The Great Consolidation Debate – Part 2 – Vendor Consolidation Pros and Cons


This is the second in a series from TMG talking about security stack consolidations, where we dive a little deeper into the pros and cons of security stack consolidations. Our first post explained what the debate about security stack vendor consolidations is all about – be sure to check it out

One of the biggest conferences in the cybersecurity industry – RSAC (or just RSA, depending on who you’re talking to and what mood they’re in) – wrapped up a few weeks ago. For those unfamiliar, it’s almost impossible to describe what 40,000+ cybersecurity industry people together is like. There are security vendors of all shapes, sizes, and funding stages as far as the eye can see – literally. In other words, RSAC…is a lot

If we look through the eyes of RSAC and its dizzying displays of new technologies, vendors, and services, it would almost seem like the questions around security stack vendor consolidation are over and the trends of consolidation are dissipating. What we’re seeing, on the ground, though, can feel like just the opposite: the consolidation movement is still growing. In fact, RSAC’s sheer enormousness might almost be a bellwether of the debate itself: deconsolidation is just becoming too much to manage. 

So it seems that despite the most valiant marketing efforts from vendors, the debate around security stack consolidations is continuing to grow. So let’s talk about it and take a deeper dive into security stack consolidation with some of the pros and cons of moving toward a single vendor for security teams. 

Quick recap: the security consolidations debate 

As threat actors grew more and more advanced, security teams were increasingly adding more tools to cover the gaps left by the major players in the game. Recently, however, security teams are starting to feel crushed by too many tools that aren’t talking to each other easily enough, throwing duplicate alerts, and requiring multiple panes of glass to manage. This has caused these very teams to look back toward single solution providers. 

Consolidation Pro: Fewer integration headaches, updates, and management consoles

While you’d be hard pressed to find someone who would argue the large vendors such as Microsoft are near perfect (to put it lightly), many security teams now are finding vendors like this probably provide 80-90% of the coverage they need with far fewer integration headaches of multiple tools from various vendors. This becomes even more enticing with deals such as Microsoft Enterprise Agreements (EAs) coming with credits to apply to other tools within their suite to use and customize to your specific needs.

While every vendor promises easy integrations to other tools, the more tools that need to talk to each other, the more headaches these integrations can cause if something goes wrong, leading to duplicate alerts on the same issues and subsequent alert fatigue for the staff, difficulty diagnosing incidents, and managing multiple tools across multiple panes of glass.

Finally, one of the most effective tools in any security team’s belt is one of the simplest: security patches and updates. These updates in a consolidated stack are much easier to automate and manage than having to coordinate across multiple systems and tools to ensure everything is up to date. Since unpatched updates are one of the easiest ways in for threat actors, making this process easier is an incredible win that lowers the threat surface significantly. 

Consolidation Con: Eggs, meet basket

As companies, security teams, and even governments are pouring themselves into one single vendor for their security needs, the conversation around all of the security eggs going into a single basket naturally arises. Legacy tech companies such as Microsoft are also left trying to secure an immense amount of technical debt they have amassed over nearly a half century of development, as well as their forays into the cloud and AI, which are amassing technical debt at breakneck speeds as well. And when adoption climbs, so does the target on the vendor, because one vector in could mean getting the keys to many, many castles. 

Consolidation Pro: The old guard is stepping up 

Many of the larger companies also are battling their past selves for their years, if not decades, of failing to prioritize security in development. Their attitude for these exploits was largely perceived – earned or not, though most might argue it was – as the companies essentially giving a shrug of the shoulders and minimal commitment to addressing concerns quickly enough, and developing mediocre, clunky tools as almost an afterthought. If they had most of the market share – and the federal government contracts – what motivation did they truly have to improve? 

In a win for competition (and the vendors at RSAC), it seems that the pressure from security professionals, insurance carriers, and a more intense threat landscape has made a dent. Add onto this bombshell headlines such as an ex-White House cyber policy director claiming Microsoft is a “national security threat” and there have been some hopeful changes in the right direction. Since then, almost all of the major security vendors have made pledges to recommit to security, tying executive pay to security outcomes and investing more in their dev sec. 

In addition, the security products themselves have improved significantly. Microsoft’s SIEM solution, Sentinel, tends to get about as decent marks as any of its competitors, if not better. And when each Windows machine comes equipped with Defender Plan 1 as an endpoint solution, as well as the ease of integrations mentioned above, the choices start to make more and more sense for stretched security teams. 

Consolidation Con: Locking into large companies

While the large players have certainly upped their security games, many security teams do bemoan just how behemoth they are. From confusing terminology changes of products and offerings to bundles of packages to contracting to customer service, these large companies can feel overwhelming while customer service can feel a little, shall we say, lacking. Many smaller vendors can be more receptive not only to feedback but to customer service calls as well, leading to quicker resolutions.

Finally, whether you’re looking to consolidate your security stack vendors into one, or diversify, having technology acquisition partners on your side to help with these types of decisions and analyses can make these processes much smoother and less frustrating for everyone. No matter where you are or what strategy you’re looking ahead to, TMG can help you along the way.

Subscribe to get our most recent articles, case studies, events, and more delivered to your inbox: