Omdia: Standalone Security Products Outsell Cybersecurity Platforms

In its many briefings with cybersecurity vendors, one of the most consistent themes Omdia hears is why enterprises need cybersecurity platforms.

Across nearly all segments of cybersecurity, the opening statement from large vendors always goes something like this:

"Enterprises have too many standalone security products. They're expensive to purchase, deploy, and manage; point solutions function in a silo because they aren’t designed to work together; trained, experienced cybersecurity professionals are hard to find and harder to keep — hence, fewer products mean more efficient training and staffing for CISOs. Not to mention, they aren't working because look what happened with that latest big scary data breach!"

Instead, vendors claim, enterprises could get better outcomes if they give up their multitude of standalone products and instead purchase a cybersecurity platform solution, which rolls up the capabilities of many discreet products into an all-in-one offering from a single vendor.

CrowdStrike, Fortinet, Palo Alto Networks, Trend Micro, and many others have positioned themselves as cybersecurity platform vendors, employing go-to-market messaging that emphasizes the integration, single user interface, improved security efficacy, and better return on investment that their respective cybersecurity platforms provide.

On its face, this seems sensible. All the above-mentioned challenges that come with point solutions are very real. Omdia asserts enterprises need their cybersecurity products to work together, specifically by exchanging data and performing orchestrated functions, but building and running an integrated ecosystem of best-of-breed security solutions provided by many vendors is a never-ending challenge, one that keeps security architects awake at night.

A Growing Number of Deployed Products

Plus, today's enterprises really do have a lot of security products. Omdia research shows that a majority of enterprises have 21 or more standalone security products, and a third of organizations have 31 or more.

It's not hard to buy into the sales pitch from platform vendors that the fastest way for enterprises to improve their security is by buying fewer point products and shifting spending to cybersecurity platforms.  

However, according to Omdia research, it's simply not happening.

According to data from the 2023 Omdia Cybersecurity Decision Maker survey, organizations indicated an increased in number of standalone security products, not a decrease.

Source: Omdia

Omdia research shows that from June 2022 to May 2023, more than 80% of survey respondents saw an increase in the number of standalone security products in their organizations (161 respondents). Furthermore, for 44% of respondents, it wasn't just a minor increase; in those enterprises, the number of standalone products increased 11% or more. Conversely, just 7% of respondents noted a decrease.

The numbers highlight a stark contrast between the perception that is being advanced by cybersecurity platform vendors, and the reality being observed in enterprises. Despite the vendor-touted benefits of the platform approach, data indicates enterprises still live in a best-of-breed approach.

Omdia theorizes there are several possible explanations:

These are just a few of the possible reasons, and Omdia intends to conduct further research in this area, but for now, there are several notable takeaways.

Accept Enterprise Reality

For vendors, fostering a cybersecurity platform may be a sensible business strategy, but it is equally important to accept the reality few enterprises are buying into single-vendor platforms. Meeting the needs of the market also requires catering to organizations living a best-of-breed approach. This means vendors should not only support ease of integration through technology partnerships and open standards but also minimize the finger-pointing when customers need help making rival vendors' offerings work together.

For enterprises, the best-of-breed approach may be familiar, but platform vendors are working hard to address many of the shortcomings that have hindered all-in-one cybersecurity platforms to date. When solution refresh cycles come up, it's worth stepping back and taking a broader look at whether the evolving platform landscape may offer a better long-term approach. For those focused on point solutions, be sure the requirements include actual examples of successful best-of-breed integrations and testimonials from customers who have achieved the desired outcomes from their integrated security architectures.

For service providers and channel partners, platform vendors' struggles are your opportunities. On one hand, working through (or entirely removing) the challenges of implementing and running a best-of-breed cybersecurity solution architecture isn't easy, but vendors and enterprises alike desperately need this assistance. On the other hand, cybersecurity platforms make for a compelling service offering, while evangelizing the benefits of these platforms is an area where vendors reliance on the channel is only growing.

For more information, read Omdia Cybersecurity Decision Maker 2023: Overall Findings & Enterprise Cybersecurity Operations (SecOps) (Omdia subscription required).