September 21, 2023 By Jonathan Reed 4 min read

Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging.

We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. Today, cybersecurity has taken a seat in core business strategy discussions as the risks and costs have risen dramatically.

For this reason, 75% of organizations seek to consolidate the number of cybersecurity vendors they use. Driving factors include heightened concerns about operational complexity and a need to improve risk mitigation, according to Gartner research.

Security comes first

John Watts, VP analyst at Gartner, commented, “Security and risk management leaders are increasingly dissatisfied with the operational inefficiencies and the lack of integration of a heterogenous security stack. As a result, they are consolidating the number of security vendors they use.”

Gartner found that organizations want to consolidate their security vendors to reduce complexity and improve risk posture. Surprisingly, cost or procurement factors aren’t the main drivers of consolidation. With consolidation, 65% percent of surveyed organizations expect to improve their overall risk posture. But only 29% of respondents expect reduced spending on licensing.

Meanwhile, some entities have not pursued security vendor consolidation yet. They cite time constraints and rigid vendor partnerships as impeding factors. But trends in regulation, as well as rising cyber threats, make swift action all the more important.

How to consolidate cybersecurity

Two security solutions are notably effective at achieving consolidation: secure access service edge (SASE) and extended detection and response (XDR). The Gartner survey found that 41.5% of respondents planned to have implemented SASE within their organizations by the end of 2022, while 54.5% had plans to adopt XDR by the end of 2022.

“Security and risk management leaders must consider XDR and SASE as compelling options to start their consolidation journey,” said Dionisio Zumerle, VP analyst at Gartner. “SASE provides secure enterprise access, while XDR focuses on detecting and responding to threats through increased visibility on networks, cloud, endpoints and other components.”

Gartner researchers found that 57% of organizations resolved security threats faster after implementing an XDR strategy. Meanwhile, over half of the surveyed organizations use SASE projects to simplify network and security policy management and improve security posture.

Explore QRadar EDR

Old habits die hard

Despite the results of the survey, security leaders often find it difficult to embrace these improvements. Inherited architectures are a common obstacle that takes additional time to remedy. Speaking recently at the Gartner Security & Risk Management Summit in National Harbor, Leigh McMullen, Gartner VP analyst, said, “A lot of cybersecurity technology is driven by the technology choices of other parts of the enterprise.”

Nevertheless, vendors are trying to help organizations embrace centralized security solutions. Part of this may be due to looming mandates by the federal government that insist on weaving security into core products.

Despite economic headwinds, CISOs and IT decision-makers do have access to additional funding. And many seek to maximize the value of their existing security tools, as per Nuspire research. The overarching goal is to create a more streamlined and simplified security environment.

How XDR helps consolidate cybersecurity

Extended detection and response (XDR) is an open cybersecurity architecture that integrates security tools and unifies security operations across multiple security layers, including users, endpoints, email, applications, networks, cloud workloads and data. With XDR, disparate security solutions can interoperate for threat prevention, detection, investigation and response.

XDR establishes visibility between security tools and layers. This makes it easier for security teams to detect and resolve threats faster and more efficiently. XDR also facilitates the ability to capture more complete, contextual data for making better security decisions and preventing future attacks.

According to IBM’s Cost of a Data Breach, organizations with XDR deployed cut data breach lifecycles by 29 days and lowered breach costs by 9% on average compared to organizations without XDR.

How SASE helps consolidate cybersecurity

Secure Access Service Edge (SASE) is a cloud-native security solution that provides seamless and secure access to any application from any location or device. SASE combines security with wide area network (WAN) infrastructure. With SASE, software-defined wide area networking (SD-WAN) converges with cloud-delivered network security technologies, such as a cloud access security broker, firewall-as-a-service and zero trust network access. And it’s all packaged into a single, cloud-delivered service model.

SASE helps protect and safeguard network access and enables centralized and consistent access management to apps. This means rather than fighting against the challenges of remote work, SASE leverages it.

SASE provides a network access solution based on zero trust methods which can replace VPN connectivity. The result is a flexible and scalable cloud-delivered access solution that can adapt to employees working in and out of the office. At its core, SASE improves consistency within operations through convergence. SASE scales remote access infrastructure capacity, reduces latency that comes from a growing hybrid workforce and consolidates and decommissions legacy technologies.

SASE can also help enable edge computing to receive branch-to-cloud protection, and it can be used to integrate edge computing security. This, in turn, further enables other business drivers, such as IoT and 5G.

With SASE, a reduced number of unintegrated tools in the IT and security stack make up for limited technical on-site resources. With fewer tool requirements, companies reduce the cost of hiring experts. It also takes the burden off overworked IT teams.

Together or separate, but united

As per Gartner, the majority of surveyed organizations want SASE and XDR to work together. Still, some security and risk management leaders may opt to keep them distinct from one another but with interoperable capability. This approach was validated by 46% of surveyed organizations. As per Gartner experts, the SASE / XDR distinction allows for flexibility to select best-of-breed functionality.

In order to navigate an increasingly complex security landscape, a large part of the solution will be found in simplification. Consolidation makes security insight, strategy and response easier for security teams. And this gives them the upper hand in reducing the damage caused by adversary TTPs.

More from Risk Management

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

6 Principles of Operational Technology Cybersecurity released by joint NSA initiative

4 min read - Today’s critical infrastructure organizations rely on operational technology (OT) to help control and manage the systems and processes required to keep critical services to the public running. However, due to the highly integrated nature of OT deployments, cybersecurity has become a primary concern.On October 2, 2024, the NSA (National Security Agency) released a new CSI titled “Principles of Operational Technology Cybersecurity.” This new guide was created in collaboration with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD SCSC) to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today