I get your point, but I'm really not sure that I agree.
Trying to do everything yourself without a huge team and endless resources is a risky strategy. You probably don't have the resources to track each and every threat vector and attack surface. Using vendors lets you benefit from their economies of scale, and you can supplant that with your own special sauce and deep knowledge of your threat and risk modeling...
I see that as a much more attractive solution, and it doesn't hurt that "no one ever got fired for buying IBM..."
I get your point, but I'm really not sure that I agree.
Trying to do everything yourself without a huge team and endless resources is a risky strategy. You probably don't have the resources to track each and every threat vector and attack surface. Using vendors lets you benefit from their economies of scale, and you can supplant that with your own special sauce and deep knowledge of your threat and risk modeling...
I see that as a much more attractive solution, and it doesn't hurt that "no one ever got fired for buying IBM..."