. In this blog, we delve into the complexities that hinder seamless consolidation and explore the ramifications of vendors’ restrictions on data export and tool usage.

Uneven Product Capabilities

While the pressure to consolidate on a single platform is evident, not all capabilities within these platforms are equally robust. Organizations may find that certain components, like event correlation, excel, while others, like case management or UEBA, fall short. This shortfall compels teams to seek additional tools offering superior capabilities in those specific areas. Despite the drive for consolidation, organizations will routinely resort to utilizing best-of-breed tools for specific functions, resulting in a fragmented security landscape and higher costs.

Data Flow and Integration

To reinforce their security operations, security teams often seek to establish reinforcement loops with custom analytics conducted in their security data lakes and other analytical platforms. However, many platforms operate as walled gardens, limiting the seamless exchange of data between vendors. This lack of data sharing slows the creation of effective reinforcement loops and inhibits organizations from leveraging the full potential of their security ecosystem. Other vendors support data export, but they intentionally remove essential fields and tags necessary to get value from the data in other tools, or with homegrown analytics.

The Role of Open Standards

Open standards, such as the Open Cybersecurity Framework (OCF), hold promise as potential solutions to the integration challenges faced by enterprises. However, widespread support and consistent adoption of these standards across the security tooling landscape remain elusive. The security community must collectively commit to embracing these open standards to overcome the hurdles of integration and unlock the true potential of consolidated security platforms.

Conclusion

The quest for a single security platform presents formidable integration challenges for enterprises. The unevenness of product capabilities, limited data sharing, and the absence of seamless integration pose significant obstacles. Organizations must carefully evaluate their needs, consider best-of-breed tools where necessary, and actively drive the adoption of open standards. By navigating these challenges with strategic planning and collaboration, enterprises can move closer to achieving a unified and resilient security architecture that safeguards their digital assets effectively.

If you want to dive into this topic in more detail, here’s a live stream recording where we discussed the same topics.

Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.

We offer free training, certifications, and a free tier across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started and continue to build and evolve. We also offer a variety of hands-on Sandboxes for those interested in how companies globally leverage our products for their data challenges.

More from the blog

get started

Choose how to get started

See

Cribl

See demos by use case, by yourself or with one of our team.

Try

Cribl

Get hands-on with a Sandbox or guided Cloud Trial.

Free

Cribl

Process up to 1TB/day, no license required.