A growing trend in the cybersecurity industry is the bundling of different point solutions into an umbrella platform from a single vendor that handles various aspects of cybersecurity, from endpoint protection to cloud-native security tools to automated detection and response.
Part of the impetus for this trend comes as a push from the larger vendors, who of course want to capture more market share. But there's also a pull from the customer base as many companies find they've got just too many cybersecurity vendors.
A recent Check Point survey found that "27% of companies of more than 5,000-10,000 employees used between 11 and 40 plus vendors." Almost all respondents (98%) said their companies used multiple consoles to manage security operations, and 79% said it was challenging to work with multiple security vendors.
"When asked what they believe would be the best approach for improving security in their organizations," the Check Point report added, "69% [of respondents] prioritized consolidating to fewer security vendors."
In a Gartner survey, more than half (57%) of responding organizations said they were already working with 10 or fewer cybersecurity vendors. It also found that improved risk posture, not cost, was the primary driver for this consolidation.
"If it's from a single vendor, then you're actually improving your efficiency, because there are a lot fewer skills that you need in your security team to manage all these different [tools]," Aviv Abramovich, Head of Security Services Product Management at Check Point, tells us.
However, bundling as many of your cybersecurity tools as possible into a single platform isn't a no-brainer. There are many pros and cons. Let's get the bad news out of the way first and start with the cons.
The potential downsides of vendor consolidation
Lack of diversification
The most obvious risk to gathering all your cybersecurity tools into just a few platforms, or even just one platform, is the reduction in supplier diversification. You may not want to put all your eggs in one basket, so to speak.
One recommended long-term strategy for companies in the wake of July's CrowdStrike outage is to diversify the vendor base to minimize the impact of future outages and eliminate the risk of a single point of failure.
Granted, since no single vendor platform (yet) offers all the cybersecurity tools a large company would need, that scenario may still be only hypothetical.
Vendor lock-in
A related risk is lack of flexibility and choice if your organization becomes too tightly bound to a single vendor or a small group of vendors. Long-term contracts may hinder your future options; lack of innovation on a vendor's part may negatively impact your security posture. You'll also lose some bargaining power if you can't use competing offers to negotiate pricing terms.
However, few solution-bundling vendors will insist that you take their whole package. Most good vendors will understand that you've already got some point solutions that you're happy with and would like to keep. They'll work with you to make sure your old solutions integrate with their offerings.
"Vendor lock-in happens when you don't have a good alternative," says Check Point's Abramovich. "We don't expect that a customer will adopt everything from us, or that they have to adopt everything from Check Point in order to achieve better security."
Bundled point solutions may not be best-of-breed
Every cybersecurity company has its strengths and its weaknesses. A given company will probably excel at the aspect of cybersecurity it started out practicing, such as cloud security or identity and access management. It may also do well in a different aspect of the field if it acquires another company that focuses on that.
But if a company expands organically into a sector of cybersecurity where it's never gone before, can you be certain that its offering is the best available? Or would it be better to go with a tried-and-true leader in that segment?
Check Point's Abramovich acknowledges that many vendors have a cybersecurity comparative advantage and that customers will want to, well, take advantage of it.
"There are companies that are very good at managing identities," he says. "You would use them as an identity [provider]. And you would use, let's say, Check Point for network security."
You might want to retain separate point solutions for specialized tasks, Abramovich says, especially if a cybersecurity vendor also provides non-security services. Different pieces of software have different purposes, and you want to make sure that each purpose benefits you as much as possible.
"You probably want to use separate vendors for security and networking," he says. "Security needs to protect the network, and the network just wants to connect everywhere as best as it can."
The benefits of bundling your security tools
Now let's get to the many pros of cybersecurity vendor consolidation.
Fewer vendors and contracts
At a time when many companies feel they just have too many balls in the air, cutting down on the number of cybersecurity vendors — and cybersecurity service agreements — is a good way to reduce aggravation. You'll develop better relationships with the vendors you choose to keep working with, and your CISO will get more sleep.
Cost reductions and simpler budgeting
If you consolidate your security tools into fewer vendors, you should (at least in theory) see some reduction in cost. (If not, maybe you need to play a little more hardball in negotiations.) But either way, it will be a lot easier to draw up the next quarter's budget.
Less need for constant staff re-training
If your security practitioners need to use fewer tools, they won't need as wide a skill set. They'll also need less retraining as tools are updated and upgraded. But this shouldn't be an excuse to start trimming headcount. Rather, use it as an opportunity to make sure the personnel you have now can get even better at their jobs.
A reduced rate of patches and updates
Less software means fewer patches and updates to worry about. If you're running 50 different cybersecurity tools, you'll likely have to run updates several times a week; if you're running only 10, your patch workload will be appropriately reduced.
Reduced misconfiguration and non-compliance
Less software also means that you're less likely to get something wrong. That's especially true if your security staffers (or anyone who can spin up a new cloud instance) are well trained in the few things they have to use, rather than a whole bunch of things they'll rarely use. Getting it right more often also greatly reduces the risk of falling out of regulatory compliance by mistake.
Improved compatibility among different point solutions
It goes without saying that the different point solutions bundled into a single platform will (or should) work well with each other. A corollary is that the point solutions that aren't part of the single platform will also have to be compatible with fewer other pieces of software, resulting in a smaller set of application-program interfaces (APIs) to worry about and greater efficiency all around.
Increased efficiency of automated detection and response
Greater compatibility means smoother interoperation among the different point solutions. This in turn leads to more opportunity for automation, which is where the real gains in cybersecurity can be found.
If you can set up your security software to orchestrate operations among different point solutions and automatically take the initial steps toward mitigation when an incident is detected, you'll free up your security personnel to spend more time on the tough stuff instead of chasing down minor annoyances.
Fewer panes of glass to monitor, and much more to see
Consolidating your security tools means that your security staffers will need to monitor fewer screens and will get the information they need more quickly. Greater interoperability among the different point solutions will also give the security team greater visibility into your operations so that anomalies and incidents can be noticed and remediated more quickly.
"If you don't see that whole end-to-end event, you're only dealing with the symptoms," says Abramovich. "If you have the visibility end-to-end, you have much better security."
Less alert noise
Fewer security tools, fewer screens, greater visibility, greater interoperability and more automation should add up to a lot less security-alert noise to aggravate your security personnel. Less noise means fewer distractions and more time to focus on the truly serious incidents and issues.
You still have a choice
Whichever way you decide to go, the details are entirely up to you, whether it's keeping many of your point solutions or bundling as many of them as you can into a few platforms. A good vendor that offers a consolidated solution should let you pick and choose which features you want and offer to work with the competing solutions that you decide to keep.
"I don't force you to run Check Point on your endpoint or your cloud," Abramovich says. "I recommend it. It's better if you do it — you'll have a better experience and better security as a result. But if you choose to use other vendors, we will work with them together in the same way."
