3 cybersecurity vendor strategies to know

3 cybersecurity vendor strategies to know

What Steve Jobs did for consolidation with the iPhone, many organizations are now looking to do with their security vendors.

When Jobs introduced the iPhone, he showed how Apple was able to consolidate different devices-a telephone, a computer/internet communicator, and the company's own iPod-into one handheld machine.

Similarly, security teams believe that focusing their security tools to a few vendors in key areas will reduce complexity and improve their overall security posture. As early as 2022, Gartner found that 75% of companies planned to pursue security vendor consolidation, a 29% increase from two years earlier.¹ According to Gartner, security leaders have grown dissatisfied with inefficiencies and a lack of integration when using a wide variety of security vendors.

Consolidation isn't the only idea out there. Different strategies and trends aimed at improving security posture and operational efficiency are cropping up, including convergence and platformization. Understanding their differences is the first step to realizing the benefits each can offer.

1. Consolidation: One tool to rule them all

Consolidation is a strategic partnership between the organization and its vendors. While mergers and acquisitions have bolstered many large security vendors' offerings with the intention of the "one-stop shop," the reality is that all your organization's individual needs aren't going to be met with a single vendor. Your industry or your services will likely require multiple vendors. Consolidating to a few, well-selected partnerships will offer improvements, such as:

• Improved efficiency
• Lower costs (since you may be able to negotiate better prices)
• Stronger partner relationships
• Decreased risks of supply chain vulnerabilities

But is vendor consolidation enough? In today's threat landscape, the answer is no. Organizations need to look beyond the consolidation of tools and systems and begin thinking in terms of convergence.

2. Convergence: Breaking down barriers

The Cybersecurity & Infrastructure Security Agency (CISA) describes security convergence as "the formal collaboration between previously disjointed security functions … Convergence also encourages information sharing and developing unified security policies across security divisions."²

IT and security systems are often siloed, and physical security is kept separate from information security. Security convergence uses a holistic approach to integrating security strategies, tools, and management into a single, comprehensive system. Whereas consolidation is about reducing numbers and eliminating redundancy (e.g., going from 8 systems to 2), convergence is about extracting more value by integrating systems-which may or may not include getting rid of systems.

Security convergence offers the following advantages:

• Enhanced security with a shared network and resources, which more effectively detects and mitigates threats
• Operational efficiency by combining multiple functions into a single system, which reduces redundancy and improves performance
• Improved innovation thanks to new capabilities offered by system integration
• Streamlined governance and compliance practices
• Better overall management and detection of insider threats

However, it's important to note that convergence done right is not an easy thing to execute. Open APIs are great … until someone gets hurt. A jack-of-all-technologies MSSP can promise integrations for all, but may gloss over the crucial fact that every API is different. If we imagine integrations as building blocks: Some MSSPs may be trying to piece together Legos, Lincoln Logs, and K'Nex. To get to a true connection (Lego to Lego, for example), an API requires writing a custom connector, testing it, then maintaining it as the API is updated. The same goes for log format changes. And this is all before becoming fully operational. If you choose the path of convergence for your organization, make sure you read the instructions on the building blocks that make up your provider's solution.

3. Platformization: A streamlined defense

How do these terms relate to a platform approach to cybersecurity?

• Consolidation requires moving to a platform; for example, getting rid of four software vendors for the one vendor platform that provides what you need.
• Convergence, on the other hand, is the creation of a platform that builds the foundation for your security program.

Platformization prioritizes the creation of a unified, scalable, and flexible platform that can strengthen various security functions and adapt to evolving threats. The goal is to simplify security management, enhance collaboration between different security controls, and leverage automation and intelligence for better threat detection and response.

Which strategy is best for my organization?

All strategies aim to improve the efficiency and effectiveness of cybersecurity measures in an increasingly complex threat landscape, but they approach the problem from different angles. The original iPhone consolidated three popular devices into something more efficient to operate, but it also converged everyday tasks into something revolutionary and infinitely more useful than the sum of its parts. This is the opportunity the modern threat landscape presents to security systems today.

¹"Gartner Survey Shows 75% of Organizations Are Pursuing Security Vendor Consolidation in 2022," Gartner, September 13, 2022.

²"Cybersecurity and Physical Security Convergence," Cybersecurity & Infrastructure Security Agency (CISA), January 5, 2021.

Looking for a comprehensive managed service provider?

SEI Sphere's all-in-one MDR platform existed before consolidation, convergence, and platformization were trending. Contact us today to learn more.