ESG's Jon Oltsik and Dave Gruber discuss the current state of endpoint security and application security.
Read the related ESG Blog: The State of Endpoint and Application Security
Jon: I'm really excited today to introduce a new member of the ESG family, our new analyst, Dave Gruber. Dave, welcome.
Dave: Thank you, Jon. So excited to be here.
Jon: Now, you and I spent some time together last week at RSA 2019. What was your impression of RSA, especially as a new analyst?
Dave: Yeah. Well, first of all, it was terrific to be at RSA. The timing of this for me has been very, very nice. Second week, got introduced to a large number of the endpoint players that, frankly, I've been competing with over the course of the last year. And so, while I'm familiar with most of all those companies, I don't have the level of depth of insight into some of the companies that I would like to have.
And I got a chance to do that last week and met with many of the key players in each of those companies.
Jon: Okay. And so, tell me...give me your impressions of what's the state of the market for endpoint security, and what's the state of the market for applications security, the two areas you'll be covering?
Dave: Yeah. So, for endpoint, very interesting last week, some of the common themes that we saw, as has been quite widely communicated, companies are struggling with the complexity of the endpoint security environment, and frankly, not just endpoint but the entire security stack. Companies are running upwards to 50 or more different security products that are layered and the endpoint space is no different.
In endpoint alone, companies are often running to 5, 7, 8 to 10 products, just focused on the endpoint, and that's a big struggle for companies today. The complexity of it, the integration or lack of integration between those products, and as the market is focused on best of breed, this is sort of the world that we're left with.
People are now pushing in the other direction, bringing these systems and tools together into more integrated platforms. We heard that very loud and clear throughout RSA last week, where people are now bringing things into common consoles, single agents, fully integrated prevention, detection and response. The noise level is difficult, though, frankly, for the buyer. If I were a buyer, walk in the floor at RSA last week, I would have been struggling because I'm hearing very similar messages from each vendors.
Efficacy has reached a level where fairly compatible across the top 10 players or so in the endpoint space. So, efficacy is a difficult place to compete these days. The platform agenda is an important one, but it's going to be difficult for the buyer.
Jon: Yeah. And so, part of your challenge is to educate the users and work with the vendors to help educate the users?
Dave: Exactly. And so some of the areas that I'm super focused on is really understanding, from a buyer's perspective, what people are looking for in these integrated platforms when we talk about the reduction of complexity and the consolidation or convergence of these technologies. What does that look like? What actual capabilities do people want to bring together and how much is enough?
Frankly, in the end, people are going to end up running multiple platforms from multiple security vendors. And so, while we'll be reducing point products, we're still going to end up with the need to integrate those platforms, the new platform offerings, across the different vendors along the way.
Jon: Okay. So, real quick, what's your thoughts on application security?
Dave: Yeah. In the AppSec space, it's been a market space that's been important from integration in the DevOps cycles over the course of the last few years. And as we introduce the concepts of DevSecOps, and we're bringing security as a more important function in the role of DevOps, I think their AppSec space, all of a sudden, is going to get a boost in popularity, right, as we start to really have security play a more formal role overall in DevOps in the DevSecOps model.
All of a sudden, AppSec has a formal home, where in many cases in the past, the AppDev and the AppSec space, people have been really struggling to get organizations across the board to adopt DevSec widely.
Jon: Yeah. And as Doug would say, "If applications are infrastructure, infrastructure's a lot of times where security is."
Dave: Absolutely. Absolutely. So, I think some exciting times ahead for the AppSec vendors in general. The other part that's important is as people are consuming applications across all kinds of different devices, it's no longer just securing AppSec at the pure code level, but it's also isolating applications that are running on mobile devices and in the BYOD world, where people want complete flexibility and control of their own devices, yet enterprises want to lock down applications that people are now consuming on their mobile devices, there's a whole new layer of security that has to take place to make sure that the enterprise apps are fully accessible and secured on mobile devices, yet people continue to have the flexibility and the freedom to use their devices as they want.
Jon: Okay. So, you may not know this to look at Dave because he's got his jacket on, but he's also a rock and roll drummer. So, last question, give me your top three to five classic rock bands.
Dave: Well, so I'm a big fan of Led Zeppelin. I'm also a huge Aerosmith fan, local band here in the Boston area probably because it's local but also a big rocker. And then I have this sort of secret love for a band that many rockers would not or maybe would discount, that's Grand Funk Railroad, and just I always enjoyed their music. And yea right. So, wouldn't have been a pick that you would have thought of, but enjoyed their music...
Jon: The Who?
Dave: ...when I was growing up. And The Who? Right. Who could not like The Who. We do play a bunch of Who in my band as well.
Dave: So, that's awesome too.
Jon: All right. Well, Dave, once again, we're really excited to have you here and looking forward to working with you moving forward.
Dave: Yeah. I'm super excited to be here, Jon. And maybe we'll get a chance to jam some time because of those of you who don't know, Jon is also a great guitar player, singer in a classic rock band as well.
Jon Well, great compliment but thank you, Dave.