Cybersecurity Professionals Push Their Organizations Toward Vendor Consolidation and Product Integration

EWTON, Mass. & VIENNA, Va.–(BUSINESS WIRE)–Pushed by safety operations complexity, practically half (46%) of organizations are consolidating or plan on consolidating the variety of distributors they do enterprise with. Because of this drive towards safety expertise consolidation, 77% of infosec professionals want to see extra {industry} cooperation and help for open requirements selling interoperability. As 1000’s of cybersecurity expertise distributors compete towards one another throughout quite a few safety product classes, organizations are aiming to optimize all safety applied sciences of their stack directly, and distributors that help open requirements for expertise integration will likely be finest positioned to fulfill this modification within the {industry}, in line with a brand new annual world research of cybersecurity professionals by the Data Techniques Safety Affiliation (ISSA) and unbiased {industry} analyst agency Enterprise Technique Group (ESG).

The brand new analysis report, Know-how Views from Cybersecurity Skilleds, surveyed 280 cybersecurity professionals, which have been primarily ISSA members, centered on safety processes and applied sciences and revealed that 83% of safety professionals imagine that future expertise interoperability relies upon upon established {industry} requirements. The report reveals a cybersecurity panorama that appears favorably in direction of safety product suites (or platforms) because it strikes away from a defense-in-depth technique primarily based on deploying best-of-breed cybersecurity merchandise; a historic precedent that has steadily elevated organizational complexity and contributed to substantial operations overhead.

From Greatest-of-Breed to Built-in Platforms

Safety professionals have lengthy believed that buying best-of-breed merchandise supplied one of the best total defense-in-depth. Nevertheless, because the variety of safety merchandise has skyrocketed, many organizations handle 25 or extra unbiased safety instruments—an strategy that comes with substantial operations overhead.

Safety professionals recognized quite a few issues related to managing an assortment of safety merchandise from completely different distributors similar to elevated coaching necessities, problem getting a holistic image of safety, and the necessity for guide intervention to fill the gaps between merchandise. Because of these points, 21% of organizations are consolidating the variety of distributors they do enterprise with and 25% are contemplating consolidating.

Most typical causes for vendor consolidation

• Operational efficiencies realized by safety and IT groups (65%)
• Tighter integration between beforehand disparate safety controls (60%)
• Improved menace detection effectivity (i.e., correct high-fidelity alerts, higher cyber-risk identification, and many others.) (51%)

As well as:

• 53% have a tendency to buy or will sooner or later buy safety expertise platforms quite than best-of-breed merchandise
• 84% imagine {that a} product’s integration capabilities are essential and 86% of respondents say it’s both vital or essential that best-of-breed merchandise are constructed for integration with different merchandise
• After value (46%), product integration capabilities are crucial safety product consideration for 37% of safety professionals

Evaluating “enterprise-class” safety distributors

Because the safety expertise market consolidates, “facilities of gravity” will turn out to be established round a number of giant distributors and have an effect on future shopping for methods; organizations will place extra bets on fewer safety expertise distributors. In line with cybersecurity professionals, crucial attributes for an enterprise-class cybersecurity vendor are:

• A confirmed monitor file of executing its cybersecurity product roadmap and technique (34%)
• Offers merchandise designed for enterprise-scale, integration, and enterprise course of necessities (33%)
• Dedication to lowering operational complexity, reducing value of possession (31%)

“Given that almost three-fourths (73%) of cybersecurity professionals really feel that distributors interact in hype over substance, the distributors that show a real dedication in direction of supporting open requirements will likely be finest positioned to outlive the industry-wide consolidation happening,” mentioned Sweet Alexander, Board President, ISSA Worldwide. “CISOs have been so overburdened with vendor noise and coping with safety ‘instrument sprawl’ that for a lot of a wave of vendor consolidation is sort of a breath of recent air.”

“The report reveals an enormous change happening throughout the {industry}, one which for a lot of looks like a very long time coming,” mentioned Jon Oltsik, Senior Principal Analyst and ESG Fellow. “The truth that 36% of organizations is likely to be prepared to purchase most safety applied sciences from a single vendor speaks volumes to the shift in buying conduct as CISOs are brazenly contemplating safety platforms in lieu of best-of-breed level instruments.”

After reviewing this information, ESG and ISSA advocate that organizations push their safety distributors to undertake open {industry} requirements, presumably in cooperation with {industry} ISACs. There are a number of established safety requirements from MITRE, OASIS, and the Open Cybersecurity Alliance (OCA), out there, and whereas many distributors converse favorably of open requirements, most don’t actively take part or contribute to them.

This lukewarm conduct might change rapidly, nevertheless, if cybersecurity professionals—particularly these at organizations giant sufficient to ship a sign to the market—set up finest practices for vendor qualification with course of necessities that embrace adopting and growing open requirements for expertise integration as a part of the excellent course of for all safety expertise procurement.

The complete report might be downloaded right here.

About ESG

Enterprise Technique Group (ESG) is an built-in expertise evaluation, analysis, and technique agency offering market intelligence, actionable perception, and go-to-market content material providers to the worldwide expertise neighborhood. It’s more and more acknowledged as one of many world’s main analyst companies in serving to expertise distributors make strategic selections throughout their go-to-market applications by way of factual, peer-based analysis. ESG is a division of TechTarget, Inc. (Nasdaq: TTGT), the worldwide chief in buy intent-driven advertising and marketing and gross sales providers centered on delivering enterprise influence for enterprise expertise corporations.

About ISSA

The Data Techniques Safety Affiliation (ISSA)™ is the neighborhood of selection for worldwide cyber safety professionals devoted to advancing particular person progress, managing expertise danger, and defending vital data and infrastructure. ISSA members and award winners embrace lots of the {industry}’s notable luminaries and signify a broad vary of industries – from communications, schooling, healthcare, manufacturing, monetary and consulting to IT – in addition to federal, state and native authorities departments and businesses. By means of regional chapter conferences, conferences, networking occasions and content material, members faucet right into a wealth of shared data and experience. Observe us on Twitter at @ISSAINTL. Be taught extra about ISSA.