Although I agree no one solution answers every risk related to cyber, I think your position on the topic of there being "no such thing as a Cybersecurity platform" is likely tainted by the all truth you know behind the marketing hype from portfolio suppliers like Palo, Fortinet, etc. From their vantage point, I could see how it would seem impossible.
Agree that any of my positions are tainted. :-) Sure there are perfectly logical platforms. If you need an agent on the endpoint then having a single agent to do EDR, port control, data discovery, etc. is possible. Or if you have a new network filter it belongs in an all-in-one appliance like Fortinet or PANW. But if you want to have a platform that is endpoint plus network plus identity plus cloud config, there is no way that will succeed.
I agree completely. Diversity is the way. Not getting the same supply chain bugs (hopefully..). Limiting unwanted ownership changes. Not getting 0days on everything everywhere all at once. Plus it keeps the competition between suppliers healthy.
I believe that a platform based approach with a single pane of glass/ for all cross product management in ease would go a long why for customers adoption. Having said that usability should be extra perfect⭐️
It is just never going to happen. Any over-arching platform with a single pane of glass has to be based around a SIEM. Which vendor is going to pull buyers away from Splunk and Elastic? And who is going to trust a log management platform vendor to protect endpoints, networks and identities?
There is a closed vs open ecosystem distinction to be made. The concept of a security platform is muddled by vendors offering what is really a closed ecosystem of solutions. A true platform is extensible in many ways (via API, for example) and through native third-party integrations. To be a valuable platform, third parties should be able to extend the capabilities of existing solutions and to build solutions on top of the platform.
Agree 100% .. I think its truly dangerous to fully rely on one single platform and that can have a massive domino effect if it is compromised or lacks visibility into key areas .. Despite all the vendor hype I like to think CISOs are smart enough not to fall for this
Richard nailed it. Security vendors that have comprehensive product offerings are great, but they all have partner programs for a good reason: they all know they will never solve it all with their own solution, smaller companies will always innovate faster and with less overhead.
1000% this. Any vendor talking this way is talking their own book. That’s not to say that there aren’t lock-in effects that make cross-selling easier. Windows Defender, for example, is a fairly decent product, and it’s enabled by default. So I’ll probably use it. But would I rip out CrowdStrike just because Defender is “free“ with my E5 M365 license? Only if I were budget-strapped. In other words, platforms matter more as edge cases, but they aren’t the rule.
One problem that I always had with vendors calling for "platforms" (specifically, theirs) is that I agree with Sangeet Choudry about what platforms are or think I do. Platforms are significantly more than a portfolio of APIs. Platforms allow other vendors - and clients - to shape the "value" they expect from a platform, interact with the platform, upload content and other 'value' to the platform, and download content and other 'value" from the platform, all in consideration of the platform rules of engagement directed by the platform owner and in concert with the users of the platform. Essentially, the platform becomes an interactive community.
I'm not aware of any vendors trying to do 100% of what an organization needs for cybersecurity, but I think it's also fair to say that there's zero appetite to purchase all your security solutions from different vendors. The overhead involved in managing a different vendor, contract, management console, API, and event source for 50+ security needs sounds like a nightmare to me.
Also considering that 95%+ of VC-funded security vendors will have an acquisition exit, a preference for point-solutions means that you can never stop shopping for new solutions and testing them out. Reaching a state of maturity is difficult when you're constantly ripping and replacing solutions as they get acquired into platforms.
The more sane route is a mix of point solutions and platforms. Do you really want AV, XDR, EDR, and EPP from four separate vendors? Probably not. CSPM, CWPP, CNAPP, Container scanning from separate vendors? You could, but the headache probably isn't worth it. The emerging market is full of features pretending to be products, and I can't blame folks that wait for them to mature, stabilize and consolidate.
In my experience as a penetration tester, the less vendors a company has, the harder they are to get into. Companies that focus on a few platforms seem to have more time to make sure things are configured correctly, and take the time to make sure the few products they have actually work. I can't tell you how many companies I've worked with that abandon a product the moment they think it's implemented, and are off to do the next POC/POV. A revolving door of point products is untenable.
Although I agree no one solution answers every risk related to cyber, I think your position on the topic of there being "no such thing as a Cybersecurity platform" is likely tainted by the all truth you know behind the marketing hype from portfolio suppliers like Palo, Fortinet, etc. From their vantage point, I could see how it would seem impossible.
Agree that any of my positions are tainted. :-) Sure there are perfectly logical platforms. If you need an agent on the endpoint then having a single agent to do EDR, port control, data discovery, etc. is possible. Or if you have a new network filter it belongs in an all-in-one appliance like Fortinet or PANW. But if you want to have a platform that is endpoint plus network plus identity plus cloud config, there is no way that will succeed.
I agree completely. Diversity is the way. Not getting the same supply chain bugs (hopefully..). Limiting unwanted ownership changes. Not getting 0days on everything everywhere all at once. Plus it keeps the competition between suppliers healthy.
Agreed!
I believe that a platform based approach with a single pane of glass/ for all cross product management in ease would go a long why for customers adoption. Having said that usability should be extra perfect⭐️
It is just never going to happen. Any over-arching platform with a single pane of glass has to be based around a SIEM. Which vendor is going to pull buyers away from Splunk and Elastic? And who is going to trust a log management platform vendor to protect endpoints, networks and identities?
There is a closed vs open ecosystem distinction to be made. The concept of a security platform is muddled by vendors offering what is really a closed ecosystem of solutions. A true platform is extensible in many ways (via API, for example) and through native third-party integrations. To be a valuable platform, third parties should be able to extend the capabilities of existing solutions and to build solutions on top of the platform.
No question that APIs are creating the integrations that these closed systems aspire to.
Agree 100% .. I think its truly dangerous to fully rely on one single platform and that can have a massive domino effect if it is compromised or lacks visibility into key areas .. Despite all the vendor hype I like to think CISOs are smart enough not to fall for this
Agree Taimur. As much as CISOs pine for a simpler product selection process there is no way they want to buy everything from Microsoft or PAN.
Richard nailed it. Security vendors that have comprehensive product offerings are great, but they all have partner programs for a good reason: they all know they will never solve it all with their own solution, smaller companies will always innovate faster and with less overhead.
Wise words Jill.
Keep ‘em honest Richard.
Great article Richard! Could not agree more with all your points!
Awesome! Thanks Joshua.
Wonderfully put!
Thanks Darwin!
1000% this. Any vendor talking this way is talking their own book. That’s not to say that there aren’t lock-in effects that make cross-selling easier. Windows Defender, for example, is a fairly decent product, and it’s enabled by default. So I’ll probably use it. But would I rip out CrowdStrike just because Defender is “free“ with my E5 M365 license? Only if I were budget-strapped. In other words, platforms matter more as edge cases, but they aren’t the rule.
One problem that I always had with vendors calling for "platforms" (specifically, theirs) is that I agree with Sangeet Choudry about what platforms are or think I do. Platforms are significantly more than a portfolio of APIs. Platforms allow other vendors - and clients - to shape the "value" they expect from a platform, interact with the platform, upload content and other 'value' to the platform, and download content and other 'value" from the platform, all in consideration of the platform rules of engagement directed by the platform owner and in concert with the users of the platform. Essentially, the platform becomes an interactive community.
I'm not aware of any vendors trying to do 100% of what an organization needs for cybersecurity, but I think it's also fair to say that there's zero appetite to purchase all your security solutions from different vendors. The overhead involved in managing a different vendor, contract, management console, API, and event source for 50+ security needs sounds like a nightmare to me.
Also considering that 95%+ of VC-funded security vendors will have an acquisition exit, a preference for point-solutions means that you can never stop shopping for new solutions and testing them out. Reaching a state of maturity is difficult when you're constantly ripping and replacing solutions as they get acquired into platforms.
The more sane route is a mix of point solutions and platforms. Do you really want AV, XDR, EDR, and EPP from four separate vendors? Probably not. CSPM, CWPP, CNAPP, Container scanning from separate vendors? You could, but the headache probably isn't worth it. The emerging market is full of features pretending to be products, and I can't blame folks that wait for them to mature, stabilize and consolidate.
In my experience as a penetration tester, the less vendors a company has, the harder they are to get into. Companies that focus on a few platforms seem to have more time to make sure things are configured correctly, and take the time to make sure the few products they have actually work. I can't tell you how many companies I've worked with that abandon a product the moment they think it's implemented, and are off to do the next POC/POV. A revolving door of point products is untenable.