I have been writing about cybersecurity technology integration a lot lately. For example, here’s a blog I posted in May of this year about the cybersecurity technology integration trends I see in the market.
Yup, I’ve increased my rants on this topic lately, but I’ve actually been preaching this message for a number of years. Cybersecurity technology integration activities remind me of what happened in the 1990s when departmental applications gave way to big ERP systems from Baan, Oracle, and SAP. This was a difficult transition, but organizations that persevered benefited from improved data analytics, real-time decision making, and new types of automated business processes. CISOs are clearly looking for similar results.
Of course, cybersecurity technology integration is still pretty early on in its lifecycle. For those of us old enough to remember the ERP analogue, think about the 1994 to 1996 timeframe. Back then, large organizations, technology vendors, and service providers were figuring out how to deploy and consume ERP in manageable project phases. By doing so, CIOs could then acclimate their organizations to new technology and reap additional benefits without disrupting existing business operations.
That’s exactly what is happening with cybersecurity technology integration and once again, large enterprise organizations are paving the way for everyone else. I’m lucky enough to have a front-row seat in this transition process as I get to speak with lots of enterprise CISOs and security professionals engaged in this transition. As I mentioned, it’s still early, but based upon my market observations, cybersecurity technology integration is starting to have a profound impact across the industry. For example:
- Technology vendors are intent on creating a one-stop shop or joining the integration club. Many market leaders recognize what’s happening and are racing to become the SAP of cybersecurity technology. This list includes vendors like Blue Coat, Check Point, Cisco, FireEye, IBM, Intel Security, Palo Alto Networks, Sophos, Symantec, and Trend Micro. All of these companies are adding middleware, creating software architectures, embracing standards, and filling in product gaps through acquisitions. On the other end of the spectrum, smaller security technology vendors like Bit9 + Carbon Black, ForeScout, and Hexis Cyber Solutions are now building their products with APIs, messaging buses, and broad scripting support for peer-to-peer integration.
- Innovative integration hubs are growing like weeds. While the Sand Hill Rd. VCs drink Merlot and search for the next FireEye-like detection/response play, large enterprises seem most interested in cybersecurity integration hub technology like integrated cybersecurity orchestration platforms (ICOPs) based upon open source projects like NetFlix FIDO or commercial ICOP offerings from vendors like CSG Invotas, Phantom Cyber, or Resilient Systems. SOC and CIRT teams are after the same type of capabilities for threat intelligence analysis and sharing. This crowd is turning toward open source CRITs from MITRE Corp. or commercial alternatives from BrightPoint, ThreatConnect, ThreatStream, or ThreatQuotient.
- CISOs are adjusting budgets and organizations. Savvy infosec executives realize that cybersecurity technology integration is a game-changer and are modifying their strategies and tactics accordingly. For example, many organizations are creating a chief cybersecurity technology officer (CCTO) position and are looking to fill this role with someone who understands traditional cybersecurity technologies and has an aptitude for software architecture, middleware, DevOps, and application development operations. Some organizations are also modifying budgets, forcing the security team to purchase and implement integrated solutions rather than individual point products. Finally, CISOs are also tearing down traditional walls within the cybersecurity organization and between infosec and other IT groups like network/IT operations. The goal? Coordinate processes and bake cybersecurity into all technology activities.
- Many organizations are turning to professional services for help. Baan, Oracle, and SAP made lots of money during the ERP boom in the 1990s, but ERP software product revenue paled in comparison with all the money spent on professional services with Andersen Consulting (i.e., Accenture) E&Y, PWC, etc. Professional services will play a similar role in cybersecurity technology integration—Cisco, HP, IBM, Lockheed-Martin, Optiv Security (Accuvant/FishNet), Raytheon, and Unisys could all benefit from the pervasive need for technical help if they have the right mix of cybersecurity technology integration expertise and services.
Heck, cybersecurity technology integration is even affecting industry analyst firms like ESG. When ESG recently added cybersecurity veteran, Doug Cahill, as an ESG analyst, we were extremely excited about our new bandwidth and bench strength. Upon his arrival, Doug and I sat down to figure out who covers each cybersecurity area like application security, cloud security, endpoint security, network security, security analytics, etc. It was then that we realized that we, too, were living in the past. Given the momentum around cybersecurity technology integration, Doug and I decided that we really need to tag team all areas of cybersecurity—the whole cybersecurity enchilada. Thus, little ESG is a microcosm of the massive changes driven by cybersecurity technology integration across the industry.