Vendor Consolidation in the Cyber Security Market

Vendor consolidation in cyber security will be an essential trend in the market for the next few years. The reasons for this include cost constraints and the availability of talent, as well as the need to react in a more agile way, which can be achieved much better with integrated suites than with siloed point solutions.

The paradigm shift from best-of-breed to best-of-suite solutions in cyber security is a challenging task. Most organizations will need professional services to carry out the necessary migration projects.

The basic questions which need to be answered positively before starting any migrations are:

1. Will this shift improve or worsen the risk posture?
2. Is this shift pushing business agility?
3. Will this shift reduce the bottom-line costs for security?

In the second step, existing solutions should be grouped into:

• Point solutions providing new technologies for new threats. There are not usually many of this kind of solutions so they will probably be kept, as suites typically need some time to offer the same functionality.
• Point solutions providing traditional technologies for classic threats. This usually includes the majority of security solutions. For such solutions, there will most probably be suitable suite providers.

The paradigm shift from best-of-breed to best-of-suite will shake the market landscape over the next few years. The most affected groups on the vendor side will be:

• Startups: To be relevant for most organizations, startups need to focus on new threats and bring new approaches to the table. Solutions that suite providers can quickly adapt will fail. Solutions that are only slightly better will also fail. Therefore, successful startups must have great ideas, be able to productize them quickly, have good funding to enable marketing and sales, and grow fast before they are either acquired or start M&A activities on their own to broaden the portfolio and become a suite provider themselves.

• Security software vendors: This group follows a twofold approach. They integrate their existing point solutions into suites and they design highly standardized managed services around their suite products. Especially in the mid-market, this can be a valid alternative to managed services from traditional service providers. To keep their suites up to date, PAC expects more M&A activities in the years to come. In particular, startups will be bought more often and earlier in their life cycle.

• Security service providers: Service providers will face the most significant impact of this shift in mindset. While consulting services will become even more critical as the security strategy has an even more significant impact on suite selection, system integration services will see a push during the migration from point solutions to suites, but the growth in system integration will slow down afterwards. The demand for operational and managed services will continue to rise, but customers will expect the rates for those services to decline as they assume that service providers can generate benefits by deploying suites. For service providers, it is essential to streamline their partner ecosystem to include the most promising suite providers, in order to generate cost and agility gains in the future.

PAC’s recommendations for IT providers:

• Security service providers need to support organizations on their way from best-of-breed to best-of-suite solutions. Consulting and migration services are key.
• Service providers need to prepare for new market conditions, and especially for cost pressure on managed services and declining demand for system integration in the long run.
• Startups need to make sure that they offer more than just “yet another” solution.
• Security software providers must offer integrated suites and provide suitable roadmaps for further development.

PAC’s recommendations for IT users:

• Start your planning around vendor consolidation in the security area now.
• Make sure that suites are properly integrated and not just a set of point solutions.
• Evaluate the managed services offerings from software vendors. These might be a real alternative to traditional managed services from service providers.
• Be prepared for higher costs during the migration phase.

Discover more in my recent InBrief Analysis report “Vendor Consolidation in the Cyber Security Market”. If you want to share your feedback or personal experience, please leave a comment or drop me an e-mail.