Enterprise security budgets are expected to increase 15% in 2025, from an estimated $184 billion in 2024 to $212 billion, according to Gartner. That’s good news for CISOs because it provides additional resources in the ongoing battle against cyberattacks.
“The continued heightened threat environment, cloud movement, and talent crunch are pushing security to the top of the priorities list and pressing CISOs to increase their organization’s security spend,” says Shailendra Upadhyay, senior research principal at Gartner.
At the same time, CISOs have to make the tough calls as to how and where to deploy those security dollars in order to get the most bang for the buck.
There are an estimated 3,000 cybersecurity companies offering products and services. Hot, new startups are raising huge amounts of funding. Entirely new product categories pop up all the time, designed to plug that one security hole your current platform doesn’t cover.
It’s impossible for CISOs to keep track of all the comings and goings in the cybersecurity market, but here are some of the key trends to be aware of.
Increased M&A activity in support of platforms
“We will definitely see more M&A activity across the cybersecurity space, and it will come in a few different scenarios,” says Forrester analyst Jeff Pollard. “First, large companies continue to acquire smaller vendors to accelerate innovation efforts. The primary driver for this will be toward platformization initiatives.”
He adds, “Second, expect traditional IT vendors to make security vendor acquisitions as they shift away from legacy IT products and services and begin to pursue the cybersecurity market based on its growth rates.”
The prime example of Pollard’s second point was Cisco’s $28 billion acquisition of AI-driven SIEM leader Splunk. The deal sends two messages to the market: Selling routers and switches is not a growth market anymore, but cybersecurity is. And AI is more than just a buzzword; it’s going to be a key differentiator for cybersecurity firms going forward. Whoever can leverage AI to convert raw data into actionable intelligence will win.
Shortly after the Cisco/Splunk deal, market leader Palo Alto Networks shelled out $500M for IBM’s QRadar SIEM tool, with plans to convert QRadar customers over to Palo Alto’s Cortex XSIAM (extended security intelligence and automation management) platform.
Other cybersecurity vendors were busy as well in 2024. Cloudflare announced its acquisition of cloud security startup Kivera to bolster its SASE platform. CrowdStrike bought SaaS security startup Adaptive Shield. Rapid7 acquired Noetic Cyber, a startup focused on cyber asset attack surface management (CAASM).
Fortinet scooped up Next DPL to enhance its SASE offering. Kaseya bought SaaS Alerts; Proofpoint bought data security posture management (DSPM) startup Normalyze, Netskope acquired DSPM vendor Dasera, and Zscaler added Avalor Technologies and Airgap Networks to its portfolio.
Market leaders are gaining share
The cybersecurity market has a dizzying number of single-product vendors, but a handful of powerful platform providers have risen above the pack and are gaining market share.
According to research firm Canalys, the top 12 vendors benefited the most from customers taking early steps to transition to platforms. Collectively, they accounted for 53.2% of total spending in the second quarter of 2024, up from 51.9% last year.
The market leader is Palo Alto Networks (9.5%), followed by Fortinet (6.9%), Cisco (6%), Microsoft (5.7%), CrowdStrike (3.7%), Check Point (3.4%), and Okta (3.3%), according to Canalys.
Canalys Chief Analyst Matthew Ball is predicting continued growth and consolidation in the market. “Threat levels remain heightened. Customers cannot keep putting off investment in enhancing their cyber resilience,’’ he says.
IDC’s latest tracker for security appliances (firewalls, IDS/IPS, VPNs) has a similar pecking order, with Palo Alto Networks at No. 1, followed by Fortinet, Cisco, and Check Point.
The cybersecurity VC pipeline remains strong
Venture capital investment in cybersecurity jumped 43% in 2024, according to Crunchbase. Total funding for VC-backed cybersecurity startups hit nearly $11.6 billion, up from $8.1 billion in 2023.
The total number of deals declined, but the deals that were finalized were larger than in past years. For example, cloud security startup Wiz raised $1 billion, secure file transfer vendor Kiteworks raised $456 million, and managed security service provider I-Tracing raised more than $500 million.
Other startups that raised big chunks of money include SandboxAQ, which looks to apply quantum technology to AI development; data security vendor Cyera; and Armis Security, which is developing an asset intelligence platform to analyze endpoint behavior.
Crunchbase cautions, however, that VC funding for cybersecurity companies could be impacted by investors shifting their priorities to AI startups. But for now, the market remains strong.
Platforms vs. point products: Why not both?
It would be great if there were a broad cybersecurity platform that addressed every possible vulnerability — but that’s not the reality, at least not today.
Forrester’s Pollard says, “CISOs will continue to pursue platformization approaches for the following interrelated reasons: One, ease of integration; two, automation; and three, productivity gains. However, point products will not go away. They will be used to augment control gaps platforms have yet to solve.”
A recent survey by Enterprise Technology Research indicated that 51% of respondents expect to increase the number of providers in their security stack over the next 12 months, while only 9% expect a decrease.
Erik Bradley, chief strategist at ETR, explains that while vendors have been pursuing a platformization strategy, “this data shows that end users are still buying best of breed and building layered defenses through increasing the number of vendors when necessary.”
The takeaway is that CISOs are taking a two-pronged approach, adopting vendor platforms in a well-intentioned effort to combat tool sprawl. But when organizations identify an immediate threat, they are more likely to deploy a best-of-breed point product that they can deploy quickly, rather than wait for their platform provider to deliver similar functionality sometime in the future, probably through an acquisition, followed by an integration process that may or may not be seamless.
Prospects for standalone SIEM are dim
Between Cisco’s acquisition of SIEM leader Splunk, Palo Alto’s move to acquire IBM’s QRadar and shift those customers onto Palo Alto’s platform, plus the merger of LogRhythm and Exabeam, analysts are saying the standalone SIEM market is in decline.
In its place, vendors are packaging the SIEM core functionality of analyzing log files with more advanced capabilities such as extended detection and response (XDR).
Forrester analyst Allie Mellen predicts further consolidation for the remaining standalone SIEM vendors, amid heightened competition from Microsoft, Google Cloud, CrowdStrike and SentinelOne.
AI/ML systems become new attack surfaces, requiring protection
AI is having huge impact on enterprise cybersecurity, both positive (automated threat detection and response) and negative (more sinister attacks). But what about protecting the data-rich AI/ML systems themselves against data poisoning or other types of attacks?
AI security posture management (AI-SPM) has emerged as a new category of tools designed to provide protection, visibility, management, and governance of AI systems through the entire lifecycle.
Vendors include established players — Palo Alto, Microsoft, CrowdStrike — as well as a crop of startups that include Protect AI and Witness AI.
“Posture management” product categories have been emergin and evolving of late, with cloud security posture management (CSPM) being another key product set on the rise. The two toolsets, AI-SPM and CSPM, are complementary but address different use cases. CSPM centers on assessing and mitigating risks in public cloud environments, detect misconfigurations that create vulnerabilities, and enforcing compliance with regulatory policies.
The rise of single-vendor SASE
Secure access service edge (SASE), defined by Gartner as a service offering that includes SD-WAN plus zero-trust network access (ZTNA), secure web gateway (SWG), cloud access security broker (CASB), and network firewalling, requires vendors to combine multiple products into a single suite.
Because early single-vendor products were immature and lacked integration, multi-vendor SASE has been the most popular choice. But the tables are turning.
“Since we started tracking the SASE market in 2019, multi-vendor solutions have represented most of the market compared to single-vendor. However, we anticipate that single-vendor SASE will become the majority of the market,” says Dell’Oro Group analyst Mauricio Sanchez.
“As single-vendor SASE solution maturity increases, so is the comfort in purchasing it all from a single vendor. The pressure to go after best of breed from multiple vendors is slowly diminishing,” Sanchez says. Single-vendor SASE solutions are expected to represent more than 85% of the market by 2028, driven by enterprise preference for integrated, one-stop solutions that simplify deployment and management, says Dell’Oro Group.
The market is consolidating around six vendors who have a combined 72% share. Those six vendors are Zscaler, Cisco, Palo Alto Networks, Broadcom, Fortinet, and Netskope, according to Dell’Oro.
See also:
