With a growth in vendors increasing the volume of solutions on offer in the cyber security ecosystem, tool sprawl is a real challenge faced by internal teams.
However, the rising trend of security platforms isn’t necessarily a silver bullet – having solid data foundations in place is best.
This is according to Allie Mellen, principal analyst at Forrester, who delivered the opening keynote address on day one of ITWeb Security Summit 2026 in Johannesburg this week.
Mellen explained security teams typically face three internal challenges: the lack of a clear approach for prioritising security vulnerabilities and exposures; a complex IT environment, often architected outside the cyber security team’s control; and limited visibility across the organisation, which requires consistent data across various tools, even those from different vendors.
The challenges are compounded by security tool sprawl. Mellen added that, according to industry trackers, there are approximately 4 000 security vendors offering different solutions, and this figure doesn’t include those in the governance, risk and compliance space.
“There are around 10 to 12 buckets of security technologies, or at least domains, that these technologies fall into,” she said.
Bringing it all together
One solution, of sorts, to tool sprawl comes in the shape of security platforms, which is a growing trend among security vendors. According to Forrester, these platforms combine multiple security controls from a single vendor in one unified user interface with a single underlying data model for all relevant data from each control.
“Security platforms are ultimately about enabling outcomes like ease of deployment, ease of use and ease of integration – all with the goal of enabling productivity for users. In practice, it means that one vendor has a series of different products that they’ve integrated together, sometimes well and sometimes not so well.”
The value to clients is that it’s supposed to make it easier to use the various tools together. However, Mellen warns that sometimes vendors simply take a series of products gained from corporate acquisitions and “shove them all together in a single font or in a single colour scheme or in a single UX, but really it's just a bunch of different tabs that open in a bunch of different places with different naming conventions with different login screens”.
One major reason vendors are pushing into platforms is cross-selling. “In some cases, we see vendors are very aggressively going after one market and using the other parts of their platform as leverage.”
She added: “You also see that in many cases, the modules become little ways to nickel and dime the user. If you want extended telemetry, then you are going to have to pay more; if you want access to deeper telemetry, you are going to have to pay more, as examples.”
Mellen cautioned that in terms of user benefit, there is a misconception that fewer vendors mean fewer tools. “Just because you subtract vendors, if anything it could mean you are using more tools at the end of the day, they’re just in one platform now.”
The platform model does have the potential to offer clients benefits, such as bundled discounts, improved tool integration through a marketplace, faster deployment times, and reduced maintenance and management.
The approach also provides the client with a single user experience, a single underlying data model and reduced training costs.
In an annual survey, Forrester asked respondents what their top considerations were for purchasing a security platform.
Among the top considerations were automation, ease of tool integration and ease of use. “Where the rubber hits the road is automation and the integration between tools,” said Mellen.
Key to this, she noted, is having a single underlying data model.
She said that questions may be raised about the need for a platform with the rise of AI agents, which could make decisions and collaborate. While Mellen said she didn’t believe agents weren’t a viable alternative to platforms, even these required a shift to a single data model.
“We don't have agents that do that (collaborate) effectively just yet, in terms of the pain points analysts are dealing with right now. We don't know how long it's going to be before these AI agents are going to be able to do this reliably, especially across a bunch of different tools.
“Even if we're operating in a world of AI agents, the data is the most important thing that the AI agents are going to be operating with, and it’s what's going to enable them most effectively.”
Share
