According to ESG research, 36% of organizations are actively integrating disparate security analytics and operations tools in pursuit of a more cohesive security technology architecture (note: I am an ESG employee).\u00a0 Another 48% of organizations say they are somewhat active with security analytics and operations tool integration.This data describes security operations and analytics platform architecture (SOAPA), something I\u2019ve been writing about and consulting on for the past 3 years.\u00a0 Today\u2019s potpourri of point tools can\u2019t keep up with security requirements, data volumes, or process automation, so CISOs are building or buying tightly integrated SOAPA solutions to meet these needs.I believe that 2020 will be a big year for SOAPA as more organizations retool their security operations centers (SOCs).\u00a0 Here are a few SOAPA developments I\u2019ll be tracking:1. One-stop SOAPA shops. Security analytics and operations technology vendors will continue buying sprees to supplement their existing product portfolios.\u00a0 This isn\u2019t new: In 2019: Micro Focus purchased Interset, Palo Alto Networks grabbed Demisto, and Sumo Logic acquired JASK.\u00a0 I expect further M&A activity next year, in areas like process automation and advanced analytics, but we\u2019ll see one or several threat intelligence platform vendors like Anomali, ThreatConnect, or ThreatQuotient be snapped up by a major SIEM\u00a0 Likewise, network traffic analysis vendors like Awake Security, Corelight, or Vectra Networks could be added to SIEM.\u00a0 This one-stop shop approach may work; ESG research indicates that 63% of enterprise organizations would be willing to buy most of their cybersecurity technologies from a single vendor.2. Fusion Centers. Many firms use different teams and tools for various security functions, but this leads to obvious communications and collaboration problems.\u00a0 On a recent trip to New York, I met with several large banks building fusion centers to amalgamate functions like threat intelligence analysis, security operations, and incident response.\u00a0 In my experience, NY banks tend to be a leading indicator of emerging trends, so I expect fusion center development to gain traction in 2020.\u00a0 Since fusion center knowledge is somewhat limited today, I assume that there will be lots of demand for services expertise from the likes of Accenture, Optiv, and PWC who can help design, plan, build, and even staff new facilities.\u00a03. On to the cloud. In the past, CISOs were reluctant to move security technologies to the cloud for fear of losing control of their data and infrastructure.\u00a0 This is no longer the case: ESG research indicates that 38% of organizations are already running security analytics and operations technologies in the public cloud while another 44% would consider deploying security analytics and operations technologies in the public cloud as part of a hybrid SOAPA.\u00a0 As organizations adopt cloud-based security technologies, it\u2019s logical that Amazon, Google, and Microsoft will assume a much bigger role as SOAPA providers.\u00a0 Other security technology vendors must plan for this inevitability through technology integration and big 3 partnerships.4. Threat management meets vulnerability management. Threat management has always dominated security spending while vulnerability management was limited to software and application scanning.\u00a0 Okay, but CISOs (and business executives) want a better understanding of overall cyber risk so they can prioritize actions and make data-driven decisions.\u00a0 In 2020 and beyond, we\u2019ll see more innovation and money flowing toward the vulnerability side.\u00a0 I envision cyber risk management dashboards that know details about assets and can correlate this information to known exploits, chatter, and TTPs from threat actors.\u00a0 These systems can then point cybersecurity teams to high-priority remediation needs.\u00a0 In some cases, remediation actions can be fully automated for rapid response.\u00a0 Think CIS top 20 meets machine learning and process automation.\u00a0 This is already happening to some extent in the software vulnerability space from vendors like Kenna Security and Tenable Networks, but I foresee broader coverage and functionality ahead.5. New SOAPA technology categories. Aside from cyber risk management, I\u2019m bullish on the continuous automated penetration and attack testing (CAPAT) market.\u00a0 These tools fire off simulated attacks constantly to test analytics capabilities, controls, and IR processes.\u00a0 The results of these tests will drive correlation rules and machine learning algorithmic adjustments along with security controls fine tuning.\u00a0 Part of this lifecycle process will also bring deception technology into the mix from vendors like Guardicore, Fidelis, Illusive Networks, and TrapX.\u00a0 As simulated red team testing identifies common adversary targets, honeypots can be updated, in a \u201cdynamic deception\u201d cycle.\u00a0 Much of the activity described here will be partially or fully automated, leading to continuous security operations improvement.\u00a0Of course, dynamic changes like these will lead to industry hyperbole and customer confusion.\u00a0 This will create a big opportunity for services vendors who can hold customers' hands through a state of rapid transition.\u00a0 I\u2019ll also try to help with blogs, guidance, and videos.\u00a0 Look for lots of SOAPA activities like those described above at RSA 2020.