September 21, 2023 By Jonathan Reed 4 min read

Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging.

We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. Today, cybersecurity has taken a seat in core business strategy discussions as the risks and costs have risen dramatically.

For this reason, 75% of organizations seek to consolidate the number of cybersecurity vendors they use. Driving factors include heightened concerns about operational complexity and a need to improve risk mitigation, according to Gartner research.

Security comes first

John Watts, VP analyst at Gartner, commented, “Security and risk management leaders are increasingly dissatisfied with the operational inefficiencies and the lack of integration of a heterogenous security stack. As a result, they are consolidating the number of security vendors they use.”

Gartner found that organizations want to consolidate their security vendors to reduce complexity and improve risk posture. Surprisingly, cost or procurement factors aren’t the main drivers of consolidation. With consolidation, 65% percent of surveyed organizations expect to improve their overall risk posture. But only 29% of respondents expect reduced spending on licensing.

Meanwhile, some entities have not pursued security vendor consolidation yet. They cite time constraints and rigid vendor partnerships as impeding factors. But trends in regulation, as well as rising cyber threats, make swift action all the more important.

How to consolidate cybersecurity

Two security solutions are notably effective at achieving consolidation: secure access service edge (SASE) and extended detection and response (XDR). The Gartner survey found that 41.5% of respondents planned to have implemented SASE within their organizations by the end of 2022, while 54.5% had plans to adopt XDR by the end of 2022.

“Security and risk management leaders must consider XDR and SASE as compelling options to start their consolidation journey,” said Dionisio Zumerle, VP analyst at Gartner. “SASE provides secure enterprise access, while XDR focuses on detecting and responding to threats through increased visibility on networks, cloud, endpoints and other components.”

Gartner researchers found that 57% of organizations resolved security threats faster after implementing an XDR strategy. Meanwhile, over half of the surveyed organizations use SASE projects to simplify network and security policy management and improve security posture.

Explore QRadar EDR

Old habits die hard

Despite the results of the survey, security leaders often find it difficult to embrace these improvements. Inherited architectures are a common obstacle that takes additional time to remedy. Speaking recently at the Gartner Security & Risk Management Summit in National Harbor, Leigh McMullen, Gartner VP analyst, said, “A lot of cybersecurity technology is driven by the technology choices of other parts of the enterprise.”

Nevertheless, vendors are trying to help organizations embrace centralized security solutions. Part of this may be due to looming mandates by the federal government that insist on weaving security into core products.

Despite economic headwinds, CISOs and IT decision-makers do have access to additional funding. And many seek to maximize the value of their existing security tools, as per Nuspire research. The overarching goal is to create a more streamlined and simplified security environment.

How XDR helps consolidate cybersecurity

Extended detection and response (XDR) is an open cybersecurity architecture that integrates security tools and unifies security operations across multiple security layers, including users, endpoints, email, applications, networks, cloud workloads and data. With XDR, disparate security solutions can interoperate for threat prevention, detection, investigation and response.

XDR establishes visibility between security tools and layers. This makes it easier for security teams to detect and resolve threats faster and more efficiently. XDR also facilitates the ability to capture more complete, contextual data for making better security decisions and preventing future attacks.

According to IBM’s Cost of a Data Breach, organizations with XDR deployed cut data breach lifecycles by 29 days and lowered breach costs by 9% on average compared to organizations without XDR.

How SASE helps consolidate cybersecurity

Secure Access Service Edge (SASE) is a cloud-native security solution that provides seamless and secure access to any application from any location or device. SASE combines security with wide area network (WAN) infrastructure. With SASE, software-defined wide area networking (SD-WAN) converges with cloud-delivered network security technologies, such as a cloud access security broker, firewall-as-a-service and zero trust network access. And it’s all packaged into a single, cloud-delivered service model.

SASE helps protect and safeguard network access and enables centralized and consistent access management to apps. This means rather than fighting against the challenges of remote work, SASE leverages it.

SASE provides a network access solution based on zero trust methods which can replace VPN connectivity. The result is a flexible and scalable cloud-delivered access solution that can adapt to employees working in and out of the office. At its core, SASE improves consistency within operations through convergence. SASE scales remote access infrastructure capacity, reduces latency that comes from a growing hybrid workforce and consolidates and decommissions legacy technologies.

SASE can also help enable edge computing to receive branch-to-cloud protection, and it can be used to integrate edge computing security. This, in turn, further enables other business drivers, such as IoT and 5G.

With SASE, a reduced number of unintegrated tools in the IT and security stack make up for limited technical on-site resources. With fewer tool requirements, companies reduce the cost of hiring experts. It also takes the burden off overworked IT teams.

Together or separate, but united

As per Gartner, the majority of surveyed organizations want SASE and XDR to work together. Still, some security and risk management leaders may opt to keep them distinct from one another but with interoperable capability. This approach was validated by 46% of surveyed organizations. As per Gartner experts, the SASE / XDR distinction allows for flexibility to select best-of-breed functionality.

In order to navigate an increasingly complex security landscape, a large part of the solution will be found in simplification. Consolidation makes security insight, strategy and response easier for security teams. And this gives them the upper hand in reducing the damage caused by adversary TTPs.

More from Risk Management

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Roundup: The top ransomware stories of 2024

2 min read - The year 2024 saw a marked increase in the competence, aggression and unpredictability of ransomware attackers. Nearly all the key numbers are up — more ransomware gangs, bigger targets and higher payouts. Malicious ransomware groups also focus on critical infrastructure and supply chains, raising the stakes for victims and increasing the motivation to cooperate.Here are the biggest ransomware stories of 2024.Ransomware payments reach record highRansomware payments surged to record highs in 2024. In the first half of the year, victims…

83% of organizations reported insider attacks in 2024

4 min read - According to Cybersecurity Insiders' recent 2024 Insider Threat Report, 83% of organizations reported at least one insider attack in the last year. Even more surprising than this statistic is that organizations that experienced 11-20 insider attacks saw an increase of five times the amount of attacks they did in 2023 — moving from just 4% to 21% in the last 12 months.With insider threats on the rise, it’s critical for businesses to recognize the real dangers that originate from inside…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today