Global businesses prioritize merging security providers on a wide scale

In the face of increasing cybersecurity threats and complex security environments, a growing number of organizations are turning to vendor consolidation to improve the productivity of their security staff, the efficacy of their security stack, and visibility and reporting. According to a recent report by Gartner, 75% of organizations are working to reduce the number of cybersecurity vendors they use, up from 29% in 2020.

Peter Firstbrook, VP analyst at Gartner, highlighted the primary reason for this trend, stating that it is driven by the need to improve productivity, efficacy, and visibility. Eric Bell, managing director at Progress Partners, echoed this sentiment, adding that the need for integrated security technology has fuelled much of the recent wave of M&A activity among cybersecurity vendors.

The research, conducted during March and April, was based on 418 respondents in North America, the Asia-Pacific region, Europe, the Middle East, and Africa. The online survey for the Gartner research project describing the trend toward vendor consolidation and the pursuit of an integrated security stack among IT security leaders was conducted from January to February 2023.

One of the key drivers behind this shift is the evolving role of Chief Information Security Officers (CISOs). Corporate stakeholders want to better understand the risk calculus of their technology stacks, answering the question: Are we a target? As such, CISOs are increasingly focusing on providing integrated security solutions that can offer a comprehensive view of an organization's security posture.

Bell mentioned that CISOs often prefer to work with one integrated platform provider who has already done the work to integrate its toolset. This preference is further supported by more than three-quarters of information security professionals, who want to see support for open standards, allowing security technologies to work in a more integrated manner.

Organizations are pursuing extended detection and response (XDR) technology for endpoints and secure access service edge (SASE) for edge connectivity and security on the back end. This shift towards integrated solutions is not limited to specific vendors, as CrowdStrike has recently echoed similar demands from customers regarding the need for a more integrated security stack.

Interestingly, budget constraints were not a major issue for most organizations pursuing vendor consolidation. This suggests that while cost savings may not be the primary driver, the benefits of improved productivity, efficacy, and visibility outweigh the costs.

However, one challenge that remains is the shortage of security operations staff. Security operations staff remain desperately short-handed, and the shift towards integrated solutions may help alleviate this issue by reducing the complexity of managing multiple vendors and tools.

The trend towards vendor consolidation and the pursuit of integrated security solutions is a response to the increased cybersecurity threats faced by organizations. With a rapid increase in malicious cyberattacks on U.S. organizations, including ransomware attacks and exploitation of software vulnerabilities, it is clear that this trend is not just a passing fad, but a necessary evolution in the cybersecurity landscape.

A July study by the Information Systems Security Association and Enterprise Strategy Group showed that nearly half of organizations were pursuing vendor consolidation, further supporting the notion that this trend is gaining momentum. As the cybersecurity landscape continues to evolve, it is likely that we will see more organizations following suit in their pursuit of integrated security solutions.