Three-quarters of all enterprises expect to reduce the number of security vendors they use according to a recent survey, more than double the number from 2020. Credit: Getty Images A total 75% of organizations across North America, Asia Pacific and EMEA plan to consolidate the number of security vendors they use, a Gartner survey of 418 respondents found. That percentage has increased significantly, as only 29% were looking to consolidate vendors in 2020. The main reasons are an increase in dissatisfaction with operational inefficiencies and lack of integration of a heterogenous security stack, the survey found.Companies look to reduce the number of vendors they work with in key areas like secure access service edge (SASE) and extended detection and response (XDR). The survey found that 57% of organizations are working with fewer than ten vendors for their security needs.Perhaps as a result of this shift in enterprises’ priorities, some vendors have already started to combine some products to offer simplified enterprise security. In February 2022, for example, Forcepoint announced an all-in-one cloud platform that integrates zero trust capabilities and SASE technologies so security teams can manage one set of policies through a single console. Pros and cons of consolidating security vendorsWhile saving money could be a result of consolidation, it is not what is driving organizations. Sixty-five percent of respondents said they expect to improve their overall risk posture and only 29% expect reduced spending on licensing. Cost optimization should not be a driver, Gartner VP analyst John Watts said. Those looking at cutting costs must reduce products, licenses and features, or ultimately renegotiate contracts. A drawback of those pursuing consolidation has been a reduction of risk posture in 24% of cases, rather than an improvement.But if cost savings becomes a result of consolidation, CISOs can invest that on preventing attack surface expansion. “This trend captures a dramatic increase in attack surface emerging from changes in the use of digital systems, including new hybrid work, accelerating use of public cloud, more tightly interconnected supply chains, expansion of public-facing digital assets and greater use of operational technology (cyber physical systems—CPS). Security teams may need to expand licensing, add new features, or point solutions to address this trend,” Watts says to CSO. The time invested should also not be taken for granted. Gartner found that vendor consolidation can take a long time with nearly two-thirds of organizations saying they have been consolidating for three years. Another obstacle facing enterprises are rigid vendor deals, an issue faced by 34% of respondents. Gartner advises IT leaders to plan at least two years for consolidation.“Our survey results show that security vendor consolidation is a multi-year effort for most organizations and requires planning to replace incumbent vendors coordinated with both technology migration projects and contract termination dates,” says Watts.One of the main benefits of the consolidation move is the initial opportunity to drive better pricing discounts from incumbent vendors and their competitors. “As vendors expand their functionality, they are increasingly competing against vendors with whom they have not have historically competed. For example, a CISO looking to replace an incumbent SWG [secure web gateways] or CASB [cloud access security brokers] point solution with a converged SSE [security service edge] offering can drive improved discounting as vendors look to gain or protect market share against new competitors. However, CISOs need to be aware of overlapping contract terms and potential shelfware from new, underutilized features which may drive higher overall licensing costs compared to the current status quo,” Watts says. What drives enterprises toward SASE and XDRThose who plan to have adopted SASE within their organizations by the end of 2022 make up 41.5% of respondents, and 50% of respondents use SASE projects to simplify network and security policy management and improve security posture.Organizations that have plans to adopt XDR by the end of 2022 make up 54.5% of respondents. XDR has already helped 57% of respondents to resolve security threats faster.“While 89% of surveyed organizations want SASE and XDR to work together, security and risk management leaders will often opt to keep them distinct from one another but ensure they can interoperate. This is an approach validated by 46% of surveyed organizations, which allows for flexibility to select best-of-breed functionality,” said Dionisio Zumerle, VP analyst at Gartner. Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe