Security Tool Consolidation: How to Plan, What to AvoidDionisio Zumerle of Gartner on Impact of XDR and SASE, Consolidation Misconceptions
In the hunt for best of breed solutions, most large cybersecurity organizations today work with 30 different security vendors. Now, a growing number of defenders are looking to consolidate tools to simplify operations, said Dionisio Zumerle, vice president and analyst at Gartner.
"When you have the complexity, it's very hard to identify misconfigurations between the different overlapping tools, and it's also hard to identify security gaps," Zumerle said, adding that a 2022 Gartner survey showed that 75% of respondents were planning to consolidate their security tools.
Consolidating tools can be challenging, and sometimes the projects run into technical obstacles and simply fail. "A lot of chief information security officers underestimate the time needed to complete an XDR or SASE project," Zumerle said. "We know from the clients we speak to that it takes probably a couple of years to complete either an XDR or SASE project."
Cost is another key factor. Consolidation is often viewed as "a budget-saving exercise," but Zumerle warned that could be "very dangerous" if the expected savings never materialize.
In this video interview with Information Security Media Group, Zumerle discussed:
- Consolidation opportunities for VPNs, secure web gateways, CASB, EDR, NDR, email security and more;
- Misconceptions and lessons learned about consolidation projects;
- Planning strategies for tool consolidation.
Zumerle, who is currently focused on application and mobile security topics at Gartner, covers API security, mobile application security, DevSecOps and mobile threat defense. His research interests also include emerging technology areas such as application security posture management and broader trends including the consolidation of cybersecurity platforms.