Greater than 600 cybersecurity distributors crowded the RSAC 2026 Convention expo flooring on the Moscone Heart in San Francisco, together with their gross sales reps, occasion MCs, branded swag and multimedia shows. It amounted to an astounding industrial spectacle — but additionally, by some means, a mere fraction of the present cybersecurity market, which Forrester estimates contains round 4,000 distributors.
Anticipate that quantity to develop, Forrester Analyst Jeff Pollard warned safety leaders throughout a convention session down the road from the expo flooring.
“We’ve got an actual downside with vendor and tech sprawl in our environments,” he mentioned. “And this market is barely going to get even greater and tougher so that you can type via on a day-in, day-out foundation.”
Many safety groups spend numerous hours creating their very own DIY point-tool integrations and contending with a plethora of logins, consoles, dashboards and alerts.
Enter the only pane of glass, or SPOG. For years, varied cybersecurity distributors have claimed to unify a number of level instruments right into a user-friendly SPOG that makes life simpler for safety groups. However what sounds too good to be true typically is.
“You have all been burned earlier than, proper?” mentioned Forrester Analyst Jess Burns, who offered with Pollard. “It is comparatively straightforward to market a platform with a SPOG, but it surely’s exhausting to construct one.”
The excellent news is, she added, some distributors have, actually, cracked the code and now supply cybersecurity platforms that method the SPOG splendid. The problem for CISOs is differentiating between cybersecurity product packages — teams of standalone instruments cloaked in intelligent “platform” advertising — and true, built-in platforms that justify the dedication and funding. Based on Burns and Pollard, CISOs who’re vetting platform choices ought to search for expertise that may, at a minimal, do the next.
Mix a number of safety controls from a single vendor
Some distributors promote packages of standalone services that they erroneously market as “platforms,” the Forrester analysts cautioned. However having fewer distributors does not essentially imply having fewer instruments.
Based on Pollard, if a supplier talks concerning the want for “integration” throughout the implementation part, that may be a crimson flag — pointing to a collection of separate merchandise moderately than a pre-integrated platform.
“Elevate your eyebrows, since you is likely to be getting bought a invoice of products,” he added.
Present a single unified UI
A platform ought to supply a robust safety analyst expertise, Pollard mentioned. With an excellent UI, “your analysts are alt-tabbing much less, context-switching is lowered and the knowledge that they should successfully disposition points is offered to them [in one place].”
Present a single underlying information mannequin for all related information from every controller
In a single, extensible, cross-domain information mannequin, information from numerous sources — e.g., community units, endpoints and cloud providers — is robotically obtainable and helpful throughout the platform. Clients mustn’t want to control the info or construct out cross-domain performance.
“At a minimal, it ought to save us from having to control-T within the completely different browser interfaces,” Pollard mentioned, including that whereas a single underlying information mannequin is unusual, it’s an important a part of a real platform. “At a most, it needs to be built-in collectively such that the info understands the remainder of the info.”
Within the proof-of-concept part, Burns added, make the seller show they’ve a single extensible information mannequin, not simply stitched-together schemas.
“Ask them to indicate you ways they deal with not less than 5 completely different information sorts throughout the modules and instruments,” she mentioned.
Allow outcomes that end in productiveness good points for customers
Finally, Pollard mentioned, the purpose of a platform funding is to enhance the safety program’s effectiveness and effectivity, thereby benefiting the enterprise. With that finish in thoughts, think about the next:
Ease of deployment. A quicker and simpler deployment means the group realizes worth from its funding extra shortly.
Ease of use. Earlier than committing to a brand new platform, have analysts with various ranges of expertise — not simply senior energy customers — check drive it, suggested Burns.
“Can they really full duties quicker? A great analyst expertise means quicker, extra correct choices,” she mentioned. “It could possibly be the distinction between one compromised endpoint and a full-on information breach.”
Moreover, it ought to supply customers the flexibility to simply create new automated workflows, Pollard mentioned, based mostly on APIs the seller has already constructed beneath the hood.
“Finally, it will be lots higher for us as practitioners if we might spend our time constructing workflows and never plumbing,” he added, referring to under-the-hood engineering required to allow cross-platform workflows. “The plumbing stuff is actually essential, however if you happen to’re paying platform costs, Mario and Luigi higher have already taken care of that for you.”
Constructed-in integrations. Whereas standalone instruments require SOAR to speak and work cooperatively, platform instruments ought to interconnect natively. Crucially, the Forrester analysts mentioned, the platform mannequin shifts the combination burden to the supplier. It ought to allow a company to keep away from middleware prices, decrease consulting charges and cut back the upkeep and administration burden on the SecOps staff.
“That is one of many greatest takeaways of this analysis: Should you go along with a platform, you shouldn’t need to burn consulting hours or improvement time in your platform,” Pollard mentioned. “If the seller’s executed their job, all of that’s occurring beneath the hood. And if it isn’t, you are not getting a platform. You are getting messaging a couple of platform, which may be very, very completely different.”
Context. As a result of platforms have fewer integration gaps, they need to even have fewer blind spots and supply higher context for understanding the safety setting.
Improve performance and expertise with third-party integrations via marketplaces and extensions
A platform also needs to supply third-party integrations with deep, bidirectional telemetry, Burns mentioned.
That is one of many greatest takeaways of this analysis: Should you go along with a platform, you shouldn’t need to burn consulting hours or improvement time in your platform. Jeff Pollard Analyst, Forrester
“Ask them whether or not they prioritize integrations with their rivals,” she added. “As a result of if there’s only a bunch of ecosystem stuff from their very own platform, that is not a platform, that is only a walled backyard. They need to have the ability to meet you the place you might be.”
Additionally, you’ll want to analysis who wrote related modules, Pollard added. Buyer-written modules won’t all the time keep updated.
Current monetary benefits to the shopper
Lastly, a platform ought to bundle a number of safety controls into a greater, extra helpful and more cost effective bundle, the analysts mentioned. If a platform providing does not carry reductions or different monetary incentives, it is likely to be a advertising technique.
“Distributors have shareholders,” Pollard mentioned. “So, the ‘platform’ story will not be essentially a narrative designed to profit you. It is likely to be a narrative designed to profit them.”
The underside line: Proceed with wholesome skepticism, the Forrester analysts urged CISOs, and maintain distributors’ toes to the fireplace.
“Merely calling one thing a platform doesn’t make it so,” Burns mentioned. “So, if you happen to’re within the analysis part and what you are taking a look at lacks integrations, lacks a shared information mannequin, lacks clear effectivity and productiveness good points, then acknowledge it for what it’s. It is simply a chance to stamp your buzzword bingo card.”
Alissa Irei is senior web site editor of Informa TechTarget Safety.
![On-page content material codecs reply engines truly favor [new research]](https://blog.aimactgrow.com/wp-content/uploads/2026/06/best-on-page-content-formats-for-ai-1-20260525-6914910.webp-120x86.webp)
