NEC XON promotes unified security platforms to replace fragmented enterprise toolsets

Company highlights integration, automation, and shared data as key to improving visibility and response in security operations

NEC XON is advocating a shift in how enterprises structure their cybersecurity environments, moving away from collections of isolated tools toward integrated platforms designed to centralize data, detection, and response. The approach is being applied in client environments where security teams are managing multiple standalone products across different domains.

According to Michael de Neuilly Rice, the accumulation of disconnected tools has become a limiting factor in security operations. “Across both new and existing environments, we consistently find a proliferation of point products. Each tool is licensed separately, configured independently and maintained in isolation. That places a heavy burden on already stretched security teams,” he said.

Enterprise environments still require coverage across endpoints, networks, cloud infrastructure, applications, identity, and data. However, adding tools to cover each layer does not necessarily improve protection. In practice, it can increase operational complexity and create gaps in visibility, especially when systems do not share data or operate within a common framework.

A central issue identified in these environments is the lack of integration between tools, which affects how incidents are detected and handled. Without a unified view, analysts often need to move between different systems, correlate alerts manually, and respond without full context. “Security teams often can’t see the full progression of an attack across systems,” said de Neuilly Rice. “Analysts are forced to jump between multiple dashboards, correlate alerts manually and respond in silos. That delay can be critical during an incident.”

To address this, NEC XON is working with a platform-based model built on technologies from Palo Alto Networks, including Cortex XSIAM. The platform consolidates capabilities such as data ingestion, analytics, and automated response within a single environment, reducing the need for separate SIEM and SOAR systems.

By centralizing telemetry in a shared data layer, the platform allows security teams to monitor activity across the environment and investigate incidents with end-to-end visibility. Additional components, such as Cortex XDR, extend detection and response capabilities to endpoints, while other modules cover areas like cloud security, data protection, and identity threats.

The model also incorporates machine learning and AI-driven processes to support correlation, investigation, and response. “Machine learning helps correlate events that would otherwise appear unrelated, while agentic AI can assist with investigation, threat hunting and automation. That allows analysts to focus on higher-value work rather than managing tools,” de Neuilly Rice said.

This approach reflects a broader change in how security operations centres are structured, shifting from environments built on multiple integrations to platforms where monitoring, analysis, and response are handled within a unified system. In this model, operational efficiency depends less on the number of tools deployed and more on how effectively data and processes are connected.