Why are we still facing so many security products and vendors?

Jean-Christophe Gaillard Jean-Christophe Gaillard
October 1, 2019 Big Data, Cloud & DevOps

A symptom of the unhealthy relationship between cyber security and large firms

As we reach one of the high points of each year’s conference season, one has to reflect once more on the staggering number of products and vendors active across the cybersecurity space.

Once again, they will line up in their hundreds at Infosec in London and elsewhere. Of course, not all of them are making money; many are still burning the cash of their generous VCs, but the fact that such a crowded market still attracts large amounts of investment is still – in itself – bewildering.

In addition, many of those products still aim to address security requirements which are as old as security good practices themselves, for example across segments such as Incident and Event Management or Identity & Access Management.

To see those segments so fragmented across so many players after 15 or 20 years of evolution is not the sign of a healthy marketplace.

They should have consolidated years ago and each should be dominated by a few players – in addition to the usual big names – all bound by healthy competition.

The fact that it’s not the case simply tell us that buyers are not serious: They do not buy those products because they address a real business need: They only buy those products to put ticks in compliance boxes, to close down some audit points or in support of somebody’s pet project. Or very often, in reactive mode, under pressure to show responsiveness after an incident and without any attempt – or time –  to analyse the market, compare offerings and structure a defensive strategy.

Even if the “tick-in-the-box” market is huge – and GDPR has just made it bigger – in the long-term, nobody wins at that game: Product development ends up driven by regressive compliance-led dynamics, instead of positive dynamics aimed at countering ever-evolving threats, poorly-protected buyers get breached and the industry at large stagnates.

In many large organisations, the situation has reached astounding levels: The 2019 Cisco CISO benchmark study highlights that 37% of respondents have more than 10 security vendors to manage (3% have more than 50 !!!)

“Best-of-breed” may be an interesting concept in the security space, but as we pointed out above, it is rarely the real reason behind product proliferation, and in practice, it presents operational teams with considerable challenges: How to orchestrate an efficient incident response when the data you need is scattered across so many platforms? How to build an effective and meaningful reporting capability?

And the situation is often compounded by the fact that many security tools only end up partially deployed, or simply covering a fraction of the estate – functionally or geographically.

Firms which find themselves in that mess must stop buying more tech, look back at their genuine security requirements in relation to the threats they face and start building a consolidation strategy.

They should also look beyond the products marketplace and consider the ever-growing services offerings in that space. MSSPs have been active for over 15 years but the cloud has also facilitated the emergence of a number of new players in recent years.

Consolidation and integration become key factors, as the “when-not-if” paradigm around cyber attacks takes centre-stage with senior executives and their focus shifts away from risk and compliance, towards execution and delivery.

All those who have been riding the compliance wave should bear that in mind.

  • Experfy Insights

    Top articles, research, podcasts, webinars and more delivered to you monthly.

  • Jean-Christophe Gaillard

    Tags
    Big Data & Technology
    Leave a Comment
    Next Post
    The Hidden Risk of AI and Big Data

    The Hidden Risk of AI and Big Data

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    More in Big Data, Cloud & DevOps
    Big Data, Cloud & DevOps
    Cognitive Load Of Being On Call: 6 Tips To Address It

    If you’ve ever been on call, you’ve probably experienced the pain of being woken up at 4 a.m., unactionable alerts, alerts going to the wrong team, and other unfortunate events. But, there’s an aspect of being on call that is less talked about, but even more ubiquitous – the cognitive load. “Cognitive load” has perhaps

    5 MINUTES READ Continue Reading »
    Big Data, Cloud & DevOps
    How To Refine 360 Customer View With Next Generation Data Matching

    Knowing your customer in the digital age Want to know more about your customers? About their demographics, personal choices, and preferable buying journey? Who do you think is the best source for such insights? You’re right. The customer. But, in a fast-paced world, it is almost impossible to extract all relevant information about a customer

    4 MINUTES READ Continue Reading »
    Big Data, Cloud & DevOps
    3 Ways Businesses Can Use Cloud Computing To The Fullest

    Cloud computing is the anytime, anywhere delivery of IT services like compute, storage, networking, and application software over the internet to end-users. The underlying physical resources, as well as processes, are masked to the end-user, who accesses only the files and apps they want. Companies (usually) pay for only the cloud computing services they use,

    7 MINUTES READ Continue Reading »

    About Us

    Incubated in Harvard Innovation Lab, Experfy specializes in pipelining and deploying the world's best AI and engineering talent at breakneck speed, with exceptional focus on quality and compliance. Enterprises and governments also leverage our award-winning SaaS platform to build their own customized future of work solutions such as talent clouds.

    Join Us At

    Contact Us

    1700 West Park Drive, Suite 190
    Westborough, MA 01581

    Email: support@experfy.com

    Toll Free: (844) EXPERFY or
    (844) 397-3739

    © 2023, Experfy Inc. All rights reserved.