The Cybersecurity ‘Tool Sprawl’ Finally Had a Good Outcome!



CISOs are well prepared and consolidation in cybersecurity is on the way, thanks to the economy

The forces driving cybersecuritytool sprawl” may be slowing down as a result of the turbulent first six months of 2022, which could be a case of a good outcome arising from a bad situation. The cybersecurity industry is expected to see an increase in acquisition activity in the coming months, owing to the possibility of a slowing economic environment. Certain venture-backed Artificial Intelligence startups will undoubtedly face difficult decisions. However, industry experts say such consolidation is welcome news for many customers who have been dealing with an overabundance of security tool options and a related phenomenon known as “tool sprawl.

The reasons why the cybersecurity industry has reached this point are numerous, as are the factors that will likely lead to a reversal. However, according to industry experts, the bottom line for many businesses is that consolidation in the cybersecurity market should have a positive effect on their ability to protect against cyberattacks.


Defying complexity

The complexity of configuring and using so many security tools is a huge problem for businesses, especially at a time when almost no one has enough skilled people to go around. Many customers have adopted new security tools to support rapid digital transformation and cloud migration. While such moves have added new complexities to businesses. Every new security tool must be learned, configured, maintained, and used correctly by security teams that are becoming increasingly overburdened.

Security tools usually work better together when they are owned by a single vendor rather than having to be pieced together by a customer or service provider. It’s probably a flaw in human nature: we tend to support and offer truly integrated offerings best when we have a profit motive. Many of the chief information security officers know that their tools aren’t working well together and aren’t getting them any closer to achieving the most important goals of their security strategies. If you’re trying to go to zero-trust architecture, stitching it together yourself is difficult.

Meanwhile, CISOs and other buyers are currently overwhelmed by the number of options available. With so many options in the security market, it’s really hard to wade through all the marketing hype to find the things that work. For all of these reasons and more, Dickson believes that security consolidation is not only beneficial to businesses at this time; it is essential. The various dynamics at work for security teams in 2022 almost require that we ask our security vendors to offer more comprehensive, integrated solutions, rather than best-of-breed point products.


The massive expansion

For years, the cybersecurity industry appeared to defy consolidation forces: for every security vendor acquired, several new ones would emerge. When venture capital and private equity investors invested nearly $30 billion in cybersecurity startups, more than doubling the amount invested the previous year. Meanwhile, the number of security acquisitions last year remained consistent with previous years. Tool sprawl exists in part because, for a long time, the CISO’s role revolved around purchasing new security tools. If you were a CISO ten years ago, you were evaluated heavily on [whether] you were acquiring and deploying the right technology.

Today, however, the security organization is “no longer a quiet function off in the corner,” but rather a top priority for the company’s board and C-suite. As a result, the CISO in 2022 will be evaluated based on the security outcomes they deliver rather than the tools they use. Many other factors have contributed to the proliferation of security tools. The increasing attack surface and threat landscape have resulted in a slew of new tools, ranging from cloud security to third-party risk management to AI-powered detection and response. While innovation and competition are important in security, as they are in any industry, many customers believe that privately-held security vendors would benefit from a cooling-off period.