September 21, 2023 By Jonathan Reed 4 min read

Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging.

We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. Today, cybersecurity has taken a seat in core business strategy discussions as the risks and costs have risen dramatically.

For this reason, 75% of organizations seek to consolidate the number of cybersecurity vendors they use. Driving factors include heightened concerns about operational complexity and a need to improve risk mitigation, according to Gartner research.

Security comes first

John Watts, VP analyst at Gartner, commented, “Security and risk management leaders are increasingly dissatisfied with the operational inefficiencies and the lack of integration of a heterogenous security stack. As a result, they are consolidating the number of security vendors they use.”

Gartner found that organizations want to consolidate their security vendors to reduce complexity and improve risk posture. Surprisingly, cost or procurement factors aren’t the main drivers of consolidation. With consolidation, 65% percent of surveyed organizations expect to improve their overall risk posture. But only 29% of respondents expect reduced spending on licensing.

Meanwhile, some entities have not pursued security vendor consolidation yet. They cite time constraints and rigid vendor partnerships as impeding factors. But trends in regulation, as well as rising cyber threats, make swift action all the more important.

How to consolidate cybersecurity

Two security solutions are notably effective at achieving consolidation: secure access service edge (SASE) and extended detection and response (XDR). The Gartner survey found that 41.5% of respondents planned to have implemented SASE within their organizations by the end of 2022, while 54.5% had plans to adopt XDR by the end of 2022.

“Security and risk management leaders must consider XDR and SASE as compelling options to start their consolidation journey,” said Dionisio Zumerle, VP analyst at Gartner. “SASE provides secure enterprise access, while XDR focuses on detecting and responding to threats through increased visibility on networks, cloud, endpoints and other components.”

Gartner researchers found that 57% of organizations resolved security threats faster after implementing an XDR strategy. Meanwhile, over half of the surveyed organizations use SASE projects to simplify network and security policy management and improve security posture.

Explore QRadar EDR

Old habits die hard

Despite the results of the survey, security leaders often find it difficult to embrace these improvements. Inherited architectures are a common obstacle that takes additional time to remedy. Speaking recently at the Gartner Security & Risk Management Summit in National Harbor, Leigh McMullen, Gartner VP analyst, said, “A lot of cybersecurity technology is driven by the technology choices of other parts of the enterprise.”

Nevertheless, vendors are trying to help organizations embrace centralized security solutions. Part of this may be due to looming mandates by the federal government that insist on weaving security into core products.

Despite economic headwinds, CISOs and IT decision-makers do have access to additional funding. And many seek to maximize the value of their existing security tools, as per Nuspire research. The overarching goal is to create a more streamlined and simplified security environment.

How XDR helps consolidate cybersecurity

Extended detection and response (XDR) is an open cybersecurity architecture that integrates security tools and unifies security operations across multiple security layers, including users, endpoints, email, applications, networks, cloud workloads and data. With XDR, disparate security solutions can interoperate for threat prevention, detection, investigation and response.

XDR establishes visibility between security tools and layers. This makes it easier for security teams to detect and resolve threats faster and more efficiently. XDR also facilitates the ability to capture more complete, contextual data for making better security decisions and preventing future attacks.

According to IBM’s Cost of a Data Breach, organizations with XDR deployed cut data breach lifecycles by 29 days and lowered breach costs by 9% on average compared to organizations without XDR.

How SASE helps consolidate cybersecurity

Secure Access Service Edge (SASE) is a cloud-native security solution that provides seamless and secure access to any application from any location or device. SASE combines security with wide area network (WAN) infrastructure. With SASE, software-defined wide area networking (SD-WAN) converges with cloud-delivered network security technologies, such as a cloud access security broker, firewall-as-a-service and zero trust network access. And it’s all packaged into a single, cloud-delivered service model.

SASE helps protect and safeguard network access and enables centralized and consistent access management to apps. This means rather than fighting against the challenges of remote work, SASE leverages it.

SASE provides a network access solution based on zero trust methods which can replace VPN connectivity. The result is a flexible and scalable cloud-delivered access solution that can adapt to employees working in and out of the office. At its core, SASE improves consistency within operations through convergence. SASE scales remote access infrastructure capacity, reduces latency that comes from a growing hybrid workforce and consolidates and decommissions legacy technologies.

SASE can also help enable edge computing to receive branch-to-cloud protection, and it can be used to integrate edge computing security. This, in turn, further enables other business drivers, such as IoT and 5G.

With SASE, a reduced number of unintegrated tools in the IT and security stack make up for limited technical on-site resources. With fewer tool requirements, companies reduce the cost of hiring experts. It also takes the burden off overworked IT teams.

Together or separate, but united

As per Gartner, the majority of surveyed organizations want SASE and XDR to work together. Still, some security and risk management leaders may opt to keep them distinct from one another but with interoperable capability. This approach was validated by 46% of surveyed organizations. As per Gartner experts, the SASE / XDR distinction allows for flexibility to select best-of-breed functionality.

In order to navigate an increasingly complex security landscape, a large part of the solution will be found in simplification. Consolidation makes security insight, strategy and response easier for security teams. And this gives them the upper hand in reducing the damage caused by adversary TTPs.

More from Risk Management

Operationalize cyber risk quantification for smart security

4 min read - Organizations constantly face new tactics from cyber criminals who aim to compromise their most valuable assets. Yet despite evolving techniques, many security leaders still rely on subjective terms, such as low, medium and high, to communicate and manage cyber risk. These vague terms do not convey the necessary detail or insight to produce actionable outcomes that accurately identify, measure, manage and communicate cyber risks. As a result, executives and board members remain uninformed and ill-prepared to manage organizational risk effectively.…

The evolution of ransomware: Lessons for the future

5 min read - Ransomware has been part of the cyber crime ecosystem since the late 1980s and remains a major threat in the cyber landscape today. Evolving ransomware attacks are becoming increasingly more sophisticated as threat actors leverage vulnerabilities, social engineering and insider threats. While the future of ransomware is full of unknown threats, we can look to the past and recent trends to predict the future. 2005 to 2020: A rapidly changing landscape While the first ransomware incident was observed in 1989,…

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today