As organizations struggle with the complexity and number of security tools in use, the dream of an integrated platform seems convincingly like a good idea. Surely life would be less complex with fewer tools to manage, systems that were designed and built to work together, and fewer vendors to deal with. But there will be new challenges and tradeoffs to consider that will require some planning and effort.
Let’s start with some of the more obvious advantages to moving to an integrated platform
- Having core capabilities delivered through a common console and a single lightweight agent will make it easier to deploy, use, and manage endpoint security. Sharing an agent will also relieve stress on endpoint performance.
- With prevention, detection, and response being integrated, IT and security teams should be able to speak a common language and work more effectively together.
- Assuming APIs are available for the platform, integrating with the rest of your security stack should be easier and more efficient.
- Managing a relationship with fewer vendors should provide you with more buying power and less complexity for renewals, upgrades, and customization.
- Adding new capabilities should be fast and easy. With a common agent already deployed, organizations could conceivably test out new capabilities utilizing production systems in somewhat of a try-and-buy model. Hopefully vendors will make it easy to accomplish this, by enabling trial deployments on a limited set of endpoints. With new capabilities sharing a console that users are already familiar with, there should be a reduced learning curve as well.
Ok, so with all this chocolaty goodness, what could possibly be risky or challenging?
- Most platforms will be stronger in some areas and weaker in others. If the platform is from a vendor who started with a focus on prevention, then its detection and response feature sets may lack capabilities other best-of-breed vendors are offering. Conversely, if vendors started out as network security vendors, and have expanded into endpoint, prevention feature sets may not be as mature as longer-term suppliers.
- When the platform has issues, they could extend across several of your key capabilities. Fewer tools and agents potentially mean a higher likelihood of a single point of failure.
- Significant integration work will still be required. In addition to the reimplementation of integrations required upon initial deployment, platforms will still need to be integrated with each other. API compatibility will still be important. A bigger initial concern is that, while many vendors are new to the platform world, their full platform APIs may be incomplete for some period of time until the platform is fully implemented, getting in the way of more aggressive implementation efforts.
- Customer service and support could be better, but it could be equally or more challenging. Most platform vendors have several different teams working on the individual services delivered on the platform, so you may end up dealing with multiple people as you request new features and bug fixes. I’m worried that depending on too many things from a single vendor could actually add complexity in the prioritization process when you need to get multiple things fixed or have requests for multiple features across the different capabilities. That said, I have high hopes that this won’t be the case.
- Innovation may slow down. As companies spend more time integrating the many tools in their platforms, they will spend less time implementing new value-add features. This is the tax that you pay when dealing with larger, more complex platforms, so you need to weigh the pros and cons accordingly.
All this said, I’m a big fan of the move to a more integrated platform world. It’s a big step forward as point products converge and vendors consolidate. There has been a tremendous pace of innovation in endpoint security over the past five years, so this is both a logical and needed step forward for endpoint. Kudos to the many vendors for driving this agenda hard over the past year and we should all look forward to significant benefits from this convergence. I'll be digging more into this topic in my upcoming research on the return of endpoint platforms and suites, so please reach out to me if you have additional thoughts or have interest in being involved.