There is also another issue with cybersecurity vendors that this article doesn't touch on, and that's in the area of cloud security where many of them started targeting a specific use case or set of use cases, and have slowly expanded to overlap with other vendors who were not previously competitors. It's not good enough for a tool to just be used for Cloud Security Posture Management (CSPM) - it also has to do CI/CD security stuff and workload protection. And it happens from the other direction, too - previous image scanning and DevOps-y tools are now adding detection and alerting capabilities for your cloud provider's control plane.
There is going to be a lot of tool consolidation at most organizations coming in the next few years.
> There is going to be a lot of tool consolidation at most organizations coming in the next few years.
Already happening where I work - multiple security tools being phased out because of tools that do everything now.
For enterprises, it's hard to have a ton of different tools.
I worked at a very large software company, and our security tech stack was so big and convoluted, that just maintaining a compliant CI/CD pipeline was a 5 person job, because there are ~20 different tools to integrate and debug, and each of those changes every year or two, so you're constantly re-learning, re-integrating, debugging,etc.
Having a single (or just a couple) vendor(s) sounds like a dream!
There is going to be a lot of tool consolidation at most organizations coming in the next few years.