The history of security purchasing centers around best-of-breed products. With each requirement, security professionals would research products, review third-party tests, bring in products for internal testing, and buy those that exhibited a superior ability to prevent, detect, or respond to cyber attacks.
Fast forward to 2018, and the cybersecurity market is in a state of transition. Over many years, large organizations have accumulated numerous independent security products, making security operations extremely difficult. ESG research indicates that 36 percent of organizations use between 25 and 49 individual security technologies (i.e. commercial, open source, and homegrown security technologies), while 19 percent use more than 50 products. (Note: I am an employee of ESG.) Security operations challenges have prompted a wave of security consolidation — 22 percent of organizations are actively consolidating security technologies (and vendors) “on a large-scale basis,” while 44 percent are consolidating on a limited basis.