A growing trend in the cybersecurity industry is to aggregate different point solutions into a comprehensive platform from a single vendor that addresses different aspects of cybersecurity, from endpoint protection to cloud-native security tools to automated detection and response.
Part of the impetus for this trend is a push from larger vendors, who obviously want to capture a larger share of the market. But there is also a pull from the customer base, as many companies find that they have too many cybersecurity vendors.
A recent survey by Check Point found that “27% of companies with 5,000 to 10,000 employees use 11 to 40 or more vendors.” Nearly all respondents (98%) said their companies use multiple consoles to manage security operations, and 79% said working with multiple security vendors is a challenge.
“When asked what they thought would be the best approach to improving security in their organization, 69% (of respondents) prioritized consolidation with fewer security vendors,” the Check Point report added.
In a Gartner survey, more than half (57%) of responding organizations said they already work with 10 or fewer cybersecurity vendors. It found that improved risk posture, not cost, was the primary driver of consolidation.
“If it's from one vendor, you're actually improving your efficiency, because there are far fewer skills that you need on your security team to manage all these different (tools),” Aviv Abramovich, head of security services product management at Check Point, tells us.
However, bringing together as many cybersecurity tools as possible into one platform is not an easy task. There are many pros and cons. Let’s get the bad news out of the way first and start with the cons.
Potential Downsides of Vendor Consolidation
Lack of diversity
The most obvious risk that may arise from consolidating all of your cybersecurity tools into a few platforms, or even just one platform, is reduced vendor diversification. You may not want to put all of your eggs in one basket, so to speak.
One long-term strategy recommended for businesses in the wake of the CrowdStrike outage in July is to diversify their vendor base to reduce the impact of future outages and eliminate the risk of a single point of failure.
Of course, since no platform (yet) provides all the cybersecurity tools a large company needs, this scenario may remain hypothetical only.
Seller's imprisonment
One risk associated with this is a lack of flexibility and choice if your organization becomes too closely tied to one supplier or a small group of suppliers. Long-term contracts may hinder your future options; a lack of innovation on the part of the supplier may negatively impact your security position. You will also lose some bargaining power if you are unable to use competing offers to negotiate pricing terms.
However, only a few bundled vendors will insist that you get the full package. Most good vendors will understand that you already have some solutions that you are happy with and want to keep. They will work with you to ensure that your legacy solutions integrate with their offerings.
“Vendor monopoly happens when you don’t have a good alternative,” says Check Point’s Abramovich. “We don’t expect a customer to adopt everything from us, or to have to adopt everything from Check Point in order to achieve a better level of security.”
The combined points solutions may not be the best of all.
Every cybersecurity company has its own strengths and weaknesses. A particular company is likely to excel in an aspect of cybersecurity it started out in, such as cloud security or identity and access management. It may also succeed in a different aspect of the field if it acquires another company that focuses on that.
But if a company naturally expands into a cybersecurity sector that you haven’t entered before, can you be sure that its offering is the best available? Or would it be better to partner with a leader in that sector?
Check Point's Abramovich acknowledges that many vendors have a comparative advantage in cybersecurity and that customers will want to take advantage of it.
“There are companies that have a lot of expertise in identity management,” he says. “You can use them as an identity provider. You can use Check Point, for example, to secure networks.”
Abramovich says you may want to keep separate solutions for specialized tasks, especially if your cybersecurity vendor also offers non-security services. Different programs have different purposes, and you want to make sure each one is as useful as possible.
“You might want to use separate vendors for security and networking,” he says. “Security needs to protect the network, and the network just wants to connect everywhere as best it can.”
Benefits of Assembling Your Own Security Tools
Now let's move on to the many benefits that cybersecurity vendor consolidation offers.
Fewer vendors and contracts
At a time when many companies feel like they have a lot of time on their hands, cutting back on cybersecurity vendors—and cybersecurity service agreements—is a great way to reduce the frustration. You’ll develop better relationships with the vendors you choose to continue working with, and your CISO will get more sleep.
Reduce costs and simplify budgeting
If you consolidate your security tools with fewer vendors, you should (at least in theory) see some cost reduction. (If not, you may need to play harder in negotiations.) But either way, it will be much easier to budget for next quarter.
Reduced need for ongoing employee retraining
If your security practitioners need to use fewer tools, they won’t need as broad a skill set. They’ll also need less retraining as tools are updated and upgraded. But that shouldn’t be an excuse to start cutting staff. Use it as an opportunity to make sure your employees can now do their jobs better.
Low rate of corrections and updates
Less software means fewer updates and fixes to worry about. If you use 50 different cybersecurity tools, you’ll likely have to run updates several times a week; if you only use 10 tools, your patching workload will be significantly reduced.
Reduce misconfiguration and non-compliance
Less software also means you’re less likely to make a mistake. This is especially true if your security staff (or whoever can create a new cloud instance) is well-trained in the few things they need to use, rather than a whole bunch of things they rarely use. And getting it right more often greatly reduces the risk of accidentally falling out of regulatory compliance.
Improve compatibility between different point solutions.
There is no doubt that different point solutions bundled into a single platform will (or should) work well with each other. The result is that point solutions that are not part of a single platform will also have to be compatible with fewer other pieces of software, resulting in a smaller set of APIs to worry about and greater efficiency across the board.
Increase the efficiency of automated detection and response
Greater compatibility means smoother interoperability between different solutions. This in turn leads to more opportunities for automation, which is where the real gains in cybersecurity can be found.
If you can set up your security software to streamline processes between different point solutions and automatically take the initial steps toward mitigation when an incident is detected, you'll free up your security personnel to spend more time on the hard stuff instead of chasing minor annoyances.
Fewer panes of glass to monitor, more to see.
Integrating your security tools means your security staff will need to monitor fewer screens and will get the information they need faster. Greater compatibility between different point solutions will also give your security team greater visibility into your operations so anomalies and incidents can be noticed and addressed more quickly.
“If you can’t see the event from beginning to end, you’re just dealing with the symptoms,” says Abramovic. “If you have full visibility from beginning to end, you’re much safer.”
Less alerting noise
Using fewer security tools, fewer screens, increased visibility, greater device compatibility, and increased automation can reduce the noise generated by security alerts that can be overwhelming to your security staff. Less noise means fewer distractions and more time to focus on the truly critical incidents and issues.
You still have a choice.
Whichever route you choose, the details are entirely up to you, whether it’s keeping multiple of your point solutions or bundling as many as possible into a few platforms. A good vendor that offers a unified solution should allow you to choose the features you want and offer them to work with the competing solutions you decide to keep.
“I don’t force you to run Check Point on your endpoint or cloud. I recommend it. It’s better if you do — you’ll get a better experience and better security as a result. But if you choose to use other vendors, we’ll work with them in the same way,” Abramovich says.
