The Security Platform Is Dead. Long Live the Security Platform.

According to a 2024 Gartner® survey of 162 large enterprises, organizations use an average of 45 cybersecurity tools.¹ Therefore, it should come as no surprise that more than half of executives (52%) say complexity is the biggest impediment to cybersecurity operations.²

Clearly, mid-market organizations have fewer tools but with their relatively smaller IT and security teams, they suffer similar, if not greater, complexity challenges.  

The Rise of the Security Platform  

The response to this complexity from the cybersecurity industry is the development of security platforms. They consolidate multiple point products to reduce the complexity created by tool sprawl, which hinders security operations.  

In theory, the platform approach provides tight integration across security tools, resulting in greater visibility into your attack surface and improved alert correlation. This enables high-fidelity detection and rapid response. The 2025 IBM Institute for Business Value Report suggests: “Organizations with the greatest security platform maturity are faster to identify and contain security incidents.”²

Security Supplier Consolidation Might Not Result in a Platform 

A recent 2025 Gartner survey found “62% of companies are pursuing vendor consolidation (and 36% plan to do so in 0-3 years).”³ This does not necessarily mean moving to a platform, but supplier consolidation can provide benefits unrelated to those described above. These include lower TCO (total cost of ownership) and simplified procurement.  

Many security product vendors attempt to capitalize on this trend by acquiring competitors or companies with products in seemingly adjacent categories. Sometimes this is a commercial move to appease the stock market. In other cases, there are genuine synergies and opportunities to create better outcomes for customers. Regardless, bundling additional products presents upsell opportunities for the vendor as they capitalize on their customers’ supplier consolidation strategies. 

The Platform Panacea Might Create False Hope

Security vendor growth through acquisition is not new. Many are successful. These acquisitions are often of smaller organizations with obvious technology synergies, for which integration onto a platform is possible. However, the industry is littered with failures due to the complexities of integrating not just technologies but also related businesses and cultures. 

The result is that many vendors have become a marketplace for multiple products. Sometimes they attempt to integrate acquisitions into in-house-developed technology, but the result is just a combined UI that gives the appearance of integration. Clearly, this fails to deliver the outcomes their customers expect.  

The Enterprise Mega Platform Is Yet to be Proven 

Palo Alto Networks has been a successful proponent of the security platform for many years. In July, the company announced its intention to acquire identity security vendor CyberArk. This sparked a frenzy of commentary from cybersecurity industry experts, analysts, and enthusiasts.  

Most agreed that, in a de-perimeterized world, identity is hugely important. Some suggested this validated Palo Alto’s platformization strategy. Others were more skeptical, questioning whether the integration of identity into a mega-platform was possible. Forbes reported that some critics characterized Palo Alto’s platform as a "Frankenstein mashup of acquired technologies that prove difficult to deploy and operate.”⁴ 

The Need for Agility Could Impede the Platform Approach 

Cybersecurity Ventures predicts cybercrime will cost the world $10.5 trillion in 2025.⁵ With this level of opportunity, cybercrime groups will continue to innovate rapidly to beat existing defenses. History suggests our best response in this game of whack-a-mole often comes from agile start-ups and mid-sized, dedicated cybersecurity vendors focused on R&D.  

The cybersecurity industry remains a hotbed of innovation, spawning startups. The market opportunity for them is clear – according to Crunchbase, investment in cybersecurity and privacy-focused startups in the first six months of 2025 was $9.4 billion.⁶ And IT-Harvest's industry dashboard tracks 4000+ security vendors and 10,000+ products. 

To protect against innovative attacks, enterprises will continue to deploy equally innovative point solutions from agile start-ups and scale-ups. 

Organizational Structure Hinders Platform Uptake 

Depending on the size of your organization, security decisions, responsibility, accountability, and budgets will likely be devolved across the business. For example, endpoint security policy might be with the CISO, but the budget and day-to-day management with a desktop operations team.  

With disparate teams protecting their own interests, a security platform might never be considered. When they are in consideration, the vendor must cope with a vast buying committee and an extensive sales cycle, and they might find that obtaining a decision is impossible.  

The Platform Reborn for Mid-market Organizations   

Enterprises with large budgets and an army of security and risk management professionals can deploy both platforms and point products as needed. They are the winners in the race for the best defenses against cybercrime.  

Where does this leave mid-market organizations with lean IT and security teams?  

This is where the platform approach can reap maximum benefit by simplifying security operations. Some vendors have recognized this perfect fit and, armed with a deep knowledge of their target customers’ requirements, have optimized their platform to meet these specific needs.  

Less Functionality Bloat, Lower Complexity, Reduced Attack Surface, Lower TCO 

Many resource-constrained, mid-market organizations are forced to focus on only the highest-priority security measures, and some platform vendors are optimizing their solutions accordingly. They focus on integrating only the most critical functionality from enterprise-class platforms and point solutions.  

Removing unneeded functionality reduces complexity and the attack surface. It also reduces TCO, including the cost of acquisition, deployment, and ongoing management.    

Security Across the Attack Lifecycle  

Many XDR platform vendors work on the assumption that a breach is inevitable, and you must mobilize your SecOps team to respond. This is great if you have a SecOps team, but not if you rely on one or two security generalists or an IT person with a working knowledge of security.  

To reduce the burden of response on a lean IT and security team, security platforms should not only simplify the process but also prioritize preventing an attack from gaining a foothold. Some platforms secure across the complete attack lifecycle, with prevention, protection, detection and response capabilities.  

Prevention Capabilities: These enable visibility of the attack surface and an understanding of critical vulnerabilities and their impact. This supports efforts to prioritize risk remediation to prevent attacks. According to Gartner®, “Reducing the mean time to detect (MTTD), contain (MTTC) and respond (MTTR) is a tangible and promotable benefit of better knowing your attack surface.”⁷ 

Protection Capabilities: These block attacks pre-execution. Many platform vendors that were founded on endpoint protection recognize its importance and focus heavily in this area.  

Detection and Response Capabilities: These can be simplified with native agents, connectors, and API support for endpoints, identities, cloud, networks, and email. These enable rapid alert triage, correlation and reporting in a human-readable format, and can be the difference between an incident being contained and a breach.

The Future of the Security Platform  

It seems unlikely that the evolution of the cybersecurity threat landscape will slow in the near term. It is also unlikely that every mid-market organization will soon receive a security budget and human resources to rival those of its enterprise peers. Therefore, the challenges described above will continue.  

Industry analysts and investors will undoubtedly be watching closely to determine whether the enterprise-focused mega platform becomes a reality. And surely acquisitions will continue, promising more of the same.  

For IT Directors and CIOs of mid-market organizations, the right security platform presents significant opportunities, as highlighted above. In addition, as platform vendors recognize their market opportunity to sell security platforms optimized for you, healthy competition will be created. This will drive the innovation required to benefit everyone.     

If you would like to find out more about how to select the right security platform to meet your needs check out the Buyers Guide: Security Platforms for Mid-market Businesses. 

[1] Gartner Press Release, Gartner Identifies the Top Cybersecurity Trends for 2025, March 2025.
[2] IBM Institute for Business Value: Capturing the cybersecurity dividend
[3] Gartner, From Overload to Optimization: Gartner's Approach to Rationalizing Cybersecurity Tools, June 2025
[4] Breaking Down Palo Alto Networks’ $25B CyberArk Acquisition, by Steve McDowell, Aug 02, 2025
[5] Cybercrime Magazine report
[6] Crunchbase press release: Cybersecurity Funding Surged Higher In Q2
[7] Gartner Research, How to Grow Vulnerability Management Into Exposure Management, By Mitchell Schneider etc, 8 November 2024.

Gartner is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.