As security teams are struggling with burnout and talent shortages, some of them are pivoting to work with fewer vendors in order to avoid overwhelming numbers of security alerts, tools, and management consoles. This is one of the major reasons why mega security vendors are touting their platform approach.

For the last five years, vendor growth exploded in the security market, but now more customers consult with Palo Alto Networks to find out how they can consolidate services and use fewer vendors, Rick Caccia, SVP and CMO of Palo Alto Networks Cortex and Unit 42, told SDxCentral.

This trend “is good for a large company like us,” he said. “If you have multiple different vendors, it becomes harder to do integration.” He called this shift “groundbreaking insight.”

Cisco EVP and GM of security and collaboration Jeetu Patel said he is also seeing the need for a unified platform.

The complexity of hybrid architectures and the expanded thread landscape has changed customers’ preferences — instead of buying point solutions, businesses have started buying integrated platforms, he pointed out during a keynote at Cisco Live.

Gartner’s senior director analyst Charlie Winckless concurred that the trend to reduce vendors has accelerated over the past one and a half years. “We're definitely seeing the drive to reduce the number of vendors, and the number of point products that organizations are trying to adopt driving down from 2010.”

“What's interesting is that it's been driven, as far as we can tell, largely by a desire to increase security efficacy, not simply to reduce cost,” he added. “So there is some synergy and some benefit to a well-built platform, as opposed to a poorly tied together portfolio of products.”

An integrated platform is not necessarily a single-vendor platform. With an integrated platform, buyers might end up with a smaller set of security vendors that hopefully can work well together in an open standard, Winckless said. “The mega vendors, they are all working towards this model, because that's how we are seeing buyers want to buy today.”

A consolidated platform should streamline the user experience; offer an integrated managing console, common data plans, and government rule constructs among various environments; and reduce the number of touchpoints on the endpoints or end users. Otherwise, it’s just a portfolio of products, Winckless argues.

CrowdStrike Chief Product and Engineering Officer Amol Kulkarni claims the vendor was the first to offer cybersecurity with a platform approach. It started with cloud security, and now endpoint security, managed service, threat intelligence, identity protections, and more services are under its FALCON Platform.

Kulkarni noted a platform approach should offer a single agent and console, and collect data once and use it for different scenarios. This approach can reduce the overhead and complexity of the administration and management, he added.

On the flip side, Winckless warns this approach can cause vendor lock-in, and also certain capabilities in the platform can be weaker than competing platforms or standalone products.

Mega vendors have a broader range of products, so it's easier to natively integrate their capabilities and work with third parties to build a platform.

Plus mega vendors already have the components and a portfolio so they don’t need more innovation to offer a platform approach, Winckless said, adding that most large vendors have the ability to crowdsource data across multiple telemetries, consume data within their own threat intelligence service, and be open to taking third-party feeds into their environments, which are very valuable.

Many claim they offer more than one integrated platform.

For example, Cisco offers integration between its networking and security, endpoint and cloud, and across user devices, noted Shailaja Shankar, SVP and GM of the Cisco Security Business Group.

Palo Alto Networks offers three different platforms: network security, cloud security, and security operations, Caccia said.

While buying from one vendor may seem easier, buyers could ultimately be limited by one platform from one mega vendor. Gartner’s recent surveys showed that organizations are still looking for security efficacy. “That's not necessarily gonna be buying two or three platforms from a single vendor, because they're probably not good at all three of those,” Winckless noted.

Traditionally, many mega vendors have been less than superb at integrating their products, while some startups or more niche vendors do a better job integrating a set of capabilities. “That's going to be a mindset shift” for big vendors, Winckless said.

The good news is some mega vendors are open to working with smaller vendors when it comes to strengthening their weaker points or completing their platforms, according to Shankar, who argued for open platforms and ecosystems.

“When you talk about a platform … It has to be an open platform, an open ecosystem, where the smaller organization should be able to integrate into,” Shankar said. For certain capabilities that Cisco decides not to build natively, it will partner with others to deliver, she added.

Additionally, for platforms such as cloud-native Application protection platform (Cloud Native Application Protection Platform) that require a newer set of tools from security services edge (SSE) or data security platforms, smaller vendors can integrate those capabilities together more quickly than some of the large vendors, Winckless pointed out.

There's a continual evolution of new areas in security, Winckless continues to see smaller vendors lead or play in nascent technology and innovation areas and “continue to be surprised, amazed and pleased,” he said.

“Smaller vendors are going to be able to continue to drive innovation, and they're going to be able to move faster and produce better solutions in many cases than the large vendors,” he added.