Connect with us

Hi, what are you looking for?


M&A Tracker

The Three W’s of Re-evaluating Your Network Security Vendor

When it comes to security vendors, businesses are often resigned to inertia – just keeping up with whatever worked in the past. However, the increasing complexity of the overall enterprise network and security environment, combined with the shortage in skilled staff, make “business as usual” a costly and risky paradigm. 

When it comes to security vendors, businesses are often resigned to inertia – just keeping up with whatever worked in the past. However, the increasing complexity of the overall enterprise network and security environment, combined with the shortage in skilled staff, make “business as usual” a costly and risky paradigm. 

Network topology has only become more complex as organizations need to connect multiple locations, Cloud infrastructure and a mobile workforce into a single, global network and keep it secure. The challenges of securing such a complex network derive mostly from having to deploy multiple security solutions to secure all users and assets. It’s this complexity that opens up organizations to attacks, as hackers can slip through the cracks of misconfigurations and software vulnerabilities. Businesses need to re-think their network security strategy in an effort to make it simpler, better, and more affordable. When re-evaluating network security vendors, it’s important to consider the three W’s: why, when, and what.

Why should you re-evaluate your vendor?

Today’s network is virtually unrecognizable from yesterday’s, which had a clearly defined perimeter that was easily secured by placing firewalls at the entry point to the network. There are three major forces impacting the way we do business today: Cloud, mobility, and globalization. 

The use of Cloud infrastructure and applications is loosening the grip on enterprise applications and data. Business-critical information is now spread across multiple locations, some of which is outside of the IT team’s control (such as in Amazon AWS or The mobile workforce and BYOD are here to stay, so businesses need to provide employees with secure access paths to enterprise applications and data.

When it comes to deciding why you should re-evaluate security vendors, the solution’s roadmap is of strategic importance because it may require not just a technical analysis, but a rethinking of the overall network security architecture for the business. Other key drivers should include:

• Total cost of ownership – What is the current capital and operational expense of the incumbent solution versus alternatives? 

Agility and adaptability – How quickly can the current solution adapt to emerging threats and incorporate new capabilities?

Advertisement. Scroll to continue reading.

• Support for evolving business requirements – Can the current solution adapt to support new business requirements, such as global expansion, Cloud-based resources, and the mobile workforce?

When should you re-evaluate your vendor?

The first step in re-evaluating your security vendor is to find the optimal timing. Fortunately, there are several opportunities for doing so:

• Hardware refreshes and license renewals – By its very nature, hardware has a tendency to malfunction or perish over time and needs to be replaced. While hardware may last for several years, software licenses typically renew annually. If the hardware is mostly depreciated, the biggest costs incurred by companies are on license renewals, which represent a good opportunity to look into alternatives. 

• Footprint expansion – Capacity upgrades and expansion into new locations or regions (especially internationally) open up a window for evaluating new solutions. Network security can also be affected by connectivity issues across continents. VPN access and even site-to-site mesh across large distances can cause high latency and negatively impact end user experience.

• Vendor consolidation and M&A – If the business currently has a heterogeneous security environment across multiple business units, standardizing a common solution can offer simplification and cost reduction benefits. Additionally, companies engaged in M&A activity may end up with multiple security vendors on the network, requiring consolidation. 

• Cloud datacenter integration (“Hybrid Cloud”) – As businesses gradually migrate their infrastructure to the Cloud, IT teams need to integrate a new “datacenter” into the corporate network. This often requires the deployment of new network security solutions, which may not be available from current vendors or come at an additional cost. 

What should you consider when evaluating vendors?

There are several factors to consider when re-evaluating security vendors, such as:

• Expense – Most network security solutions are packaged into physical and virtual appliances. First, there is the capital expense involved with purchasing, upgrading, and retiring this equipment. The more locations a business has, the more expensive this proposition is. Then there’s the operational expense of maintaining a skilled IT staff of network and security experts to sustain, repair, and replace appliances. 

• Risk mitigation – Attackers move fast, and enterprises that strive to stay ahead will need to consider what it takes to upgrade and maintain the appliance software to keep up with emerging threats, and patch vulnerabilities. 

• Complexity reduction – With the Cloud, mobility, and globalization becoming the driving force behind the business, legacy security products need to be augmented with more point solutions that add to network complexity. Consolidating multiple requirements and IT domains can help reduce the footprint security teams need to manage.  

• Vendor relationships – Vendors are roughly divided into two groups: product-focused and service-focused. Product vendors focus on the initial transaction and renewals, whereas service vendors maintain a continuous relationship with the customer. 

Re-evaluating security vendors is never an easy task, but a new category has emerged called Network Security as a Service (NSaaS) that takes a Cloud-based approach to making network security simple again. By unifying the networking and security stack in the Cloud, NSaaS can reduce the capital and operational expense needed to manage a complex, distributed network security environment; easily adapt to emerging threats and introduce new capabilities; and integrate all parts of the business, such as physical locations, the mobile workforce, physical and cloud infrastructure, into one logical network that can be controlled with a unified policy.

Whatever path security vendor re-evaluation sets the IT team on, simplicity, functionality, and cost reduction should be the outcome.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...


Thirty-five cybersecurity-related M&A deals were announced in February 2023


Forty-one cybersecurity-related M&A deals were announced in March 2023.


Forty cybersecurity-related M&A deals were announced in January 2023.


Cybersecurity vendors SentinelOne and BlackBerry have been separately named in public acquisition chatter with a surprise suitor emerging.


Thirty-eight cybersecurity merger and acquisition (M&A) deals were announced in April 2023.


More than 450 cybersecurity-related mergers and acquisitions were announced in 2022, according to an analysis conducted by SecurityWeek