September 21, 2023 By Jonathan Reed 4 min read

Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging.

We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. Today, cybersecurity has taken a seat in core business strategy discussions as the risks and costs have risen dramatically.

For this reason, 75% of organizations seek to consolidate the number of cybersecurity vendors they use. Driving factors include heightened concerns about operational complexity and a need to improve risk mitigation, according to Gartner research.

Security comes first

John Watts, VP analyst at Gartner, commented, “Security and risk management leaders are increasingly dissatisfied with the operational inefficiencies and the lack of integration of a heterogenous security stack. As a result, they are consolidating the number of security vendors they use.”

Gartner found that organizations want to consolidate their security vendors to reduce complexity and improve risk posture. Surprisingly, cost or procurement factors aren’t the main drivers of consolidation. With consolidation, 65% percent of surveyed organizations expect to improve their overall risk posture. But only 29% of respondents expect reduced spending on licensing.

Meanwhile, some entities have not pursued security vendor consolidation yet. They cite time constraints and rigid vendor partnerships as impeding factors. But trends in regulation, as well as rising cyber threats, make swift action all the more important.

How to consolidate cybersecurity

Two security solutions are notably effective at achieving consolidation: secure access service edge (SASE) and extended detection and response (XDR). The Gartner survey found that 41.5% of respondents planned to have implemented SASE within their organizations by the end of 2022, while 54.5% had plans to adopt XDR by the end of 2022.

“Security and risk management leaders must consider XDR and SASE as compelling options to start their consolidation journey,” said Dionisio Zumerle, VP analyst at Gartner. “SASE provides secure enterprise access, while XDR focuses on detecting and responding to threats through increased visibility on networks, cloud, endpoints and other components.”

Gartner researchers found that 57% of organizations resolved security threats faster after implementing an XDR strategy. Meanwhile, over half of the surveyed organizations use SASE projects to simplify network and security policy management and improve security posture.

Explore QRadar EDR

Old habits die hard

Despite the results of the survey, security leaders often find it difficult to embrace these improvements. Inherited architectures are a common obstacle that takes additional time to remedy. Speaking recently at the Gartner Security & Risk Management Summit in National Harbor, Leigh McMullen, Gartner VP analyst, said, “A lot of cybersecurity technology is driven by the technology choices of other parts of the enterprise.”

Nevertheless, vendors are trying to help organizations embrace centralized security solutions. Part of this may be due to looming mandates by the federal government that insist on weaving security into core products.

Despite economic headwinds, CISOs and IT decision-makers do have access to additional funding. And many seek to maximize the value of their existing security tools, as per Nuspire research. The overarching goal is to create a more streamlined and simplified security environment.

How XDR helps consolidate cybersecurity

Extended detection and response (XDR) is an open cybersecurity architecture that integrates security tools and unifies security operations across multiple security layers, including users, endpoints, email, applications, networks, cloud workloads and data. With XDR, disparate security solutions can interoperate for threat prevention, detection, investigation and response.

XDR establishes visibility between security tools and layers. This makes it easier for security teams to detect and resolve threats faster and more efficiently. XDR also facilitates the ability to capture more complete, contextual data for making better security decisions and preventing future attacks.

According to IBM’s Cost of a Data Breach, organizations with XDR deployed cut data breach lifecycles by 29 days and lowered breach costs by 9% on average compared to organizations without XDR.

How SASE helps consolidate cybersecurity

Secure Access Service Edge (SASE) is a cloud-native security solution that provides seamless and secure access to any application from any location or device. SASE combines security with wide area network (WAN) infrastructure. With SASE, software-defined wide area networking (SD-WAN) converges with cloud-delivered network security technologies, such as a cloud access security broker, firewall-as-a-service and zero trust network access. And it’s all packaged into a single, cloud-delivered service model.

SASE helps protect and safeguard network access and enables centralized and consistent access management to apps. This means rather than fighting against the challenges of remote work, SASE leverages it.

SASE provides a network access solution based on zero trust methods which can replace VPN connectivity. The result is a flexible and scalable cloud-delivered access solution that can adapt to employees working in and out of the office. At its core, SASE improves consistency within operations through convergence. SASE scales remote access infrastructure capacity, reduces latency that comes from a growing hybrid workforce and consolidates and decommissions legacy technologies.

SASE can also help enable edge computing to receive branch-to-cloud protection, and it can be used to integrate edge computing security. This, in turn, further enables other business drivers, such as IoT and 5G.

With SASE, a reduced number of unintegrated tools in the IT and security stack make up for limited technical on-site resources. With fewer tool requirements, companies reduce the cost of hiring experts. It also takes the burden off overworked IT teams.

Together or separate, but united

As per Gartner, the majority of surveyed organizations want SASE and XDR to work together. Still, some security and risk management leaders may opt to keep them distinct from one another but with interoperable capability. This approach was validated by 46% of surveyed organizations. As per Gartner experts, the SASE / XDR distinction allows for flexibility to select best-of-breed functionality.

In order to navigate an increasingly complex security landscape, a large part of the solution will be found in simplification. Consolidation makes security insight, strategy and response easier for security teams. And this gives them the upper hand in reducing the damage caused by adversary TTPs.

More from Risk Management

Water facilities warned to improve cybersecurity

3 min read - United States water facilities, which include 150,000 public water systems, have become an increasingly high-risk target for cyber criminals in recent years. This rising threat has demanded more attention and policies focused on improving cybersecurity.Water and wastewater systems are one of the 16 critical infrastructures in the U.S. The definition for inclusion in this category is that the industry must be so crucial to the United States that “the incapacity or destruction of such systems and assets would have a…

Working in the security clearance world: How security clearances impact jobs

2 min read - We recently published an article about the importance of security clearances for roles across various sectors, particularly those associated with national security and defense.But obtaining a clearance is only part of the journey. Maintaining and potentially expanding your clearance over time requires continued diligence and adherence to stringent guidelines.This brief explainer discusses the duration of security clearances, the recurring processes involved in maintaining them and possibilities for expansion, as well as the economic benefits of these credentialed positions.Duration of security…

Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709

4 min read - On February 19, ConnectWise reported two vulnerabilities in its ScreenConnect product, CVE-2024-1708 and 1709. The first is an authentication bypass vulnerability, and the second is a path traversal vulnerability. Both made it possible for attackers to bypass authentication processes and execute remote code.While ConnectWise initially reported that the vulnerabilities had proof-of-concept but hadn’t been spotted in the wild, reports from customers quickly made it clear that hackers were actively exploring both flaws. As a result, the company created patches for…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today