The history of security purchasing centers around best-of-breed products. With each requirement, security professionals would research products, review third-party tests, bring in products for internal testing, and buy those that exhibited a superior ability to prevent, detect, or respond to cyber attacks.
Fast forward to 2018, and the cybersecurity market is in a state of transition. Over many years, large organizations have accumulated numerous independent security products, making security operations extremely difficult. ESG research indicates that 36 percent of organizations use between 25 and 49 individual security technologies (i.e. commercial, open source, and homegrown security technologies), while 19 percent use more than 50 products. (Note: I am an employee of ESG.) Security operations challenges have prompted a wave of security consolidation ― 22 percent of organizations are actively consolidating security technologies (and vendors) “on a large-scale basis,” while 44 percent are consolidating on a limited basis.
Yup, there’s a trend toward technology consolidation and integration as organizations winnow their cybersecurity technology portfolio, buy integrated cybersecurity "platforms" from leading vendors, and build an integrated security technology architecture a la ESG’s SOAPA (security operations and analytics platform architecture).
So, does this mean the old bias toward best-of-breed security products is dead? Not at all. In a recent ESG survey, 232 security and IT respondents were asked a series of questions about their cybersecurity technology purchasing habits. The research reveals that:Fifty-four percent of respondents said their organization tends to purchase best-of-breed products, but only if they are designed for broader technology integration. Alternatively, 46 percent said they buy best-of-breed products regardless of the product’s ability to integrate with other security technologies. So, best-of-breed is required in all cases with a slight majority, including integration capabilities as an essential part of best-of-breed functionality. When asked to choose the most important attribute of security products their organization purchases, 46 percent said product effectiveness (i.e. threat prevention, detection, and response efficacy). The list tailed off from there 13 percent said ease of operations, 11 percent said cost, and 8 percent said the ability to integrate with other products (note 22 percent chose another product characteristic).
These two data points may seem at odds, but I don’t believe that is the case. First and foremost, security professionals want to buy products that prevent bad things from happening. Once they find a few highly effective products, they then evaluate them in other area. Do they play nice with other security products? Do they scale? Are they easy to deploy and operate? They make their ultimate purchasing decisions based upon the answers to all those questions.
This data doesn’t surprise me ― best-of-breed is part of cybersecurity professionals’ DNA, and it always has been. While this is understandable, I would advise my cybersecurity friends to consider adopting a broader perspective. Cybersecurity is the ultimate team sport with a dependency on all staff members and technologies to work well together. Therefore, security efficacy should be measured at the individual product and the cumulative infrastructure level. In other words, each unique security technology must be best-of-breed on its own while acting as a force multiplier by improving the effectiveness of the whole enchilada. Better together.
As a final note, I always tell CISOs that they should assume they won’t have adequate staff resources with every decision they make. Buying the best whiz-bang security product may seem like a good decision, but not if no one has the time or skills to operate it. Therefore, ease of deployment, time to value, and ongoing ease of use should be strong considerations.