As Bob Dylan sang, ‘the times they are a changing.’ This is certainly true when it comes to security technologies – just about every security monitoring tool and control is going through a profound transformation. Here are just a few examples:
- Endpoint security is evolving from signature-based AV to next-generation endpoint security suites. ESG views endpoint security as a continuum with prevention on one side and detection/response on the other. A few years ago, upstarts pushed into endpoint security with aggressive attacks at one of these poles – Cylance jumped into threat prevention with solutions based upon artificial intelligence while Carbon Black, Crowdstrike, Cybereason, and Endgame moved into threat detection/response with EDR tools. The most recent battle is for the whole enchilada – comprehensive endpoint security suites that span across ESG’s endpoint security continuum. While startups continue to act as new shiny objects, old guard players like McAfee, Sophos, Symantec, and Trend Micro have spruced up their offerings with advanced prevention/detection/response features of their own. In the meantime, confused users are getting dozens of phone calls from vendors asking for meetings.
- Network security is moving to a software-defined and cloudy model. Remember 5 to 7 years ago when everyone was gaga over next-generation firewalls? Well, in my humble opinion, next-generation firewalls are now a legacy technology. Micro-segmentation software from vendors like Edgewise, Illumio, vArmour, and VMware has elbowed aside physical firewalls for protecting the confidentiality and integrity of east/west traffic, especially in hybrid cloud environments. Meanwhile, software-defined perimeter technologies from the likes of Cryptzone, Google, ScaleFT, and Vidder are starting to gain traction for securing connectivity between users and applications regardless of device type or location. I also see lots of organizations vying for cloud-based alternatives from Cato Networks, Comodo, and Zscaler, rather than deploy hardware or software on premises.
Like the endpoint security market, traditional network security players like Check Point, Cisco, Fortinet, and Palo Alto Networks are pushing back on startups with their own multiple form-factor network security “platforms,” but these vendors would readily admit that the network security market continues to grow more competitive and confusing. (Note: For more details on this topic, see this blog I posted earlier this year).
- Security operations is transforming to SOAPA. SIEM solutions from AlienVault, IBM, LogRhythm, and Splunk used to be the center of the security operations universe. While these products remain important, many organizations are surrounding SIEMs with other tools to improve security analytics and streamline operations. I see lots of activity in areas like UEBA (Exabeam, HPE, Securonix), threat intelligence platforms (TIPs, from vendors like Anomali, EclecticIQ, ThreatConnect, ThreatQuotient, etc.), and incident response platforms (IRPs, from Demisto, Phantom, Resilient, Resolve Systems, ServiceNow, Siemplify, Swimlane, etc.). CISOs are also kicking the tires on advanced network security analytics and EDR solutions as well. To add to the mayhem in this space, all of these technologies will morph from standalone products to a tightly-integrated security operations and analytics platform architecture (SOAPA) over the next few years.
So, what do these technology transformations mean? Rather than default to the status quo, CISOs need to be more strategic about security technology planning in all areas. This means thinking in terms of services rather than technologies themselves. The challenge for CISOs then is to choose the best services in the most appropriate form factors for addressing current and future security requirements.
Yes, this makes researching and procuring security technologies more complicated but those cybersecurity professionals who are up to this task can help their organizations enhance security efficacy, improve operational efficiency, and enable business processes. Isn’t that what CISOs are paid to do?