Connect with us

Hi, what are you looking for?


Security Infrastructure

Keep it, Tweak it, Trash it – What to do with Aging Tech in an Era of Consolidation

Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less.

CISO Board Cybersecurity

Consolidating security tools is a growing industry trend. In fact, a survey by Gartner found that 75% of organizations were pursuing security vendor consolidation in 2022, up from 29% in 2020.

IT is often viewed as a cost center and security is part of that. No one has unlimited budgets, and the pressure is on to justify costs and do more with less. The situation gets worse when earnings are down and there’s a looming specter of a slowdown in the economy.

Many security teams are being asked to start rethinking their approach to security if budgets get trimmed. It’s a natural part of the cycle of business and it’s rarely easy. But it can be a particularly onerous task within large, modern enterprises where Atomized Networks consist of up to three types of environments: IT, cloud, and operational technology (OT) environments. And, in many cases, each environment has a different team using different network traffic monitoring and security tools.

Some of these tools are “free” – whatever the cloud provider or service has available – and the perception is that there is no impact on budget. But the truth is, nothing is ever free. We’re making a tradeoff between paying for the tool and paying for people’s time to use, manage, and maintain a collection of different tool sets in different areas of the infrastructure. And that labor intensity is very costly.

However, there’s an even greater cost: the cost of time to detect and respond to events. When we’re using diverse tool sets and something happens, the time to discover and mitigate expands because it’s incredibly difficult to get a big picture view of what is happening across the organization. And time, when we’re talking about security, can be a killer. The longer the dwell time, the more damage can be done.

We could go down the path of building a tool to do that consolidation, but few organizations have the expertise and time to do this. So instead, due to a lack of integration, we live with operational inefficiencies that increase risk.

Without a doubt, the challenge when consolidating and looking at whether to keep, tweak or trash a technology in today’s evolving modern networks is increasingly complex. But when we consider the Atomized Network holistically and what organizations are looking to ultimately accomplish with their consolidation efforts, we see opportunities and a path forward.

Advertisement. Scroll to continue reading.

Digging further into Gartner’s study, 65% of organizations consolidate to improve risk posture and only 29% consolidate to reduce spending on licensing. That’s good news for security organizations because it helps put a stake in the ground and focus on what we can do that is going to give us the biggest bang for the buck, while still reducing the number of different security tools. Here are some recommendations as you work through the process.

Keep it

Keep the tools that make life easier for your security teams and that consolidate the largest part of your infrastructure. With an honest assessment, you can make sure you take the best advantage of the ones that simplify security operations while doing the most to decrease the amount of time to detect and respond to an incident.

Tweak it

For tools that come close – say, some of your teams love them but other teams that could benefit from them are using something else – tweak them to enable consolidation. Bring these tools, along with the “keepers”, into a platform that makes integration easy and enables collaboration and the sharing of context to drive operational efficiencies. When you expand their usage to the extent that you can, you’ll get the biggest bang for your buck.

With a common language and a single view across the environment, teams can share information to gain a greater understanding of what is happening and use a universal platform to help them do their jobs. For example, SOC analysts may use the platform for threat hunting, the network team may use it for network visualization and performance, and the governance risk compliance team may use it to validate controls.

Trash it

Get rid of the tools that are painful to use and make life difficult. Total cost of ownership is hard to calculate, but it is critical. Free or otherwise, you’re paying for tools in a lot of different ways, especially if they’re not improving your operations.

At the same time, remember that you brought in a tool for a reason and flat out trashing it can leave gaps. Go through the exercise of understanding if that function can be replaced by a different tool with some tweaking to ensure you don’t have gaps, or whether you will need to bring in something new to bridge that gap. Remember the primary objective of consolidation is to improve security posture – cuts that leave gaps in defenses run counter to that goal.

Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less. In the end, it’s about solving your security challenges and being able to share between teams. And when you keep, tweak, and trash to arrive at one tool that can do that to a very large extent, you cut time to detect and respond, reduce costs, and even make life easier.

Written By

Matt Wilson is the Vice President of Product Management at Netography. Over his 25+ year career, Matt has held senior technology leadership positions across numerous industries including Neustar, Verisign, and Prolexic Technologies. With a rich background in innovation and go-to-market strategies, Matt has been a critical leader in helping many companies conceptualize solutions from the customer lens and drive them to market with significant impact.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

Security Infrastructure

Instead of deploying new point products, CISOs should consider sourcing technologies from vendors that develop products designed to work together as part of a...

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.

Security Infrastructure

While silos pose significant dangers to an enterprise's cybersecurity posture, consolidation serves as a powerful solution to overcome these risks, offering improved visibility, efficiency,...


Identity and access governance vendor Saviynt has closed a $205 million financing round.

Identity & Access

The National Security Agency (NSA) has published a series of recommendations on how to properly configure IP Security (IPsec) Virtual Private Networks (VPNs).