Security Buyers Are Consolidating Vendors: Gartner Security Summit

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

IT security buyers are consolidating vendors at an overwhelming rate, according to a speaker at this week’s Gartner Security & Risk Management Summit.

In a session on cybersecurity market trends and growth opportunities, Gartner analyst and VP Neil MacDonald said 75% of security buyers are pursuing vendor consolidation, up from just 29% in 2020.

“Customers want fewer providers,” he said.

MacDonald’s talk was directed at vendors rather than buyers, and he cautioned them: “Don’t just throw a bunch of stuff together; make it work better.”

Security Products Merge Into Platforms

As part of that trend, security products are consolidating too, MacDonald said. He noted 10 areas where cybersecurity products are merging into broader platforms (see slide below).

Converged Cybersecurity Platforms chart from Gartner

Secure web gateways, CASB and zero trust network access (ZTNA) are merging to become security service edge (SSE), he said — and with the addition of SD-WAN technology, SSE becomes secure access service edge (SASE).

EDR, NDR and identity threat and detection response (ITDR) are merging into XDR platforms — even as XDR joins with SIEM and SOAR to become Security Operations Platforms.

In cloud security, cloud workload protection platforms (CWPP) are joining with cloud security posture management (CSPM) and software composition analysis (SCA) to become workload security and CNAPP platforms.

Other broad security platforms highlighted by MacDonald include:

  • Data Security: Includes DLP, digital asset management and data-centric audit and protection (DCAP)
  • Workplace Security: Combines UEM, secure email gateways and EDR
  • Attack Surface Management: external & cyber asset ASM (EASM and CAASM) and digital risk protection services (DRPS)
  • Identity and Access Management: Includes access management, PAM and identity governance and administration (IGA)
  • Integrated Risk Management: Digital rights management (DRM), vendor risk management (VRM), and GRC

Consolidation has been a central theme at the Gartner security conference in recent years. Cybersecurity mesh and decentralized identity were big themes in 2021 and hyperautomation was an emerging technology last year, and those trends came up again in a number of presentations this year.

CTEM, CIEM and AMTD Highlight Emerging Tech

Gartner is perhaps the biggest source of acronyms in the cybersecurity industry, and the 2023 event was no exception. CTEM, CIEM and AMTD are three emerging technologies that security pros might want to familiarize themselves with.

CTEM stands for continuous threat exposure management and is something like a continuous vulnerability management program (slide below from Gartner analyst Rich Addiscott).

Continuous Threat Exposure Management (CTEM) chart from Gartner

CIEM is short for cloud infrastructure entitlement management, which controls cloud user and entity permissions (slide below from Gartner analyst Andrew Bales).

AMTD stands for automated moving target defense, which combines a number of security technologies to protect assets as they change states (slide below from Gartner analyst Mark Wah).

Automated Moving Target Defense (AMTD) Objective infographic from Gartner

Read next:

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Paul Shread Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis