top of page

Episode 53: Key vendors in cyber

  • Writer: Embedded IT
    Embedded IT
  • Aug 18
  • 3 min read

Updated: Dec 11


Understanding the major security vendors across categories


The cyber security landscape is crowded, and procurement teams often have to navigate a mix of long-established giants and fast-moving startups. This episode explores the vendors that dominate different parts of the market and how buyers can make sense of their options.


Some of the biggest names have been in the industry for decades. IBM, for example, has operated across almost every major security category for a very long time. But beyond organisations like IBM, the cyber market is divided into specialist segments, each with its own well-known vendors.


Endpoint and vulnerability management vendors


In vulnerability management and endpoint security suites, several established vendors consistently appear on shortlists. These include:


  • Qualys

  • Tenable

  • Tanium


For more specialist tooling such as endpoint detection and response (EDR) or managed detection and response (MDR), the leaders highlighted were:


  • CrowdStrike

  • SentinelOne

  • Carbon Black


These vendors offer deeper visibility and faster reaction to threats on devices, but each comes with different levels of maturity, complexity and cost.


Network security vendors


When looking at network-level protection, a different set of vendors dominate the market. Common names include:


  • Palo Alto

  • Cisco

  • Fortinet (referred to as 40ET)

  • WatchGuard, often viewed as a strong option for smaller organisations


Each offers variations of firewalls, intrusion prevention, and broader network security functions tailored to different types of businesses.


The growing mix of first-party security tools


Security does not stop at vendor products. Organisations also need to consider first-party security – the protection of software they build themselves. This includes:


  • Static and dynamic application security testing

  • Source code scanning

  • Software composition analysis, especially for open-source libraries


These areas add even more complexity to vendor selection, with countless niche tools emerging each month.


The role of startups, acquisitions, and the changing vendor landscape


The market is filled with large behemoths like Google and IBM, but also a huge number of small startups. Many of these startups launch with open-source tools, grow through community interest, and later introduce enterprise versions or managed services. With teams often smaller than ten people, their agility is a major selling point.


Large vendors frequently acquire these smaller players to expand their own product ecosystems. A recent example mentioned was Google’s acquisition of Wiz, a cloud security posture management company, for around $32 billion. These acquisitions can create advantages for buyers but also risks, especially if organisations find themselves locked into a vendor ecosystem or forced into unplanned migrations.


What procurement teams should look for in a security partner


Given the size and complexity of the vendor landscape, procurement professionals often benefit from working with a partner that is:


  • Vendor-agnostic

  • Technically broad, with multiple vendor certifications

  • Capable of supplying a wide range of skills


This helps prevent decisions being influenced purely by limited vendor affiliations or narrow technical experience.


Future risks and why encryption standards matter


Quantum developments may break existing cryptographic methods, creating long-term risks for organisations.


NIST recently ratified four post-quantum cryptography algorithms, all developed by IBM Research. This standardisation now gives businesses a clear path to adopt new encryption methods.


Procurement teams buying products today should consider how encryption is handled and whether vendors are planning for the post-quantum shift. Tools like a cryptographic bill of materials can help organisations understand where vulnerable keys or certificates are used and the scale of remedial work required.


Navigating the cyber vendor landscape can be just as tricky as navigating a boat in strong winds – and it pays to have the right guidance.


For help navigating the cyber vendor landscape and making informed procurement decisions, get in touch.


bottom of page