As tech companies tighten their belts and announce massive layoffs, security companies, especially the powerhouses, still reported strong earnings for the last quarter. They benefitted mainly from heightened cyberthreats, digital/cloud transition, and vendor-consolidation trends, as well as the mission-critical nature of cybersecurity. However, they are not immune to the economic downturn.

The stocks of CrowdStrike, Fortinet, and Rapid7 plunged after their earnings reports mostly due to the disappointing guidance and outlook misses.

Palo Alto Networks, Zscaler, and SentinelOne were among the stocks that fell after CrowdStrike’s CEO and co-Founder George Kurtz warned of “increased macroeconomic headwinds” earlier this week during its earning’s call for the third fiscal quarter of 2022.

“Organizations were starting to respond to macroeconomic conditions by adding extra layers of required approvals and extending the time it took to close some deals,” Kurtz said on the call. “Given the increased scrutiny on budgets, we're not going to expect a typical Q4 budget flush, leading us to adjust our Q4 net new ARR expectations”

But he remained optimistic about security spending in general. “Security remains still top of mind and top of budget for enterprise customers.”

Fortinet and Palo Alto Networks executives shared the same sentiment during their earlier earnings calls for this quarter.

“Cybersecurity is not immune to economic slowdowns, [but] is expected to remain a relatively safe harbor,” Fortinet CFO Keith Jensen said earlier this month during the company's earnings call for the third fiscal quarter of 2022.

Palo Alto Networks Chairman and CEO Nikesh Arora said he saw early customer behavior changes and cautioned that security is “not immune” to the potential recessionary concerns during its earnings call for the company's first fiscal quarter of 2023. But “we believe that whilst there may be short-term bumps to the pace of investment by some of the customers, these projects will continue for the medium and long term.”

For years, mega security vendors have been building up their platform approach consolidating security capabilities and technologies through innovation, internal integration, and acquisitions. Now they are seeing the paybacks in this security vendor and solution consolidation trend.

The most recent moves include Palo Alto Networks buying application security startup Cider Security and adding it to its Prisma Cloud platform and CrowdStrike grabbing external attack surface management (EASM) provider Reposify to integrate into its Falcon platform as an EASM module.

As the economic downturn, pressure on cost-cutting, and the growing complexity of security solutions force more organizations to consolidate their security vendors and services, CEOs touted this trend as the "silver lining."

“Given the increased scrutiny and return requirements, the silver lining for Palo Alto Networks is that we are having more conversations around consolidating platforms than we've ever had before. We think customers are less likely to purchase newer security products. Instead, they will continue to consolidate towards like-for-like capabilities from fewer vendors,” Arora said.

Fortinet Founder and CEO Ken Xie also identified the consolidation of security functionality and vendors as the company’s top growth drivers.

Kurtz echoed “we believe today's macro pressures on businesses and the escalating threat environment make Falcon's value proposition as a consolidator more important today than at any other time in CrowdStrike's history."

Despite all the talk of "silver linings," several well-funded security startups underwent layoffs earlier this year.

For example, cloud security unicorn Lacework slashed 20% of its workforce in May just six months after the firm closed a $1.3 billion funding round. Potential IPO candidates — endpoint security unicorn Cybereason and cloud security unicorn Snyk — announced a second round of layoffs in October after their first waves during the summer.

But the good news is analysts continue to see smaller security vendors leading or playing in nascent technology and innovation areas.

“Smaller vendors are going to be able to continue to drive innovation, and they’re going to be able to move faster and produce better solutions in many cases than the large vendors,” Gartner’s Senior Director Analyst Charlie Winckless told SDxCentral in an earlier interview.

Dell’Oro Group Research Director Mauricio Sanchez echoed Winckless in that even though large security companies have deep pockets, they don’t necessarily pivot faster than some of the pure players that focus on specific facets of the environment. “There's still a lot of runway for startups to continue to innovate and at least execute [ahead of] the larger ones," he said.