INSIGHTS
RSA & Black Hat 2024: Convergence within & across the cybersecurity stack
Altman Solon is the largest global TMT strategy consulting firm with expertise in technology consulting. This insight is part of a series dissecting the top cybersecurity trends – including the consolidation and convergence across the sector, the expanding role of identity security, and the rise of niche cybersecurity services – from the 2024 RSA and Black Hat conferences. Here, we look at ongoing convergence in the cybersecurity sector and what it means for enterprises and investors.
At a previous RSA Conference, Vectra AI’s Chief Product Officer, Jeff Reed, cautioned that “security is the enemy of complexity.” This year, the theme of tooling convergence was once again a major topic of conversation among enterprises striving to reduce complexity across their software stack and vendors adding new capabilities to extend mature products into high-growth categories.
Integrated solutions versus "best of breed"
The age-old debate between do-it-all platforms versus specialized "best of breed" solutions remains spirited. However, at both conferences, vendors placed their bets on the pendulum swinging back toward integrated suites despite criticisms that such solutions often lag in terms of innovation and feature depth and strength. In a market where CISOs are looking to reduce spend and consolidate tools, integrated platforms are gaining attractiveness. In addition to offering tighter integration and unified analytics, a suite of tools provides a "single throat to choke" regarding vendor management. As cyberattacks on businesses increase every year, CISOs are re-evaluating the benefit of specific point solutions, especially as security in the cloud gains as much attention as security in the network. Cisco was one of many vendors looking to address this renewed interest in integrated solutions by announcing its integration of extended detection and response (XDR) solutions with Splunk’s security information and event management (SIEM) solution, and its launch of a new cloud detection and response feature.
Consolidation as a sign of a maturing market
The buzz around industry consolidation remained a hot topic at both events. Immediately following the RSA conference in May, the industry experienced two significant M&A announcements when SIEM vendor LogRhythm merged with the UEBA-focused firm Exabeam. On the same day, Palo Alto Networks announced its acquisition of IBM's SIEM product, QRadar, with plans to migrate QRadar clients to Palo Alto Network's XDR solution Cortex XSIAM. In the Identity space, Privileged Access Management (PAM) leader CyberArk announced its acquisition of the machine identity management company Venafi. Continued strategic M&A activity suggests that the cybersecurity market is maturing, with legacy vendors acquiring newer vendors with more sophisticated tech but smaller customer bases and less advanced commercial traction.
The age of XDR?
Some in the industry saw the QRadar acquisition by Palo Alto Networks as evidence that XDR could further disrupt traditional technologies. Critiques of SIEM products include their tuning requirements, too many false positives, and the inundation of alerts to SOC teams. Their costs also escalated out of control as the volume of log data increased exponentially. XDR provides a unified solution that, in theory, could replace legacy cybersecurity systems like SIEM, SOAR, and some APM/NPM observability tools. According to tech writer Gilad David Maayan, XDR's benefits "extend beyond threat detection response. By providing a unified view of an organization's security posture, XDR can enable improved decision-making, more efficient resource allocation, and better compliance with regulatory requirements." We may look back at 2024 as the year when enterprise adoption of XDR starts to materialize at scale.
What consolidation means for enterprises and investors
For enterprises, this wave of consolidation within the tech stack has the potential for streamlined vendor management, cost savings from bundling, state-of-the-art threat detection tools, and rapid response and remediation services. However, we have yet to see if M&A activity, often fueled by investment bankers and hyped by marketing collateral, will result in more modern and cost-effective cybersecurity outcomes. In our conversations with CISOs at RSA and at Black Hat, the appeal of a single cybersecurity platform that can save money and provide unified analytics is growing, especially in a world where businesses experience more cybersecurity breaches.
Investors should consider cybersecurity assets that offer integrated capabilities as part of a larger platform solution. Some point solutions are worth investing in, but investors should ensure these tools are truly differentiated and "best of breed" and can integrate with platform solutions. For investors seeking to exit an asset, more strategic M&A could represent an expanded pool of buyers as leading vendors attempt to offer end-to-end platforms through acquisition.
Submit the form to receive our in-depth report on cybersecurity trends.