There are thousands of cybersecurity vendors and providers vying for your business. But, because every organization’s security needs are unique to their business operations, there is no one-size-fits-all provider out there.
Yet, big-name security vendors are building tool hubs, where customers can acquire end-to-end cyber solutions.
Google Cloud acquired Mandiant last year, in a deal that leveled up its incident response offerings. Now, building on the integration, the firms are automating threat hunting. Already heavily embedded in enterprise tech stacks, Microsoft is rapidly growing the revenue from its security business, capitalizing on existing integrations.
While it might be easier for an organization to build its core cybersecurity system from one company, that may not provide the best option.
“With cybersecurity market consolidation, it's imperative for companies to make informed decisions when choosing providers for their core cyber systems,” said Stephen Gorham, COO at OPSWAT.
Picking core security tools is a process that requires a systematic approach to ensure all products and services align closely with the organization's cybersecurity and risk mitigation strategies.
There are some basic checklist items that will be the foundation of any security system. Corey Nachreiner, CSO at WatchGuard Technologies, says that before vendor shopping, decision makers need to consider:
- Industry compliance helps dictate which cybersecurity controls or systems are important and necessary to the company and tends to cover baseline security controls.
- Insurers have started requiring specific cybersecurity controls to qualify for certain coverages. For instance, multifactor authentication, endpoint protection with endpoint detection and response (EPP/EDR), and vulnerability assessment solutions are all heavily required by cyber insurers.
- ROI and ease-of-use and deployment that may include unified offerings, automation, and consolidation.
- Formalized cybersecurity risk frameworks, like NIST, ISO, or the SANS CIS Controls help drive organizations toward the right cybersecurity controls.
The must haves
Once the foundation is in place and the decision makers understand the functions of the core system, there will be some must haves, though it's best to not go overboard.
Compare cybersecurity tool shopping with food shopping, recommended Chris Roberts, CISO at Boom Supersonic. Never shop hungry.
“In the digital realm this means going out armed with questions, focus areas, and knowing what problem you are looking at solving,” said Roberts.
From a core tool standpoint, Roberts looks at data, users, metrics and touch points.
“What do I have, where is it, who’s using it, who should be using it, and what are they doing with it — answer those and you are part way towards dealing with the basics in information security,” said Roberts.
Because there are so many solutions out there, it’s important to have a strategic cybersecurity management platform that sits above the security tech stack and delivers meaningful insights as to what’s working, what’s not, where visibility is strong and where visibility is lacking.
“We need an effective platform that brings all of this together – a single place to understand the current landscape and what I need to focus on, deal with, or communicate throughout the chain of command,” said Roberts.
And yes, expect large language models to play a greater role in core security systems going forward. Integrating LLMs into core tools could help analyze large amounts of data faster.
“Being able to query big data using natural language has been a game changer in term[s] of quickly identifying anomalies in our data sets,” said Josh Amishav-Zlatin, founder and CEO at Breachsense.
How consolidation impacts vendor selection
Market consolidation can disrupt service levels, pricing and product focus. It can also impact integration of new systems with current tools.
“When a provider is bought, normally we review our contract and try to have an open dialogue to understand their new roadmap,” said Roberts. Sticking with the provider or switching ultimately depends on how their changes align with the organization’s needs and contractual flexibility.
Consolidation can make the process of choosing core systems easier. The biggest cybersecurity players are adding missing pieces when they are consolidating.
“This benefits me but the caveat is that if I need something very specific, I won’t find that from the big players – I’m going to find that from a niche player,” said Roberts.
That said, this niche player does need to integrate with consolidated, larger platforms or else, they’re not going to be a good fit, Roberts added.