ESG's Doug Cahill and Jon Oltsik discuss highlights from recent ESG research on Enterprise Class Cybersecurity Platforms.
Read the related ESG Blog: Defining a Cybersecurity Platform
Jon: So we've just completed our second annual look at Enterprise Class Cybersecurity vendors and we'll be talking a lot about that research in the days and weeks to come but one of the points that we raised here, Doug, was about cybersecurity technology platforms. And the thought is, buying more products from fewer vendors and having tight integration in those platforms, so we've been covering that for a number of years.
Doug: It's a really front and center topic. I mean, as an organization's attack surface expands, there's a tendency to go point tools for those different discrete areas, those sort of control points of endpoint, network, cloud. We know it's operationally untenable over time so there's a natural sort of evolution to converge to platforms.
Jon: So, Doug, the first thing we looked at was are vendors communicating a clear definition of platforms. The biggest percentage, 38% said one or more cybersecurity vendors have provided a general definition of their cybersecurity platform but more specifics would be helpful. And 36% said one or more cybersecurity vendors have conveyed a clear definition of their cybersecurity platform which we understand and with which we agree. So, Doug, 38% are totally confused, right? They're getting different definitions. They're not clear on what the definition is. Thirty-six percent say, "Well, we're clear" but they're getting clear definitions from multiple vendors so there's probably distinctions in what the vendors are saying, what products are included, you know, what support they give them. So, what do you think?
Doug: Well, I imagine customers are then being a little introspective and saying, "Well, how do I think of a cybersecurity platform? What does a cybersecurity platform mean to me and my organization?" And so similarly, we then asked the respondents which of the following most closely aligns with your definition of a cybersecurity platform. The leading definition was a cybersecurity platform is an integrated product suite from a single vendor that also provides APIs for integration of third-party technologies. Think it's an awfully good definition but only 41% of the respondents cited that definition of a cybersecurity platform as one that they identify with.
Jon: So that does speak to the confusion in the market and no one's really communicating a clear definition.
Doug: No question. And since we've been chatting about this for the last year or two, I know our sort of perspective and definition has evolved as well.
Doug: And so for example, one of the things we changed from this year's study from last year's study is how we think about coverage across the attack surface area with respect to attack vectors. So not just covering endpoint to network to cloud but how are the threats coming in.
Jon: That's right. In fact, I said no one's communicating a clear definition of a platform, except us. So when we got together and thought about this, we came up with eight things that we believe are important in a cybersecurity platform. And then we asked which of these eight is most important. And you're right, Doug. Coverage across the common threat vectors like web and email came out number one.
Doug: Absolutely. As well as just coverage across the attack surface or just the control points of endpoint, network, and cloud. So coverage for greater efficacy.
Jon: That's right.
Doug: And then this notion of flexibility. So one of the things we've been tracking for at least a couple years now is Security as a Service or cloud-delivered security and I think customers are understanding that there's more than just an operational benefit, not having to maintain on-prem management servers but also the ability to do, you know, threat intel sharing, dynamic analysis in the cloud, and so forth. But some organizations still want on-prem deployment so this notion of flexibility was one of the things that came through as a requirement as well.
Jon: That's right. So my takeaway was efficacy is most important. So efficacy across threat vectors, efficacy from endpoint to network to data center to cloud. And then prevention detection and response, I want a single package there. This is an immature market though so some of the things we think about long-term like openness, really important to us, a little bit down the list. Things like the form factor deployment so do I want on-prem versus cloud, a little bit down the list. And then services, we believe a platform has to include services because you can't do everything and people are thinking of that down the line. Now, I think all of those things come into play, but right now, people are thinking how do I replace these point tools with a technology platform.
Doug: You bet. You bet. Now, I don't think we're implying that there's gonna be an uber cybersecurity platform from a single vendor because one of the things we heard, again, just going back to our recent discussion around Black Hat and the CISO Summitt, is the ongoing need for best-of-breed point tools to, you know, thwart, motivate adversaries with new attack vectors and methods. So what I'm hearing is they want best of both worlds. They do want convergence on a platform but they want to be able to snap in the emerging best-of-breed technology into that platform as well.
Jon: Yeah, and that supports kind of traditional cybersecurity culture which is best-of-breed, layered defense and depth architecture. That's a good model but it's hard to operate so with integration and openness, you can get both.
Doug: You bet. You bet. So more to come, right? We'll be doing some research briefs, maybe another video, some webinars.
Jon: Hopefully another video. Yeah.
Doug: Yeah, always good fun.
Jon: Okay, so stay tuned.