Dell'Oro Group says security budgets will center on SASE and SIEM
An analyst note projects enterprise security budgets will concentrate on cloud-delivered edge services such as SASE/SSE and cloud Web Application Firewall (WAF) and a centralized, AI-assisted Security Information and Event Management (SIEM) platform, affecting CIOs' and CISOs' 2026 budgets.
Market Overview
Enterprises continue shifting spend from appliance hardware to subscription, cloud-delivered security services, producing two primary spending pillars: cloud-delivered edge controls and a central Security Operations (SecOps) platform.
Key Findings
Edge spend is consolidating around SASE/SSE for user and branch access and cloud WAF for internet-facing applications and APIs, the analyst said.
The note uses the term “next‑gen SIEM” to describe a SecOps solution that combines SIEM, Security Orchestration Automation Response (SOAR), Extended detection and response (XDR), observability and Cloud Native Application Protection Platform (CNAPP), and it reports the CNAPP market grew nearly 40% in 2024, Mauricio Sanchez said.
Technology or Trend Analysis
SASE/SSE packages commonly combine Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Zero-Trust Network Access (ZTNA) and Firewall-as-a-Service (FWaaS) functions delivered through distributed Points of Presence (PoP), while cloud WAF protects internet-facing web and Application Programming Interface (API) traffic.
Distributed cloud networking and emerging WAN-as-a-service offerings provide programmable connectivity across branches, clouds and security service edges rather than fixed routers, the note said.
Forecast or Analyst Outlook
The analyst expects more RFPs to specify a single Software-as-a-Service (SaaS) SecOps platform that ingests logs and telemetry, powers AI-assisted investigations and orchestrates responses across edge and cloud controls.
Vendors and buyers will favor subscription licensing, shifting new initiatives to Operational Expenditure (OpEx) and reducing the share of capex-heavy appliance deals, the note said.
Conclusion
By 2026, security spending is expected to center on cloud-delivered edge services and a centralized SecOps analytics plane, a change that matters for procurement and architecture planning. This Analyst Signals brief reflects a neutral, fact-based summary of the original research note.