{"id":2177,"date":"2025-03-04T09:00:00","date_gmt":"2025-03-04T09:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=2177"},"modified":"2025-03-04T09:00:00","modified_gmt":"2025-03-04T09:00:00","slug":"7-key-trends-defining-the-cybersecurity-market-today","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=2177","title":{"rendered":"7 key trends defining the cybersecurity market today"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Enterprise security budgets are expected to increase 15% in 2025, from an estimated $184 billion in 2024 to $212 billion, according to Gartner. That\u2019s good news for CISOs because it provides additional resources in the ongoing battle against cyberattacks.<\/p>\n

\u201cThe continued heightened threat environment, cloud movement, and talent crunch are pushing security to the top of the priorities list and pressing CISOs to increase their organization\u2019s security\u00a0spend,\u201d says Shailendra Upadhyay, senior research principal at Gartner.<\/p>\n

At the same time, CISOs have to make the tough calls as to how and where to deploy those security dollars in order to get the most bang for the buck<\/a>.<\/p>\n

There are an estimated 3,000 cybersecurity companies offering products and services. Hot, new startups are raising huge amounts of funding. Entirely new product categories pop up all the time, designed to plug that one security hole your current platform doesn\u2019t cover.<\/p>\n

It\u2019s impossible for CISOs to keep track of all the comings and goings in the cybersecurity market, but here are some of the key trends to be aware of.<\/p>\n

Increased M&A activity in support of platforms<\/h2>\n

\u201cWe will definitely see more M&A activity across the cybersecurity space, and it will come in a few different scenarios,\u201d says Forrester analyst Jeff Pollard. \u201cFirst, large companies continue to acquire smaller vendors to accelerate innovation efforts. The primary driver for this will be toward platformization initiatives.\u201d<\/p>\n

He adds, \u201cSecond, expect traditional IT vendors to make security vendor acquisitions as they shift away from legacy IT products and services and begin to pursue the cybersecurity market based on its growth rates.\u201d<\/p>\n

The prime example of Pollard\u2019s second point was Cisco\u2019s $28 billion acquisition<\/a> of AI-driven SIEM leader<\/a> Splunk. The deal sends two messages to the market: Selling routers and switches is not a growth market anymore, but cybersecurity is. And AI is more than just a buzzword; it\u2019s going to be a key differentiator for cybersecurity firms going forward. Whoever can leverage AI to convert raw data into actionable intelligence will win.<\/p>\n

Shortly after the Cisco\/Splunk deal, market leader Palo Alto Networks shelled out $500M for IBM\u2019s QRadar SIEM tool<\/a>, with plans to convert QRadar customers over to Palo Alto\u2019s Cortex XSIAM (extended security intelligence and automation management) platform.<\/p>\n

Other cybersecurity vendors were busy as well in 2024. Cloudflare announced its acquisition of cloud security startup Kivera to bolster its SASE platform. CrowdStrike bought SaaS security startup Adaptive Shield. Rapid7 acquired Noetic Cyber, a startup focused on cyber asset attack surface management (CAASM).<\/p>\n

Fortinet scooped up Next DPL to enhance its SASE offering. Kaseya bought SaaS Alerts; Proofpoint bought data security posture management (DSPM)<\/a> startup Normalyze, Netskope acquired DSPM vendor Dasera, and Zscaler added\u00a0Avalor Technologies and Airgap Networks to its portfolio.<\/p>\n

Market leaders are gaining share<\/h2>\n

The cybersecurity market has a dizzying number of single-product vendors, but a handful of powerful platform providers<\/a> have risen above the pack and are gaining market share.<\/p>\n

According to research firm Canalys<\/a>, the top 12 vendors benefited the most from customers taking early steps to transition to platforms. Collectively, they accounted for 53.2% of total spending in the second quarter of 2024, up from 51.9% last year.<\/p>\n

The market leader is Palo Alto Networks (9.5%), followed by Fortinet (6.9%), Cisco (6%), Microsoft (5.7%), CrowdStrike (3.7%), Check Point (3.4%), and Okta (3.3%), according to Canalys.<\/p>\n

Canalys Chief Analyst Matthew Ball is predicting continued growth and consolidation in the market. \u201cThreat levels remain heightened. Customers cannot keep putting off investment in enhancing their cyber resilience,\u2019\u2019 he says.<\/p>\n

IDC\u2019s latest tracker for security appliances (firewalls, IDS\/IPS, VPNs) has a similar pecking order, with Palo Alto Networks at No. 1, followed by Fortinet, Cisco, and Check Point.<\/p>\n

The cybersecurity VC pipeline remains strong<\/h2>\n

Venture capital investment in cybersecurity jumped 43% in 2024, according to Crunchbase<\/a>. Total funding for VC-backed cybersecurity startups hit nearly $11.6 billion, up from $8.1 billion in 2023.\u00a0<\/p>\n

The total number of deals declined, but the deals that were finalized were larger than in past years. For example, cloud security startup Wiz raised $1 billion, secure file transfer vendor Kiteworks raised $456 million, and managed security service provider I-Tracing raised more than $500 million.<\/p>\n

Other startups that raised big chunks of money include SandboxAQ, which looks to apply quantum technology to AI development; data security vendor Cyera; and Armis Security, which is developing an asset intelligence platform to analyze endpoint behavior.<\/p>\n

Crunchbase cautions, however, that VC funding for cybersecurity companies could be impacted by investors shifting their priorities to AI startups. But for now, the market remains strong.<\/p>\n

Platforms vs. point products: Why not both?<\/h2>\n

It would be great if there were a broad cybersecurity platform that addressed every possible vulnerability \u2014 but that\u2019s not the reality, at least not today.<\/p>\n

Forrester\u2019s Pollard says, \u201cCISOs will continue to pursue platformization approaches for the following interrelated reasons: One, ease of integration; two, automation; and three, productivity gains. However, point products will not go away. They will be used to augment control gaps platforms have yet to solve.\u201d<\/p>\n

A recent survey by Enterprise Technology Research indicated that 51% of respondents expect to increase the number of providers in their security stack over the next 12 months, while only 9% expect a decrease.<\/p>\n

Erik Bradley, chief strategist at ETR, explains that while vendors have been pursuing a platformization strategy, \u201cthis data shows that end users are still buying best of breed and building layered defenses through increasing the number of vendors when necessary.\u201d<\/p>\n

The takeaway is that CISOs are taking a two-pronged approach, adopting vendor platforms in a well-intentioned effort to combat tool sprawl<\/a>. But when organizations identify an immediate threat, they are more likely to deploy a best-of-breed point product that they can deploy quickly, rather than wait for their platform provider to deliver similar functionality sometime in the future, probably through an acquisition, followed by an integration process that may or may not be seamless.<\/strong><\/p>\n

Prospects for standalone SIEM are dim<\/strong><\/strong><\/h2>\n

Between Cisco\u2019s acquisition of SIEM leader Splunk, Palo Alto\u2019s move to acquire IBM\u2019s QRadar and shift those customers onto Palo Alto\u2019s platform, plus the merger of LogRhythm and Exabeam, analysts are saying the standalone SIEM market is in decline.<\/p>\n

In its place, vendors are packaging the SIEM core functionality of analyzing log files with more advanced capabilities such as extended detection and response (XDR)<\/a>.<\/p>\n

Forrester analyst Allie Mellen predicts further consolidation for the remaining standalone SIEM vendors, amid heightened competition from Microsoft, Google Cloud, CrowdStrike and SentinelOne.<\/p>\n

AI\/ML systems become new attack surfaces, requiring protection<\/h2>\n

AI is having huge impact on enterprise cybersecurity, both positive (automated threat detection and response<\/a>) and negative (more sinister attacks<\/a>). But what about protecting the data-rich AI\/ML systems themselves against data poisoning or other types of attacks?<\/p>\n

AI security posture management (AI-SPM)<\/a> has emerged as a new category of tools designed to provide protection, visibility, management, and governance of AI systems through the entire lifecycle.<\/p>\n

Vendors include established players \u2014 Palo Alto, Microsoft, CrowdStrike \u2014 as well as a crop of startups that include Protect AI and Witness AI.<\/p>\n

\u201cPosture management\u201d product categories have been emergin and evolving of late, with cloud security posture management (CSPM)<\/a> being another key product set on the rise. The two toolsets, AI-SPM and CSPM, are complementary but address different use cases. CSPM centers on assessing and mitigating risks in public cloud environments, detect misconfigurations that create vulnerabilities, and enforcing compliance with regulatory policies.<\/p>\n

The rise of single-vendor SASE<\/h2>\n

Secure access service edge (SASE)<\/a>, defined by Gartner as a service offering that includes SD-WAN plus zero-trust network access (ZTNA)<\/a>, secure web gateway (SWG), cloud access security broker (CASB)<\/a>, and network firewalling, requires vendors to combine multiple products into a single suite.<\/p>\n

Because early single-vendor products\u00a0were immature and lacked integration, multi-vendor SASE has been the most popular choice. But the tables are turning.<\/p>\n

\u201cSince we started tracking the\u00a0SASE\u00a0market in 2019, multi-vendor solutions have represented most of the market compared to single-vendor. However, we anticipate that single-vendor SASE will become the majority of the market,\u201d says Dell\u2019Oro Group analyst Mauricio Sanchez.<\/p>\n

\u201cAs single-vendor SASE solution maturity increases, so is the comfort in purchasing it all from a single vendor. The pressure to go after best of breed from multiple vendors is slowly diminishing,\u201d Sanchez says. Single-vendor SASE solutions are expected to represent more than 85% of the market by 2028, driven by enterprise preference for integrated, one-stop solutions that simplify deployment and management, says Dell\u2019Oro Group.<\/p>\n

The market is consolidating around six vendors who have a combined 72% share. Those six vendors are Zscaler, Cisco, Palo Alto Networks, Broadcom, Fortinet, and Netskope, according to Dell\u2019Oro.<\/p>\n

See also:<\/strong><\/p>\n

6 hot cybersecurity trends \u2014 and 2 going cold<\/a><\/p>\n

CISOs\u2019 top 12 cybersecurity priorities for 2025<\/a><\/p>\n

7 top cybersecurity projects for 2025<\/a><\/p>\n

10 most powerful cybersecurity companies today<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Enterprise security budgets are expected to increase 15% in 2025, from an estimated $184 billion in 2024 to $212 billion, according to Gartner. That\u2019s good news for CISOs because it provides additional resources in the ongoing battle against cyberattacks. \u201cThe continued heightened threat environment, cloud movement, and talent crunch are pushing security to the top […]<\/p>\n","protected":false},"author":0,"featured_media":2178,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2177","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2177"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2177"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2177\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/2178"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2177"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2177"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2177"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}