Jon Oltsik’s Post

Albert Caballero exactly the topic of our webinar.

Jon Oltsik I would expect Palo to say something like that considering the behemoth that XSIAM is & what they are hoping to accomplish with it. Having been on the ground, I think they are going to loose on this model over time IMO. I see very little difference from what traditional SIEM vendors were doing back then, to what current vendors are trying to do now; "AI" and at least the "appearance" of a more holistic view. I can't say anything with certainty because my hands-on experience with Palo's product has been limited, but I know this is the model that they, Microsoft, Cisco-Splunk, and others are betting on. More recently I've worked in some places that like this idea and would rather rely on the vendor applying the "one throat to choke" model. The problem there is total costs aren't well published and its been that way for a very long time, so unless you're working for one of those vendors, a client isn't going to be able to make an educated guess on if the juice is worth the squeeze until they're committed and by then too late to fix. A recent conversation w/a few CISCOs in my circle shows they still want best of breed working together, especially if it means avoiding the vendor lock in the big boys are always pushing.

I'm seeing demand for tool consolidation, but that's nothing new. In my discussions with progressive and large F500, they are looking for a mix of platform and best of breed; we continue to see a healthy balance.

Research from our partner ETR (Enterprise Technology Research) shows that organizations struggle to reduce the number of vendors in their security stack. While Palo showed several examples where consolidation was happening, and made a compelling economic case for platforms, nearly all the practitioners I spoke with at Ignite expressed the same sentiment - ie we're expanding or keeping the same number of vendors. When asked why it's because new vulnerabilities were not being adequately addressed by existing firms which forced them to explore new options - perpetuating the sprawl. ETR will be updating this data prior to RSA and I'll be interested to see if there's any meaningful change. Furthermore- Palo execs seemed happy about the Wiz acquisition- essentially implying Google overpaid (they're probably not wrong) and that competition w Wiz under Google will be less intense than wiz as a standalone company. We'll see. We all know Wiz was competing very effectively with Palo's Prisma Cloud - forcing layoffs in the sales team and multiple rewrites of its stack. What do you all see in regards to: 1/ stack consolidation and 2/ Expectation for competition from Wiz under Goog?

It really depends on leadership, budgets and the industry sector. In some cases the CTOs at big organizations that are driving platform consolidation may force you into a suite, but if you are in a highly specialized or very high target industry they may go best of breed. I have seen all flavors over the years.

Feel like 2004 is calling, and they want their “suites” back.

CISOs have a target on their backs, and without ever having been one, I do get consistent feedback that they want best of breed. CFOs/CIOs/CTOs have budget and one-vendor-to-buy/blame incentives. 🤷♂️

This is Palo's message consistently, I can tell you for certain CISOs aren't falling for it.

This is a cyclical trend we've seen for a generation now. A start-up cycle leads to new tools and products being introduced. Many of those who gain significant momentum are acquired and integrated into a platform (or suite), leading to a consolidation and the 'death of best of breed'. As those 'suites' become market leaders they focus on their core capabilities, where they are able to grow revenues and create a moat. Then the evolution of threats, or gaps in coverage, are identified, leading to a new generation of startups to address that evolution. Voila, a new 'best of breed' cycle evolves from the ashes. I don't believe any of these security models die; whether a platform approach, best of breed, or, the oldie but a goodie, defense in depth. The cycle just shifts dominance from one to another. I don't see it changing anytime soon.