Welcome to the Year of the Security Platform
This is going to be a great year for infosec teams and not because our job is getting easier. On the contrary, technologies like Kubernetes and paradigms like multi-cloud computing are going mainstream and that’s making it harder than ever to keep up. No one has years of experience protecting technologies that were only recently invented.
Even with these developments and challenges, be sure to follow one trend in particular throughout 2020. The rise of the cybersecurity platform.
Why now?
Formerly dominant vendors like Symantec and McAfee have failed to keep up. Instead, CISOs rely on a galaxy of startups solving everything from anomaly detection to zero-trust.
Despite (or because of) billions of dollars in cybersecurity acquisitions, this startup explosion is not going away. It’s going to take incredible innovation to give the good guys a fighting chance in the coming years. A critical source of innovation is going to be small teams of highly motivated experts working at VC-funded startups.
If the cybersecurity vendor space is going to stay fragmented, what does that mean for enterprise security teams? Already, much of the security effort has moved from SOC-style event analysis to integration projects where solutions solving specific problems get onboarded, tuned and hooked into the team’s communication channels.
To illustrate the problem with this fragmentation, consider an attack scenario that plays out along the following steps:
- One of your DevOps engineers receives a convincingly authentic malicious email.
- The weaponized attachment installs a trojan on the engineer’s laptop.
- The trojan uploads API access keys from the laptop to the C2 server.
- The threat actor uses the stolen keys to start encrypting files across your cloud data buckets.
Ouch!
The challenges presented by this attack are huge when your email, endpoint, network and cloud security solutions are each working in their own silo. Forget about “connecting the dots” when the datasets are spread across multiple vendor databases.
All of this helps to explain why over 80% of breaches are discovered after being reported by external sources like law enforcement and bounty programs. It’s also the reason why security teams have a hard time establishing metrics tracking key performance indicators such as visibility and posture improvement.
The solution won’t be found in yet another solution provider. Instead, we’re going to see an exciting competition to establish the most vibrant platform or “operating system” for cybersecurity.
Who are the players to watch?
It’s too soon to tell which platform will become the standard. Over time, you’ll find that the process for selecting a new cybersecurity solution for a particular area doesn’t start from scratch. Rather, you’ll go to a marketplace where vendors offer their solution and signing up will be as painless as installing an app on your phone. Other indications of an established cybersecurity marketplace will be low-friction POCs and a move from annual to monthly or consumption-based subscriptions.
For now, here are three contenders building cybersecurity platforms- each from a different angle.
Palo Alto Networks
The world’s largest cybersecurity company has been on a shopping spree. With its core firewall business facing decline, PAN has bought startups in key areas of cloud and application security. These latest acquisitions have been rebranded as Prisma apps (Prisma Access, Prisma Cloud, Prisma SaaS) and offered on the Hub platform alongside the Cortex security data lake and apps from two dozen vendors.
Palo Alto Networks has the major advantage of already being a trusted partner for thousands of infosec teams. However, their Cortex data lake technology is unproven and they may run into technical challenges going from digital storefront to a true data hub for their ecosystem.
CrowdStrike
Flush with cash from its successful IPO, CrowdStrike is going from an endpoint security solution to an endpoint-based security platform. CrowdStrike offers an appealing deployment option of running additional security solutions on top of its single Falcon agent. Want your CrowdStrike fleet to start monitoring for Industrial Control System (ICS) attacks? Just browse to the ICS category in the CrowdStrike Store and sign up for the relevant startup’s offering.
CrowdStrike should be able to quickly grow its inventory from the three apps on offer today. Watch to see if its platform play is able to extend beyond the endpoint to other areas critical for security teams, including cloud infrastructure, email protection, and application security.
Snowflake
While the two other emerging platforms were from cybersecurity companies moving into big data and data sharing, Snowflake is an established data platform going the other direction. With its recently launched Data Exchange, Snowflake believes that customers will want to join their internal datasets with data from specialized providers (e.g. threat intel vendors) as well as share data out to third-party analytics vendors that will convert the customer’s data into insights such as threat detections and risk scores.
Snowflake’s chance at winning the cybersecurity platform race hinges on whether enterprises will see significant savings and benefits from unifying security data within their general purpose data platform. Snowflake will be dependent on its vendor ecosystem more than other contenders but if the platform game ends up being all about working well with data then it may have an edge.
Let the race begin!
Platform competition tends to be winner-take-all but in the case of cybersecurity, multiple marketplaces may emerge to cover different domains within the field. Application security, endpoint protection, and security analytics may each have a separate winner emerge.
A cybersecurity platform with a vibrant vendor community will mean less time spent flipping between browser tabs while trying to connect the dots and more time protecting against breaches. 2020 is going to be an interesting year for information security and hopefully the start of a more secure decade.
