Diversifying Infosec Vendors to Balance Needs and Limit Platform Risk

This VP of Cybersecurity for a global industrials enterprise shares insights into the company’s cybersecurity strategy, 2025 IT budget projections, and details a “dense” security stack that leverages upwards of 15 best-of-breed vendors across applications areas.

ETR Insights presents an interview with the Vice President of Cybersecurity for a global industrials enterprise who shares insights into the company’s cybersecurity strategy and 2025 IT budget projections, which are “a touch below” ETR’s estimate of 4.8% year-over-year growth. Our guest describes a “dense” security stack that leverages upwards of 15 best-of-breed vendors across applications areas, “with the possible exception of SIEM.” Given the proliferation of security breaches, along with July’s CrowdStrike outage, this enterprise prefers diversified vendor relationships to best balance security needs and limit platform risk. Read on to learn more about SIEM contenders, Rubrik in data security posture management, Snyk versus Synopys, and much more in this top-notch interview loaded with infosec vendor commentary.

Vendors Mentioned: Cisco (Duo, Splunk) / CrowdStrike (Falcon, Humio) / Dynatrace / Forcepoint / Fortinet / Lacework / LogRhythm (Exabeam) / Microsoft (Defender) / Palo Alto Networks (WildFire) / Rapid7 / Rubrik / SentinelOne / Snyk / Synopsys / Wiz

Vendor-Specific Commentary – Information Security

CrowdStrike outage. Our guest explains that Microsoft's architecture, shaped by antitrust measures, creates vulnerabilities that contributed to the CrowdStrike’s global outage incident in July. “They had to build access into their kernel, and that kind of requirement has unintended consequences of vendors like CrowdStrike screwing up and blowing the Microsoft kernel up.”

While the verdict is still out on the incident’s total impact to the vendor’s bottom line, our guest postulates that CrowdStrike's market share will ultimately remain flat or decrease only modestly, as companies weigh limited replacement options. “SentinelOne or Microsoft are really the only two alternatives. CrowdStrike, from a capability perspective, is still pretty far ahead.” Palo Alto Networks and Fortinet are also possible alternatives, though our guest was “surprised” by Fortinet’s relative positioning in our work, noting known vulnerabilities and issues with functionality. Broadly, our guest thinks that it is unlikely their company will move off of CrowdStrike, and that multi-year agreements will mitigate any short-term share loss.

SIEM. Our guest points out that SIEM plays better as a platform due to its depth and the rules that can be built around it, which is driving megavendors like Microsoft, Palo Alto, and Cisco to push consolidation into their ecosystems. While they would like to consolidate SIEM, the organization is hesitant to go too much further into Microsoft’s ecosystem, preferring pureplay best-of-breeds.

Initially, our guest was pleased with Exabeam for SIEM, but they expect to ultimately consolidate around CrowdStrike or Rapid7—most likely the latter, as CrowdStrike Humio’s scope is too narrow. “We really liked [Exabeam’s] interface and the capabilities. It piloted, it demoed well, but it hasn’t scaled, so we're disappointed in that.” A current user of Rapid7 for vulnerability management, they are intrigued by the possibility of bundling the vendor’s newer SIEM and asset management offerings.

ETR Data: According to data from ETR’s October 2024 Technology Spending Intentions Survey, Rapid7’s Net Score has improved notably within the Information Security sector after seeing high replacements in early 2024. Replacements are now at their lowest point since JUL21, though Pervasion continues to downslide.

The full interview also includes detailed commentary on Cloud Security and vendor-specific feedback on Rubrik, Palo Alto and Snyk.

Use the sidebar form to get the full summary.

Enterprise Technology Research (ETR) is a technology market research firm that leverages proprietary data from our targeted IT decision maker (ITDM) community to provide actionable insights about spending intentions and industry trends. Since 2010, we have worked diligently at achieving one goal: eliminating the need for opinions in enterprise research, which are often formed from incomplete, biased, and statistically insignificant data. Our community of ITDMs represents $1+ trillion in annual IT spend and is positioned to provide best-in-class customer/evaluator perspectives. ETR’s proprietary data and insights from this community empower institutional investors, technology companies, and ITDMs to navigate the complex enterprise technology landscape amid an expanding marketplace. Discover what ETR can do for you at www.etr.ai