Security vendor consolidation or best of breed? Why you must do both

Trends in cybersecurity (like many areas of technology and life) tend to make pendulum-like swings over time. One such shifting debate is around security tool philosophy: is it best to use an array of best-in-class tools or consolidate to a single, “do it all” security platform?

I argue that it is essential to planfully and strategically implement a hybrid approach. By combining some best-of-class tools with integrated platforms, you can eliminate the chaos of countless single tools and embrace the advanced benefits of today’s platforms, while still having some high-value, niche solutions to provide the necessary layers of protection for the security armor. It’s important to avoid dependence on a single vendor to also avoid implementing that vendor’s weaknesses/blind spots across the enterprise; yet these solutions offer many advantages.

While IT teams may lean toward a single-vendor approach for time savings and convenience, employing a hybrid approach enables overall security strength through diversity as well as an increase in management simplicity. Regardless of approach, tools, or platform, the final architecture must be well-orchestrated and properly configured or you could be left exposed.

The “Patchwork of Tools Approach”

Many companies have arrived at a large host of security tools because of hyper-growth; others through M&A activity; some have reactively purchased tools to fill gaps as discovered (read: they lacked a strategic security architecture plan); and a few have deliberately chosen this path to ensure the best tool on the market is applied to each specific risk mitigation task.

Having such a wide swath of tools greatly increases the costs and time of tool acquisition, maintenance, and management. Additionally, many companies have considerable difficulties hiring and retaining staff long enough for them to become experts in the expansive blend.

There are other issues with a “one tool for each task” approach: the tools waste capital through ill-considered overlap while also leaving gaps in security. They also create too many alerts to manage effectively.

Is Consolidating Vendors the Answer?

Over the past few years, vendor consolidation has been the dominant trend to address the pains associated with the whopping average of 45 security tools deployed per organization. Some experts estimated that up to three-quarters of organizations were working to consolidate vendors/tools to solve complexity. Security platforms, armed with automation and AI, do provide many advantages in management simplicity and integration as well as helping address the lack of staffing that can be fully trained on an abundance of disparate tools.

However, we believe it is essential to provide layers of security -- redundant, overlapping tools, people, and processes to avoid simplicity from the threat actor’s view. If it is simple for you, it is also simpler for a threat actor to penetrate and traverse. Rather than ripping out and replacing all your legacy investments in best-of-breed tools, we recommend first assessing your current environment and legacy tools estate. By potentially combining some of those tools with the latest platform advances, you may be able to arrive at a sweet spot of improved management simplicity and well-considered redundancies. This enables you to avoid moving to a single vendor, which could mean implementing the same weaknesses across the enterprise, while also making use of specialized, quality products you have already invested in. A third-party expert assessment firm can help you identify your gaps, technology assets, and needs if you lack this expertise in house.

Any Final Architecture -- Regardless of Approach -- Must Be Fine Tuned

Neither individual tools nor platforms will secure your organization if they are not configured and orchestrated properly. No tools come out of the box fully configured for maximum security. Further, they must be continually fine-tuned and adjusted along with the changing tactics of threat actors. There are no “set it and forget it” solutions. While you are working toward simplicity, it’s important to note that good security is complex—that is unlikely to change anytime soon.

The Pendulum Is Swinging

We are already seeing some predictions that the vendor consolidation trend may see some correction in 2024 due to concerns of vendor lock in and lack of security diversification. But with a good blend of platform plus best-of-breed tools (carefully selected in the most-targeted areas of security), you can arrive at a strong security stance and architecture, aiming for relatively reduced complexity and a strategic approach to your continually evolving security.

Image Credit: Alexandersikov/Dreamstime.com

Maria Chachas is Chief Operating Officer, Conversant Group.