The Potential Pitfalls Of Cybersecurity Platformization

 


A major theme has emerged as the cybersecurity industry is in the midst of a consolidation phase. High-profile acquisitions and alliances, such as Cisco’s acquisition of Splunk and IBM’s alliance with Palo Alto Networks, are reshaping the landscape.

This consolidation, often referred to as platformization, promises a streamlined, all-in-one solution for cybersecurity needs. However, the cyclical nature of the cybersecurity market and the ever-evolving complexity of threats underscore the enduring value of modularity and flexibility.

Cyclical Nature of the Cybersecurity Market

The cybersecurity market has always been characterized by cycles of consolidation and diversification. In the early 2000s, giants like McAfee and Symantec dominated the industry, offering comprehensive security suites that promised to address all security needs. This period was marked by a preference for integrated solutions, which provided convenience but often fell short in addressing specialized threats.

As cyber threats evolved, so did the market’s approach. The rise of innovative new tools and specialized solutions marked a shift towards modularity. These specialized tools provided superior protection against specific threats, demonstrating the limitations of all-encompassing platforms.

Today, we are witnessing another wave of consolidation. Cisco’s acquisition of Splunk, IBM’s strategic alliance with Palo Alto Networks, and the merger of LogRhythm and Exabeam are just a few examples.

The primary allure of platformization lies in its promise of simplicity.

Companies like Qualys, CrowdStrike, and Palo Alto Networks make the pitch that their platforms can manage all security needs through a unified interface. This approach offers several potential benefits:

  • Unified Management Console: A single dashboard to monitor and manage security operations.
  • Streamlined Procurement Processes: Simplifying vendor relationships and reducing administrative overhead.
  • Potential Cost Savings: Consolidating tools under one platform can lead to financial savings.

Some cybersecurity leaders favor a unified approach due to the perceived ease of use and efficiency.

However, Brian Murphy, CEO of ReliaQuest, whose vendor-agnostic security operations platform allows customers to leverage their own security stack, warns that this trend is often vendor-driven rather than customer-centric. He notes, “The idea that there can be one platform to rule them all is illogical. It has never happened and will never happen in security. Businesses have unique needs that require a mix of technologies.”

The Pitfalls of Platformization

While there are some potential benefits to a unified platform, and platform vendors pitch it as a magical solution for all of your cybersecurity woes, not everyone agrees.

Earlier this year, cybersecurity industry analyst and author of Security Yearbook 2024 Richard Stiennon wrote, “Could we please stop listening to the biggest cybersecurity vendors’ marketing hype? There is ZERO appetite within the enterprise to purchase all of their cybersecurity from the same vendor.”

I spoke to Richard, and he emphasized, “There's no buyer that says, 'God, show me how I can buy everything from one vendor.”

Adequacy vs. Excellence

While platformization promises adequacy across various security domains, it rarely achieves excellence in all. No single platform can be the best at everything, leading to potential gaps in protection.

As Scott Crawford, research director of information security with 451 Research, part of S&P Global Market Intelligence, told me, "The worst-case scenario with the platform is that you get the lowest common denominator within the areas that the platform provider covers." This can lead to potential gaps in protection and an inability to address specific threats effectively.

Vendor Lock-In

Platformization can result in vendor lock-in, making it difficult to justify the budget for additional tools that might overlap with the existing platform. This can be particularly challenging when CFOs resist new purchases due to significant investments in a current platform.

Stiennon also pointed out that a platform can also quickly become a single point of failure. “If it was a single code base, that means that now all of your security products all have the exact same flaws in them, and they'll all get updated and crash at the same time. They'll all get attacked at the same time. You don't have any defense in depth anymore.”

Innovation Stagnation

Relying on a single platform can slow the adoption of cutting-edge solutions. Companies often face challenges when introducing new tools alongside entrenched platforms, potentially missing out on innovations that offer better protection.

ReliaQuest CEO Brian Murphy noted, “Even the best platform today can’t account for tomorrow’s threats.”

The Case for Modularity

A modular approach provides several advantages:

  • Flexibility to Choose Best-of-Breed Solutions: Organizations can select the best tools for specific needs.
  • Easier Adaptation to Emerging Threats and Technologies: Modularity allows for quicker adoption of new technologies.
  • Avoidance of Single Points of Failure: Reducing dependency on one platform minimizes risk.

CISO Perspective

Many industry leaders prefer modularity. Anecdotes from industry conferences often highlight the preference for a mix of specialized tools over a single platform.

“You have to be flexible. You have to have platform-thinking without going all in on one platform – in such a way that you can stretch a little bit,” stressed Rob ter Linden, CISO of Signify, one of the world’s largest commercial lighting companies. “With our company, with 30,000 people, we may have different business units using different tools or different approaches. We have to provide the same level of security for all those business units even when they are using different tools. Previously we had a single provider that was trying to get everything done with the same technology, and that didn’t work. If the business units don’t like the tool, they aren’t going to use it. And you can’t just hire more and more people. ReliaQuest is a perfect example of how you can make it all work with that flexibility and automation.”

Best Of Both Worlds

Ensuring different tools work together is crucial for comprehensive coverage and reducing vulnerabilities. Interoperability allows organizations to leverage the strengths of multiple tools.

Successful integrations in the industry highlight the importance of interoperability. An effective cybersecurity solution should facilitate seamless integration, enabling different security tools to communicate and work together effectively.

Murphy summed it up well. “We should enable the customer. We should make the customer the platform so that the security team can enable whatever it is their business needs.”

A balanced approach that leverages the strengths of both strategies—platformization and modularity—while maintaining flexibility to adapt to future challenges is essential. By focusing on integration and interoperability, organizations can create a seamless and robust security ecosystem capable of addressing the ever-evolving threat landscape.

Comments