There Is No Such Thing As a Cybersecurity Platform
And never will be
Could we please stop listening to the biggest cybersecurity vendors’ marketing hype? There is ZERO appetite within the enterprise to purchase all of their cybersecurity from the same vendor. They are still, after 30 years, reeling from their decision to standardize on WindowsNT as their operating system of choice. What could possibly induce them to buy everything from the same vendor?
Today’s stock market blood bath in tech apparently had two drivers. One was fear that Nvidia would not meet the astronomical expectations for its revenue to more than triple year over year. Well, at 265% growth year over year NVDA is doing just fine.
Meanwhile, Palo Alto Networks, the biggest pure play cybersecurity company also beat its revenue numbers. But why did the market for cyber stocks plummet, led by a 28% drop in PANW?
It’s because PANW cut their guidance slightly. The CEO is doubling down on the age old platform versus best-of-breed argument and offering free access to some stuff to rope more customers into its “platform.” I have only been hearing about this for 24 years. It is one of the top tropes that large security vendors roll out. The only ones listening are purchasing departments that would like to rationalize their supplier base. No CISO in the world is going rip out Wiz or Orca because their hardware appliance vendor has a similar product on sale.
I have written ad nauseam about how this market works. You need the best possible defenses against a real and present danger. If you compromise to reduce the burden on your purchasing department you are going to be out of a job and may be indicted by the SEC.
You cannot, today, purchase a “platform” that fulfills all of the cybersecurity layers you need to defend yourself. The closest you can come is if you decide to be a Fortinet-first buyer. In other words buy Forticlient for your endpoints. Fortigate’s for your perimeter, Fortitokens for your MFA, and FortiCameras for your physical security.
A decade ago you heard the same fantasies from Symantec and McAfee (NAI, Intel Security, McAfee again). If you had bought into the platform hype then you would be left high and dry as those companies stopped innovating and acquiring and became acquierees themselves.
While it is natural for a $100 billion+ market cap company like Palo Alto (now $85 billion) to pitch the sole-source concept, it is somewhat crazy to actually execute on a mythical marketing trope. I think Wall Street is equally dubious.
That said, I think leadership at Palo Alto Networks have mis-read the market. I think spending is going to be up broadly and they will benefit from that. There was no need to offer negative guidance.
In an upcoming episode of the Refining Cybersecurity Podcast I will be discussing the Platform vs Best of Breed arguments with Eric Parizo, Managing Principal Analyst at Omdia.
Also, check out the Analyst Dashboard, the only platform for cybersecurity industry research.
Although I agree no one solution answers every risk related to cyber, I think your position on the topic of there being "no such thing as a Cybersecurity platform" is likely tainted by the all truth you know behind the marketing hype from portfolio suppliers like Palo, Fortinet, etc. From their vantage point, I could see how it would seem impossible.
I agree completely. Diversity is the way. Not getting the same supply chain bugs (hopefully..). Limiting unwanted ownership changes. Not getting 0days on everything everywhere all at once. Plus it keeps the competition between suppliers healthy.