CISOs face budget limitations and must find ways to reduce complexity and scale capabilities without compromising security. In our recently released Security Software and Services 2025 Benchmark Report, two CISO strategies emerged: consolidating tools into unified platforms and leveraging managed security services providers (MSSPs).

As part of the 2025 CISO Compensation and Budget Research Study, conducted by IANS and Artico Search, we gained insights into the current state of security software within enterprise security programs. The sixth annual edition of the survey was conducted from April through August 2025, collecting data from 628 CISOs on security software, integrated platforms, solutions, and MSSPs.

How CISOs Are Consolidating Tools

CISOs in our research shared that they are turning to unified platforms to consolidate multiple functions for reasons such as efficiency, data integration, cost, and vendor strategy. According to the data, approximately 70% of CISOs indicated they are in the process of consolidating or have consolidated multiple software solutions into one or more integrated platforms. Another 13% indicate they have plans to do so, which leaves a smaller percentage of respondents (17%) with no plans to consolidate. (See Figure 5.)

Figure 5

The degree of tools consolidation among respondents varies based on the size of the enterprise. For instance, 44% of budgets in midsize enterprises ($400 million to $5 billion in revenue) go toward platform solutions. And in very large enterprises ($10 billion plus), just 25% of budgets are put toward platform solutions. These larger organizations often have the resources to maintain best-of-breed tools and customer integrations. On average, 40% of software budgets (among those using platforms) go to integrated platform solutions.

Technology areas often consolidated into platforms include endpoint security, cloud security, and security operations. More than 75% of CISOs in our survey are using platforms for these technology areas, followed by network security, identity and access management (IAM), and data security. As for platform vendors, CISOs cited Microsoft (49%), CrowdStrike (27%), and Palo Alto Networks (15%) were among the most cited providers.

CISOs also report being satisfied with their vendors, according to our research; less than 1% of CISOs reported dissatisfaction, while most reported being somewhat or very satisfied with their platforms. Smaller firms may lack resources to implement unified platforms, and very large enterprises often prefer best-of-breed tools due to scale, regulatory, or redundancy needs.

READ MORE: CISOs Face Tough Challenges as Budgets Tighten: Trends in Security Software Spend

Why Managed Security Services

CISOs are also turning to MSSPs for their security needs. Our report shows that 68% of CISOs rely on one or more MSSPs to manage parts of their security operations, with adoption being highest in organizations with $1.1 billion to $10 billion in revenue. (See Figure 10.) For this size organization, MSSPs can offer a cost-effective alternative to building large internal teams.

Figure 10

The security functions CISOs often rely on MSSPs for include: threat detection and response (84%), endpoint protection (57%), network security monitoring (43%), and incident response (33%). Fewer CISOs outsource functions such as compliance support (3%), IAM (7%), or firewall management (5%). These technology areas often require deep integration with internal systems and processes, making them less ideal candidates for outsourcing. While smaller companies don’t always have the budget for MSSPs, very large enterprises often have larger security teams and tend to keep capabilities in-house.

“While a significant number of organizations are using MSSPs and MDR [managed detection and response] solutions for device management, security operations assistance, and fully managed incident detection and response, there’s still a need for in-house skills and technology mastery. A number of security teams still prefer to triage incidents themselves, regardless of size. For CISOs, overreliance on MSSPs is a concern relating to vendor lock-in, lack of in-house knowledge and skills, and possible failure to adapt to changing security operations needs in the future,” says Dave Shackleford, IANS Faculty Member.

The findings of this survey research show that tools consolidation and MSSPs can deliver value to CISOs where they need it most—especially in the face of budget constraints. Platforms and outsourcing are key strategies for security leaders looking to make the most of their security budget spending. Success with these strategies will depend on striking the right balance—using integrated platforms to simplify security operations and MSSPs to scale, without sacrificing control or resilience. 

Download our 2025 Security Software and Services Benchmark Report—and gain access to valuable insights and practical strategies for managing vendors and MSSPs, especially during periods of budget constraints.

Take our CISO Comp and Budget Survey in less than 10 minutes and receive career-defining data and other valuable insights or data sets.

Security staff professionals can take our 2025 Cybersecurity Staff Compensation and Career Benchmark Survey.

Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.