Cybersecurity Technology Consolidation – A Balanced View
For decades, organizations have relied on a best-of-breed cybersecurity strategy, layering dozens of specialized tools to combat emerging threats—often prioritizing maximum protection over cost and complexity. Today, shifting executive mindsets, outcome-driven metrics, and the rise of integrated security platforms are challenging whether more tools truly mean better protection, ushering in a “minimum effective” approach focused on measurable results and streamlined defense.
https://delivery-p155402-e1860468.adobeaemcloud.com/adobe/assets/urn:aaid:aem:64c574ea-9609-4c6b-a8cf-3f78de1f438c/as/Blog-Security-2024-09-05-AdobeStock-818556073.avif
Smart city with double exposure of man using laptop and networking lines
2024-09-05T00:00:00.000Z
4
​Lee Waskevich
VP Security Solutions
style
section-full-width

Is a best-of-breed strategy still the best approach to cybersecurity?

For over 20 years, the cybersecurity community has been conditioned to choose best-of-breed security solutions. After all, when a new threat emerges, it’s only logical to want the best protection available to combat that threat.

Cybersecurity is a balancing act between protection level and cost. How much protection is needed? At what point does the cost of protection exceed the risk?

In the early years, fear drove most decisions. No executive wanted their company in the headlines because of a breach, so companies were less concerned with overspending. This led to the best-of-breed approach, resulting in most companies having security products from many different vendors (over 40, on average) installed within their technology estate.

Today, the problems are the same, only worse:

The cybersecurity industry, however, is changing. The guiding principle is: prevent what you can; what you can’t prevent, detect and mitigate as quickly as possible. This is contributing to a shift in executive attitudes toward cybersecurity, leading to the concept of Minimum Effective mindset1—where the notion of more technology does not necessarily equal better protection—and a focus on outcome-driven metrics (ODMs)2.

The third major change developed by technology manufacturers and often attractive to financial stakeholders is the trend toward cybersecurity platforms. Top vendors such as Palo Alto Networks, Fortinet, Cisco, and others are shifting to a platform approach, where many of the necessary controls (i.e. endpoint protection, firewalls, email protection, data protection, threat intelligence, security operations, and more) are fashioned into a single platform to deliver better overall cybersecurity protection.

Weighing Your Options

There are pros and cons to both approaches. Here are five things to consider when evaluating your options:

  1. Cost - No surprise here. Cost is always a factor when purchasing technology. For security solutions, these costs include licensing fees, training expenses, hiring and paying skilled staff, and soft costs like interoperability. Adopting a single-vendor security platform can reduce your costs. By reducing the number of vendors, your training costs are lower, and you decrease the number of contracts you must manage. Many vendors also offer incentives, such as Enterprise Licensing Agreements or something similar, that enable you to lower your costs even more. In addition, some vendors are willing to buy out existing contracts of competitors to increase market share. Also, platforms are designed as integrated solutions, so you don’t have to spend a lot of time or money making the separate pieces work together. Licensing fees for best-of-breed solutions typically are expensive. You have the added task of integrating the different products, so interoperability can be a challenge. For every vendor product, you must train (or outsource) staff to support it, which can add to your training, staffing, and maintenance costs. One warning here, however, involves technology vendors’ acquisitions of complementing or competing vendors. Many times, on the surface these acquisitions look to help enable a shift to consolidation, but the adjustments made to licensing, features, and support costs can in reality reap a more negative effect. It’s important that a cost-benefit analysis be conducted for all features and terms.
  2. Compatibility - This is one of the most significant differences between a single-vendor platform and a best-of-breed approach. Platform components are designed to be compatible and easily share telemetry data. Best-of-breed products, on the other hand, must be integrated (by you or by a technology integration firm) in order to work together as a cohesive security solution. Regardless of integration efforts, however, some vendor products may work poorly together or not work together at all—a key point to keep in mind during your product evaluation.
  3. Data Analytics - All security products produce data. What can you do with the data, and what products do you need to produce those results? As I mentioned earlier, outcome-driven metrics are becoming more important. Executives want to know what protection level they are getting for their security spend and be able to tie results back to specific products. Platforms have an advantage here. They consolidate data collection and analysis, making it easier for you to see incidents and trends and derive benefit from insight generated by the platform. Best-of-breed solutions also produce telemetry data. But it takes more effort (and additional products) to consolidate data, analyze it, correlate incidents, parse out noise, and generate meaningful reports.
  4. Artificial Intelligence/Machine Learning - No list is complete without AI/ML. This is a fast-developing area, with every vendor investing in new ways of incorporating AI/ML to increase the effectiveness of threat detection and response. How does this factor into your decision? Make sure you understand how your cybersecurity solution (whether delivered via single-vendor platform or through a combination of best-of-breed products) leverages threat intelligence data to proactively hunt for threats and take predefined actions on your behalf to mitigate issues. Platforms are designed for this capability to be built-in; with a best-of-breed approach, you will need to ensure all the components are in place and integrated in order to deliver this functionality.
  5. Specialized Functionality - This is where a best-of-breed approach is an advantage. Does your organization require a specialized security function that is not currently available from a platform solution? If so, you will need to purchase a specific product to get that capability.

Taking the Next Step

You deserve a strong security culture that can sustain your business today and tomorrow.

ePlus Security is a leading security technology advisor and integrator with a broad solutions portfolio, strong industry relationships, and an unmatched breadth of engineering talent and expertise. With a focus on customer experience, our security team designs and delivers outcome-focused, customized cybersecurity programs aimed at defining and mitigating business risk, maximizing technology investments, and creating safer digital environments.

For guidance with developing a cybersecurity strategy or conducting a tools rationalization assessment, ePlus can help. Check out ePlus Security for more information or contact us to schedule a call with a security consultant.

[1] “Gartner Identifies Four Myths Obscuring Cybersecurity’s Full Value.” Gartner, June 5, 2023. https://www.gartner.com/en/newsroom/press-releases/2023-06-05-gartner-identifies-four-myths-obscuring-cybersecuritys-full-value
[2] “Gartner Identifies the Top Cybersecurity Trends for 2024.” Gartner, February 22, 2024. https://www.gartner.com/en/newsroom/press-releases/2024-02-22-gartner-identifies-top-cybersecurity-trends-for-2024

style
column-left
Blog
Security
3
true
related-cards
style
column-right
text-color
section-text-dark