When I started working in cybersecurity 20 years ago, there were a few rock-solid security technology principles treated as gospel.\u00a0 One of those was the insistence on best-of-breed security technologies.\u00a0 Those of you working in security in the early 2000s may remember installing independent firewall and antivirus software on every endpoint.\u00a0Best-of-breed technologies were then combined as part of another time-honored principle\u2014defense-in-depth.\u00a0 In theory, best-of-breed technologies would complement one another for incremental security protection.During the intervening years, the best-of-breed mentality was imbued within cybersecurity culture, while individuals and groups closely protected their preferred technologies.\u00a0 Your organization was a McAfee or Symantec shop and used Check Point, Cisco, or Fortinet firewalls.\u00a0 Security \u201cserver huggers\u201d saw any suggestion of change as blasphemy.\u00a0While best-of-breed security may have had some security benefits back in the day, the operational overhead was costly.\u00a0 Each technology needed its own training, configuration administration, and support, and they really didn\u2019t work together well.\u00a0This was tolerable in the early 2000s, but as organizations added new security technologies and IT infrastructure distributed and scaled, best-of-breed operations overhead became a real problem.Signs of changeIt now appears that best-of-breed is loosening its grip on the hearts and minds of security professionals.\u00a0 New research from ESG and the Information Systems Security Association (ISSA) indicates that organizations are moving toward product integration and multi-product security \u201cplatforms\u201d and away from best-of-breed strategies.\u00a0 For example:While 24% of security professionals say that their organizations still tend to purchase best-of-breed products, 38% say their organization now tends to buy integrated security platforms rather than best-of-breed products, while another 15% say that their organization is switching from best-of-breed products to integrated security suites.86% of security professionals say it is either critical or important that best-of-breed products are built for integration with other products.After cost (46%), product integration capabilities is the most important security product consideration for 37% of the security professionals we surveyed.As organizations move from best-of-breed to product integration and multi-product suites, they will naturally consolidate the number of vendors they do business with.\u00a0 According to our research, 21% of organizations are already consolidating security vendors, while another 25% are considering vendor consolidation. The old assumption was that organizations would have to compromise on product efficacy in exchange for integration, but it\u2019s clear that CISOs and procurement managers will increasingly demand both.\u00a0 As one CISO told me, \u201cIntegration and interoperability are the new best-of-breed.\u201d4 changes to watch forWhat does this change mean for the security technology industry?\u00a0 As best-of-breed point tools give way to integrated suites, I expect:Security technology platformization. This year\u2019s RSA conference was highlighted with industry ga-ga around cloud native application protection platforms (CNAPP); security observability, prioritization, and validation (SOPV) platforms; eXtended detection and response (XDR) platforms, and zero trust.\u00a0 Confusing?\u00a0 Get ready as this is just the beginning.\u00a0 We\u2019ll see even more security platforms in the future \u2013 even more hybrid IT infrastructure\/security platforms like secure access service edge (SASE).A push for open standards. No one vendor can offer every necessary security technology.\u00a0 And even if they did, security technology server huggers will resist giving up their chosen best-of-breed binkies at all costs.\u00a0 I\u2019m hopeful for a \u2018cake and eat it too\u2019 compromise as large organizations demand more industry cooperation and open standards.\u00a0 What kind of standards?\u00a0 Log formats, APIs, transport protocols, scripting languages, etc.\u00a0 Leading security vendors have ignored standards efforts in the past but may be changing their tune.\u00a0 Open standards would make it easier for them to integrate acquired technologies or grab the lion\u2019s share of security budgets without alienating the server hugger population.Startups will balance functionality with integration. Yes, there will still be a need for best-of-breed point tools here and there, but their lifespan will be abbreviated, and opportunities will be limited.\u00a0 Unless startups have strategic plans to develop security platforms, they will need to build their tools with integration and interoperability in mind.\u00a0 This may encourage VCs to jump on the open standards bandwagon.The value of individual product evaluations and tests will marginalize. As the old saying goes, \u2018the cybersecurity chain is only as strong as its weakest link.\u2019\u00a0 As organizations embrace platforms and integrated solutions, they will need to evaluate the whole enchilada, not the individual ingredients.\u00a0 This is good news for breach and attack simulation technology that can emulate a cyber-adversary\u2019s tactics, techniques, and procedures to validate security platform efficacy.\u00a0 It may be bad news, however, for my fellow analysts who make boatloads of money selling product-focused waves and magic quadrants.\u00a0\u00a0As always, I\u2019ll be watching carefully as things develop.\u00a0 What\u2019s your opinion?\u00a0 Let me know!