Companies with remote workers, cloud-based resources flock to access management, zero trust architectures, ISG Provider Lens^® report says

Enterprises are moving beyond traditional cybersecurity architectures, adopting more flexible tools to defend increasingly distributed operations, according to a new research report published today by Information Services Group (ISG) (Nasdaq: III), a global AI-centered technology research and advisory firm.

The 2025 ISG Provider Lens^® global Cybersecurity — Services and Solutions report finds use of three major types of broad-based security platforms is on the rise worldwide and constantly advancing through AI and other technologies. Identity and access management (IAM) secures cloud-based and remote work environments by rigorously authenticating users. Extended detection and response (XDR) unifies several kinds of cybersecurity tools for visibility and protection across attack surfaces, and secure service edge (SSE) applies zero trust architecture through cloud-based security functions.

“Traditional security perimeters are obsolete, so enterprises are integrating defenses throughout their digital environments,” said Doug Saylors, partner and leader of ISG Cybersecurity. “Modern approaches are gaining new capabilities that let organizations constantly adapt to evolving threats.”

A growing number of enterprises are adopting biometric authentication techniques such as facial recognition and fingerprint scanning as part of IAM, the report says. Decentralized identity systems, which use blockchain technology to allow users to control their digital identities, represent another rising IAM trend. Many companies shifting to cloud-first architectures are embracing identity as a service (IDaaS), which IAM vendors are enhancing to enable smooth integration with SaaS applications and hybrid and multicloud infrastructure.

Companies that once relied on siloed threat detection tools are turning to XDR for automation and analytics that span endpoints, identities, networks and cloud workloads, ISG says. XDR has emerged from endpoint detection and response (EDR) to become a core component of enterprise security operations. It includes proactive threat hunting, rapid containment and coordinated responses. Organizations are beginning to seek open, modular XDR architectures they can integrate into other security tools. Increasingly, they also integrate behavioral analytics for detection of insider threats based on deviations from typical user behavior.

Enterprises are also adopting zero trust principles, based on verifying every user and device before granting access, to reduce breach risks and protect sensitive data, the report says. They are implementing SSE to enforce these principles through cloud-based security functions that include continuous monitoring and verification of sessions and application-level controls that focus on protecting resources rather than networks.

The role of AI is expanding in all three emerging security approaches, ISG says. It enables IAM solutions to automatically adjust access controls based on real-time analysis of unusual user behavior. AI and ML power many detection, correlation and prioritization engines in XDR platforms, and providers are embedding AI-enabled threat detection in SSE solutions for real-time policy enforcement.

“Enterprises are recognizing that zero trust principles are crucial to securing modern, distributed operations,” said Yash Jethani, principal analyst at ISG and an author of the report. “Working with service providers and solution vendors, they are building flexible, identity-centric approaches that will allow them to adapt to new threats and requirements.”

The report also explores other global cybersecurity technology trends, including the use of IAM for compliance with complex regulatory standards and the expansion of XDR solutions from IT to operational technology in industrial systems.

For more insights into the cybersecurity challenges facing enterprises, along with ISG’s advice on overcoming them, see the ISG Provider Lens^® Focal Points briefing here.

The 2025 ISG Provider Lens^® global Cybersecurity — Services and Solutions report evaluates the capabilities of 61 providers across three quadrants: Identity and Access Management, Extended Detection and Response and Security Service Edge.

The report names Broadcom, Fortinet, IBM, Microsoft and Palo Alto Networks as Leaders in two quadrants each. It names Cato Networks, Check Point Software, Cisco, CrowdStrike, CyberArk, Forcepoint, ManageEngine, Netskope, Okta, One Identity (OneLogin), Ping Identity, SailPoint, Saviynt, SentinelOne, Trellix, Trend Micro, Versa Networks and Zscaler as Leaders in one quadrant each.

In addition, BeyondTrust, HPE (Aruba) and Sophos are named as Rising Stars — companies with a “promising portfolio” and “high future potential” by ISG’s definition — in one quadrant each.

In the area of customer experience, PwC is named the global ISG CX Star Performer for 2025 among cybersecurity service and solution providers. PwC earned the highest customer satisfaction scores in ISG's Voice of the Customer survey, part of the ISG Star of Excellence™ program, the premier quality recognition for the technology and business services industry.

The 2025 ISG Provider Lens^® global Cybersecurity — Services and Solutions report is available to subscribers or for one-time purchase on this webpage.

About ISG Provider Lens^® Research

The ISG Provider Lens^® Quadrant research series is the only service provider evaluation of its kind to combine empirical, data-driven research and market analysis with the real-world experience and observations of ISG's global advisory team. Enterprises will find a wealth of detailed data and market analysis to help guide their selection of appropriate sourcing partners, while ISG advisors use the reports to validate their own market knowledge and make recommendations to ISG's enterprise clients. The research currently covers providers offering their services globally, across Europe, as well as in the U.S., Canada, Mexico, Brazil, the U.K., France, Benelux, Germany, Switzerland, the Nordics, Australia and Singapore/Malaysia, with additional markets to be added in the future. For more information about ISG Provider Lens research, please visit this webpage.

About ISG

ISG (Nasdaq: III) is a global AI-centered technology research and advisory firm. A trusted partner to more than 900 clients, including 75 of the world’s top 100 enterprises, ISG is a long-time leader in technology and business services that is now at the forefront of leveraging AI to help organizations achieve operational excellence and faster growth. The firm, founded in 2006, is known for its proprietary market data, in-depth knowledge of provider ecosystems, and the expertise of its 1,600 professionals worldwide working together to help clients maximize the value of their technology investments.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250728340418/en/

Traditional security perimeters are obsolete, so enterprises are integrating defenses throughout their digital environments. Modern approaches are gaining new capabilities that let organizations constantly adapt to evolving threats.