Posture management reshapes cybersecurity strategy

Posture management is rapidly becoming a frontline strategy in cybersecurity as organizations face mounting pressure to unify risk visibility across sprawling digital environments.

With infrastructure spread across cloud, identity and data layers, the old model of siloed monitoring is no longer sustainable. Security teams are now turning to posture management not just to assess exposure, but to coordinate defenses in real time. As a result, vendors are embedding these capabilities into broader platforms, betting that streamlined visibility and control will define the next generation of cyber resilience, according to Erik Bradley (pictured, left), chief strategist and director of research at Enterprise Technology Research.

ETR’s Erik Bradley talks to theCUBE about posture management.

“From a business perspective, large organizations have M&A — they have rollups; they have multiple divisions. They’re not centralized; they’re across globes,” Bradley said. “There’s no way that we’re ever going to see a consolidation on one platform.”

Bradley spoke with theCUBE’s Jon Oltsik (second from right) and Dave Vellante (right) at the RSAC 2025 Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how posture management is becoming a key cybersecurity strategy to improve risk visibility, streamline operations and address tool sprawl across cloud, identity and data environments. (* Disclosure below.)

Posture management and platform integration reshape cyber priorities

Security leaders are reassessing how posture management fits into a larger platform strategy. There’s growing recognition that posture management needs to evolve beyond narrow point solutions and become a foundational layer of enterprise-wide risk visibility, according to Oltsik. But with so many tools already in place, CISOs face the challenge of rationalizing overlapping products and avoiding vendor sprawl.

“We’re carving up terminology and confusing the market. That’s the first thing,” he said. “The second thing is hybrid. IT is moving so quickly and it’s so specialized that you need these specialized posture management tools for cloud, for identity, for data. Now that gives the, the practitioner in that space better visibility into what they’re doing.”

Meanwhile, posture management intersects with efforts to reduce operational overhead through automation and specialization. Cloud security, identity access and even password managers are being folded into this broader posture-centric approach. Vendors such as CrowdStrike Holdings Inc. and Palo Alto Networks Inc. are pushing hard into this space, integrating posture management into their platforms while marketing it as both a peace-time control and a strategic wartime readiness tool, Bradley explained.

“It seems as if all of these vendors recognize that there’s a platformization push as a strategy, but they can’t do it in just their core space,” he said. “I agree with you that the terminology is really what’s morphing here. All of it. All a CSO cares about at the end of the day, is your vulnerability management. That’s where everything starts.”

Data fragmentation remains one of the biggest roadblocks. While vendors claim strength in telemetry, none have a complete view across all domains, which is essential for effective posture management. The lack of full integration across systems often leaves gaps that can undermine security efforts, especially as enterprises try to consolidate vendors and unify visibility, Bradley emphasized.

“This isn’t about, you’re going to be one provider. That’s never going to happen. There’s no CSO that’s ever going to allow that,” he said.  “One of the number one raises is always we’re going to try to consolidate redundant vendors. That’s what they’re looking for. They don’t want redundancy.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSAC 2025 Conference event:

(* Disclosure: TheCUBE is a paid media partner for the RSAC 2025 Conference. The sponsors of theCUBE’s event coverage do not have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE