Governance & Risk Management , Open XDR , SASE

Security Tool Consolidation: How to Plan, What to Avoid

Dionisio Zumerle of Gartner on Impact of XDR and SASE, Consolidation Misconceptions
Dionisio Zumerle, vice president and analyst, Gartner

In the hunt for best of breed solutions, most large cybersecurity organizations today work with 30 different security vendors. Now, a growing number of defenders are looking to consolidate tools to simplify operations, said Dionisio Zumerle, vice president and analyst at Gartner.

See Also: Healthcare in The Cloud: Detecting and Overcoming Threats to Ensure Continuity & Compliance

"When you have the complexity, it's very hard to identify misconfigurations between the different overlapping tools, and it's also hard to identify security gaps," Zumerle said, adding that a 2022 Gartner survey showed that 75% of respondents were planning to consolidate their security tools.

Consolidating tools can be challenging, and sometimes the projects run into technical obstacles and simply fail. "A lot of chief information security officers underestimate the time needed to complete an XDR or SASE project," Zumerle said. "We know from the clients we speak to that it takes probably a couple of years to complete either an XDR or SASE project."

Cost is another key factor. Consolidation is often viewed as "a budget-saving exercise," but Zumerle warned that could be "very dangerous" if the expected savings never materialize.

In this video interview with Information Security Media Group, Zumerle discussed:

  • Consolidation opportunities for VPNs, secure web gateways, CASB, EDR, NDR, email security and more;
  • Misconceptions and lessons learned about consolidation projects;
  • Planning strategies for tool consolidation.

Zumerle, who is currently focused on application and mobile security topics at Gartner, covers API security, mobile application security, DevSecOps and mobile threat defense. His research interests also include emerging technology areas such as application security posture management and broader trends including the consolidation of cybersecurity platforms.

About the Author

Anna Delaney

Anna Delaney

Director, Productions, ISMG

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.