What Are the Most Important Attributes of a Cybersecurity Platform?

cybersecurity-platform-operationWe’ve seen an ongoing cybersecurity technology trend that goes something like this:

  1. Enterprise organizations address cybersecurity using disconnected point tools. This strategy is no longer adequate as it impacts security efficacy and adds operational overhead.
  2. Security teams address these problems by consolidating and integrating the security tools they use. Many are building security technology architectures a la SOAPA (security operations and analytics platform architecture).
  3. Seeing this trend in process, security technology vendors push internal development teams to integrate point tools across their portfolio. They then pitch integrated security "platforms" to customers.

This story has been unfolding for many years and is now reaching a climax. According to ESG research, 62% of enterprise organizations are now willing to buy a majority of security technologies from a single vendor. 

So, we are at the onset of the cybersecurity "platform wars" where vendors compete for bigger lucrative deals where deployment projects could span several years. Okay, but this begs a few obvious questions: What is the definition of a cybersecurity technology platform, and what platform capabilities are most important?

To answer these questions, my colleague Doug Cahill and I came up with 8 attributes that we believe every cybersecurity technology platform must offer. We then surveyed 232 cybersecurity professionals and asked them to identify the three attributes they consider most important. Here are the results:

  • 38% of cybersecurity professionals believe that one of the most important attributes of a security technology platform is coverage that includes major threat vectors like email and web security.
  • 33% of cybersecurity professionals believe that one of the most important attributes of a security technology platform is central management across all products and services.
  • 31% of cybersecurity professionals believe that one of the most important attributes of a security technology platform is capabilities across threat prevention, detection, and response.
  • 27% of cybersecurity professionals believe that one of the most important attributes of a security technology platform is coverage that spans endpoints, networks, servers, and cloud-based workloads.
  • 26% of cybersecurity professionals believe that one of the most important attributes of a security technology platform is cloud-based back-end services (i.e., analytics, threat intelligence, signature/rules distribution, etc.).
  • 22% of cybersecurity professionals believe that one of the most important attributes of a security technology platform is openness (i.e., open APIs, developer support, ecosystem partners, etc.).
  • 20% of cybersecurity professionals believe that one of the most important attributes of a security technology platform is a combination of tightly-coupled products and services (i.e., products and managed service options offering central command-and-control).
  • 18% of cybersecurity professionals believe that one of the most important attributes of a security technology platform is multiple deployment options (i.e., on-premises, cloud delivered, hybrid, etc.).

As I mentioned, ESG believes all 8 are essential but organizations will pick and choose based upon their own requirements. Bigger organizations will likely need and demand all 8 while smaller and less regulated firms can get by with fewer demands.

At any rate, CISOs should assess potential platform partners across all 8 attributes. This will help them gain short-term benefits while future-proofing their cybersecurity architecture strategy. 

Topics: Cybersecurity SOAPA