Too many 'point'less tools: Platformization is better
Will 2025 be the year organizations ditch multiple point products and take a platform approach? Enterprise Strategy Group analyst Tyler Shields thinks it should be.
- Tyler Shields
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
One of the most frequent complaints I hear from CISOs and enterprise cybersecurity practitioners is, "We have too many tools."
According to research from Informa TechTarget's Enterprise Strategy Group, 37% of organizations use more than 26 products to secure their environment, and 10% use more than 51 products. How does that even remotely scale? And what resources does a company require to get any value from that many tools?
Last year saw significant debate in cybersecurity circles about platformization. Some vendors went all in on this strategy and are pulling multiple markets and point technologies to build the ultimate "one ring to rule them" platform, while other vendors are sticking to their guns and describing their point product as a "better mouse trap" that helps catch nasty rodents better than a bloated platform.
What's interesting is that many of the security practitioners who complain about too many tools tell me that platformization is a horrible idea that will result in one product with only a moderate ability to provide value.
When Enterprise Strategy Group asked organizations the most beneficial action for improving security efficacy and operational efficiency, only 19% answered "consolidating security tools."
Listen up, security teams: You can't have it both ways. You can't keep purchasing niche security technologies to improve the mouse trap -- as we have for the last 25-plus years -- while asking for fewer technologies and broader platforms. These two requests are at odds with each other.
So, which is it? Do you want innovative niche products that move the security needle from 92% to 95% detection rate, or do you want a platform that uses value from multiple adjacent markets to create a more holistic view into actually solving problems?
Many of us have been trained to ask for better detection and improved ability to find malicious actors that it has become a useless mantra. Not only that but the products in the market today are good at detecting bad actors. Why do we insist on focusing our efforts on such a minute amount of security improvement when UX, better prioritization, automation of fixes and efficient value are so much more important?
It's no longer about finding malicious actors in new and novel ways. It's about eliminating the overhead that eats up resources and time, and prevents us from using our current capabilities to their fullest extent. It's about being more efficient with what we already have, not about the next shiny new product. It's about decreasing overhead and requiring significant value from every product we have already purchased or intend to buy.
Four steps to start consolidating
In 2025, cybersecurity teams need to make a foundational shift in their approach. Instead of continuously adding new point products and chasing marginal improvements in detection rates, organizations should focus on consolidation and efficiency, freeing up resources to use the broad platforms more effectively.
To do this, here's a little cheat sheet. Focus on the following this year:
- Tool rationalization. Critically evaluate existing security products and eliminate redundant or underperforming tools.
- Platform adoption. Embrace comprehensive security platforms that provide integrated capabilities rather than maintaining numerous point products.
- Process optimization. Streamline security operations to maximize the value from core technologies.
- Resource allocation. Redirect time and budget from tool management to actual security improvements.
These steps will help build a more sustainable and effective security program that focuses on outcomes rather than accumulating an ever-growing collection of security products. The future of cybersecurity isn't about having more tools, it's about having the right platforms and using them to lower risk.
Stop focusing on the wrong things; shift your attention to where it belongs. Get rid of half of your tools, become more efficient with what actually reduces risk and stop wasting time with useless technologies and processes. 2025 is the year to simplify cybersecurity and bring back a real demand for high-quality platforms that produce real security improvements.
Tyler Shields is a principal analyst at Informa TechTarget's Enterprise Strategy Group. He has more than 25 years of experience in cybersecurity technologies and markets, with emphasis on vulnerability management, risk analysis, threat identification and offensive security technologies.
Enterprise Strategy Group is a division of Informa TechTarget. Its analysts have business relationships with technology vendors.
