I always enjoy attending Gartner’s Security and Risk Management (SRM) conference. It’s an opportunity to hear first-hand from Gartner analysts and security leaders on problems to solve, evolving approaches to address said problems and the many paths to take.
I walked away from this summer’s conference with three things stuck in my head:
- AI is both reshaping the risk landscape and the means to protect it.
- Consolidation, platformization, integration, automation is never done.
- NDR gets its due attention whether it be AI, Platforms, or Zero Trust.
This industry moves fast—and not always in a straight line. I like to say that where there’s chaos, there’s opportunity. Here's my take on what chaos is creating opportunity – for both security leaders and vendors.
AI: From “Panic-Neglect” to Pragmatic Experimentation
Gartner paints AI in cybersecurity as being stuck in a loop: we panic, we overspend, we underdeliver, and then we neglect—until the cycle starts again. At Vectra AI, we’ve called this vicious cycle the spiral of more – a never-ending cycle of doing the same thing over and over again expecting a different result.
But here’s the kicker: AI isn’t here to replace your team. It’s here to break the cycle and maximize the value of your existing talent. “AI will be a SecOps tool for a while before it’s a teammate.”
This means tactical AI—not grandiose autonomous SOC fantasies. Think automation in alert triage, contextual investigations, and false positive reduction. By 2027, 90% of successful AI implementation in cybersecurity will be tactical, not transformational.
And the best advice? Be an “AI Tinkerer.” Experiment smartly, fail fast, iterate faster. Focus on outcome-driven metrics (ODMs), not vendor marketing fluff.
Platform Consolidation: It’s About Survival, Not Savings
According to Gartner, the average enterprise is juggling 43 to 45 security tools. The result? Frankenstein's monster of fragmented capabilities, siloed data, and broken workflows. And CISOs aren’t consolidating to save money—they’re consolidating to survive.
“Complexity is the enemy of security. And resilience.”
The winners in the platform wars will be those who master interoperability and resilience. Gartner emphasizes the need for open, API-first platforms that thrive on signal sharing and integrated control planes. It’s not about bundling features—it’s about delivering outcomes through architectural unity.
Think:
- Centralized control planes + distributed enforcement
- Graph-powered data lakes with native AI/ML analytics
- Resilience through zero trust alignment, multi-region failover, and cryptographic agility (yes, they’re talking quantum now).
If your current vendor ecosystem can’t handle this? Time to ask some hard questions.
NDR: A Zero-Trust Force Multiplier
Let’s be real: If Zero Trust is your strategic goal, NDR should be your operational backbone. Gartner doesn’t mince words—NDR is a “core detection layer” in a zero-trust ecosystem.
What makes NDR so essential in 2025?
- Hybrid Complexity: With cloud, OT, and remote environments exploding, NDR gives visibility where EDR and SIEM fall short.
- Identity Abuse & C2 Detection: Most breaches still boil down to stolen credentials and command-and-control activity. NDR catches both.
- AI-Driven Signal Fidelity: NDR vendors are racing to use AI to reduce false positives and accelerate detection. By 2027, 60% of NDR purchases will be AI-driven.
“Effective zero trust needs end-to-end visibility, real-time detection and response across the hybrid network.”
So, if your zero-trust strategy lacks NDR, you’re probably trusting more than you think.
Quick Wins vs. Long Games
Not every organization can leap into deep AI or complete a platform overhaul tomorrow. And that’s okay.
Gartner suggests “quick-win” strategies—start with executable policies, core applications, and simple enforcement using existing infrastructure. Don’t boil the ocean. Pick a high-value target, deploy context-aware controls, and prove it works.
The Bottom Line: Gartner’s Message Is Clear
Cybersecurity in 2025 is about making complexity manageable. Whether you’re rolling out microsegmentation, leaning into AI, or building your own interoperable platform, every move must be tethered to business outcomes and resilience.
Here are the opportunities I see amidst the chaos:
- AI is not magic, but it is necessary. Use it to amplify human decision-making, not replace it.
- Platforms must interoperate. Buy ecosystems, not silos.
- NDR is indispensable. If you can’t see the network, you can’t trust it.
I’m looking forward to what Gartner SRM London says this fall.
Mark Wojtasiak is a product marketing leader at Vectra AI who tells it like it is. If it’s not about outcomes, he’s not interested.
Related topics: