In cybersecurity, you’re never going to have ten or twenty solutions that all dominate. Cybersecurity functions as a duopoly or an oligopoly.
Fragmented tooling is now out, platform consolidation is in. More than just another billion dollar tech deal, Google’s acquisition of Wiz marks a turning point for the platformization of enterprise cybersecurity. The future favors vendors that integrate cleanly, automate the right work, and help companies do more with less.
Aleksandr Yampolskiy is the CEO and Co-Founder of SecurityScorecard, a leading supply chain-focused cybersecurity rating platform. With a background in building both startups and large-scale security infrastructure, Yampolskiy knows the intricacies of how the market operates and how platformization is taking over the industry.
Top of the foodchain: "In cybersecurity, you’re never going to have ten or twenty solutions that all dominate. Cybersecurity functions as a duopoly or an oligopoly," says Yampolskiy. Aiming to be at the top of the cybersecurity food chain, Wiz saw consolidation as their perfect tool.
"That was the genius of Wiz. They looked at how companies were doing security—using one tool for vulnerability scanning, another for something else—and asked, what if we brought it all together in a single, unified view?" Yampolskiy states. "At first, it resonated because it reduced the number of tools. Now, it resonates because it’s simple. It’s that single pane of glass everyone’s been looking for."
Pro-platformization: Consolidating multiple cybersecurity functions into a single, unified solution—or a small handful of multifaceted platforms—reduces budget, simplifies operations, and most importantly, facilitates a stronger security response. "You’re going to see some further platformization happen in cybersecurity. Customers want to buy from fewer vendors."
And as platformization picks up, not every product category will survive the shift. "I think that firewalls are going to fizzle out, because everything is in the cloud now," Yampolskiy explains. "Some solutions that people spend money on, like security awareness tools, don’t work."
A swift response: "The problem with having so many vendors is they don’t talk to each other," Yampolskiy says. "One vendor detects one threat, the other vendor detects another. But when you’re running a security team, you need to be able to make all these things work with each other."
Consolidating tools via platformization is the key to a streamlined security response. "When you receive an alert, that alert must be triaged. From there you can issue your response."
I’m very bullish on using agentic AI to automate boring manual tasks in cybersecurity. Also tools that help you optimize the tools you already have—if you can get better use of the technologies you already have, and get better value out of them, I’m on board.
Build vs. buy: "When you have big companies," Yampolskiy explains, "it’s very hard for them to take hundreds of millions of dollars and invest it into something else, rather than focusing on their existing solutions." But that’s exactly what Google did in their acquisition of Wiz.
According to Yampolskiy, Google made a smart call. Rather than pouring time and resources into replicating what already exists, Google bought a platform that was already proving its value in the market. "Wiz built a terrific platform. Sure, Wiz is going to continue to work across all clouds, but I’m sure the native support for Google cloud will be better out of the box," he notes. "It’s a nice differentiator for them."
But it’s more than that. "It’s a lot harder to build it than to say it," cautions Yampolskiy. In discussing European companies considering building their own cybersecurity solutions in response to tariff-induced tensions, Yampolskiy is clear: "It’s so freaking hard. For companies who have never built and scaled security solutions, they don’t understand how hard it is."
AI in cybersecurity: Yampolskiy is optimistic about AI in cybersecurity solutions, but not all use cases hold their weight. Dollar risk quantification, for instance, falls flat for Yampolskiy. "It’s kind of a nice idea, discovering how much money you could lose due to ransomware and that sort of thing, but they don’t have enough data to really quantify things in terms of dollars," he warns. "It doesn’t really work."
What does work, according to Yampolskiy, is task automation and tool optimization. "I’m very bullish on using agentic AI to automate boring manual tasks in cybersecurity. Also tools that help you optimize the tools you already have—if you can get better use of the technologies you already have, and get better value out of them, I’m on board."
