In a blog I wrote and published in August, I listed the 8 attributes that my colleague Doug Cahill and I believe are critical for a cybersecurity technology platform. The blog also ranks the 8 attributes according to a recent survey of 232 cybersecurity professionals working at enterprise organizations (i.e., those with more than 1,000 employees).
It was recently pointed out to me that while I list the attributes in my blog, I did not define them. My apologies for the oversight, so here again is the list of attributes (along with the percentage of survey respondents that rated them as most important) along with definitions for each one.
- Coverage that includes major threat vectors such as email and web security (38%). Any security researcher will tell you that at least 90% of cyber-attacks emanate from phishing emails, malicious attachments, or weaponized URLs. A cybersecurity platform must apply filters and monitoring to these common threat vectors for blocking malware and providing visibility into anomalous, suspicious, and malicious behaviors.
- Central management across all products and services (33%). In this instance, central management means configuration management and policy management along with common administration and reporting. Cybersecurity technology platform management provides an aggregated alternative to the current situation where organizations operate endpoint security management, network security management, malware sandboxing management, etc.
- Capabilities across threat prevention, detection, and response (31%). CISOs want their security technologies to block the majority of attacks with detection efficacy in excess of 95%. When attacks circumvent security controls, they want their cybersecurity technology platforms to track anomalous behaviors across the kill chain (or the MITRE ATT&CK framework), provide aggregated alerts that string together all the suspicious breadcrumbs, and provide functions to terminate processes, quarantine systems, or rollback configurations to a known trusted state.
- Coverage that spans endpoints, networks, servers, and cloud-based workloads (27%). This one is sort of self-explanatory. Today’s enterprises feature Balkanized endpoint, network, server, and cloud-workload protection tools that don’t talk to each other. Enterprise organizations want tightly integrated tools that span their IT infrastructure and work together as security force multipliers.
- Cloud-based back-end services (i.e., analytics, threat intelligence, signature/rules distribution, etc.) (26%). Think of the cloud as the back-end brains of a cybersecurity technology platform. Cloud-based services will aggregate suspicious behaviors across customers, run these behaviors through advanced and constantly improving machine learning algorithms, track the latest threat intelligence, and provide customized analytics and threat intelligence curation for specific customers, industries, etc. In this way, all customers benefit from universal and customized services.
- Openness (i.e., open APIs, developer support, ecosystem partners, etc.) (22%). Even the best cybersecurity technology platforms won’t offer exhaustive security coverage. Therefore, security platforms must be fitted with APIs for third-party technology integration and developer support. This will also encourage the network effect where cybersecurity technology platform users share development best practices and homegrown software among the community.
- A combination of tightly coupled products and services (i.e., products and managed service options offering central command and control) (20%). Given the global cybersecurity skills shortage, organizations will pick and choose which security technologies they run in house and which they outsource to managed security service providers. Leading cybersecurity technology platforms will enable seamless interoperability across any product and managed services mix.
- A platform that is offered in multiple deployment options (i.e., on-premises, cloud-delivered, hybrid, etc.) (18%). Large organizations tend to use hybrid technology deployments, running security appliances at corporate headquarters while opting for cloud-based security proxy services to support remote offices and mobile workers. Cybersecurity technology platforms will offer this hybrid support across all security controls (regardless of form factor) with a central management plane.
While some attributes are rated higher than others, ESG firmly believes that large organizations will need all 8 over time. Therefore, CISOs should qualify, evaluate, and test cybersecurity technology platforms across all attributes while prioritizing those needed to address near-term requirements.