Mod 01 · Market Map

The whole landscape, in twelve layers.

Each layer is a category family. Consolidation pressure shows as red intensity — heavier red = more squeeze. The 5 hot-contest layers (where positioning matters most) carry an accent border.

Pressure
Low
Medium
High
Very high
Emerging
L01

Network / SASE

Move from a perimeter-based stack to identity-and-context routing across distributed workers, branch offices, and cloud apps — without sacrificing performance or operability.

firewallSWGZTNACASBSASE +1
Pressure
high
Open
L02

Endpoint / XDR

Detect-and-respond on every workstation and server, then correlate that signal with other surfaces — without buying yet another agent.

EDRNGAVXDRendpoint response
Pressure
high
Open
L03 Hot zone

SecOps

Aggregate, correlate, and operationalize security signal across the entire stack — without going broke on per-GB licensing or drowning analysts in alerts.

SIEMSOARXDRsecurity data lakeUEBA
Pressure
very high
Open
L04 Hot zone

Cloud Security

Cover posture, workload, identity, and runtime risk across multi-cloud — without a tool per slice and without missing the attack paths that chain across them.

CNAPPCSPMCWPPCIEMKSPM
Pressure
very high
Open
L05 Hot zone

Identity

Manage access, govern entitlements, and detect identity-based attacks across humans, machines, and the proliferating non-human identity surface — as the control plane attackers increasingly route through.

IAMPAMIGAITDRnon-human identity +1
Pressure
high
Open
L06 Hot zone

Exposure

Replace the vulnerability backlog with a prioritized attack-path view — "prove I'm exposed" beats "tell me about CVEs."

ASM / EASMVMCTEMBASautonomous pentest
Pressure
high
Open
L07

Data Security

Find where sensitive data lives across cloud and SaaS, govern who/what touches it (including AI agents), and recover from loss or ransom — across surfaces that don't share a common control plane.

DSPMDLPdata access governancebackup / recoveryencryption
Pressure
medium high
Open
L08

Application / API

Secure custom apps and APIs through the developer workflow — without slowing engineering, while catching the business-logic abuse that scanners miss.

AppSecAPI securityASPMWAFSCA +2
Pressure
medium high
Open
L09

GRC / Trust

Prove control to auditors, customers, and the board on demand — and turn compliance work from cost center into revenue-enablement (trust centers).

compliance automationTPRMtrust centerIRMpolicy management
Pressure
medium
Open
L10 Hot zone

MDR / Services

The customer either lacks a SOC or has one that can't keep up. Buy the outcome (alerts triaged, threats contained) rather than the tool.

MDRMXDRMSSPmanaged SOC
Pressure
high
Open
L11

OT / IoT

Discover, monitor, and segment operational and connected-device assets in environments where availability beats confidentiality and "move fast" is not a virtue.

OT securityICS monitoringasset visibilitynetwork segmentation
Pressure
medium
Open
L12

AI Security

Two halves of the same emerging surface: secure the AI being deployed (models, agents, data, prompts) and use AI to secure everything else (Agentic SOC).

AI-SPMmodel securityagent securityprompt injection defenseAI governance +2
Pressure
emerging
Open
How to read this map

Layer ≠ severity. A layer's number just reflects how the market organizes by surface, not how important it is to your stack. Read pressure, not order.

Pressure tells you where positioning matters most. Very-high pressure = consolidation is actively happening; a vendor's wedge has to be deep or the platforms absorb it. Low pressure = quieter division, fewer M&A signals, but also slower growth.