Understanding Security Platformization and Why It’s Important
The platform wars are on as almost all of the larger security vendors and some network vendors have been pushing a platformization approach to security.
The RSA Security show is being held in San Francisco next week. While there will be plenty of AI buzz, another topic is the shift to a security platform. While the concept of a security platform has been bandied for the better part of the last half-decade, it’s been more vision than reality. AI is the missing ingredient in the security platform recipe as it helps connect the dots between the data generated by the security tools to create that “1+1 = 3” scenario.
A good place to start with the security platform is the definition. As is the case with all things tech, when multiple vendors coalesce around a theme, there will be numerous definitions. I’ve looked at many of the vendors' comments on this topic, and the definition that I believe to be the most complete is the one Palo Alto Networks has been driving towards. Shortly after its last earnings call, CEO Nikesh Arora posted a LinkedIn article about security platformization.
Defining a security platform
To drill down on this deeper, I recently talked to Rob Rachwald, Director of Product Marketing at Palo Alto Networks. We discussed the following three components of a security platform:
One management and one policy plane. This is crucial to the effectiveness of a security platform. In security, it’s common for the larger vendors to acquire capabilities in emerging areas. The challenge with this is security pros then need to manage the tools through multiple interfaces, which leads to blind spots that lead to breaches. A security platform requires an actual “single pane of glass.” Because Palo Alto has been working toward the platform vision for years, it has made ease of integration into a platform a key component of its acquisition strategy. Rachwald told me, “We have been doing platforms for a long time, so native integration, even with acquisitions, is a key component of our product strategy. “
Built on an inline device. The security platform needs telemetry for analysis to find threats. An inline device's value is seeing all traffic and blocking it immediately when a threat is identified. Many out-of-band devices exist, but that creates a lag in enforcement, and while it may be small, it’s long enough to be breached.
Constant validation via AI. As I mentioned earlier, AI was the missing component of platformization. Almost every enterprise today is highly dynamic, with workers connecting from everywhere and devices coming on and off the network. People, no matter how seasoned, can work fast enough to validate configurations—but machines can. Platforms must be AI-supported, or they will eventually fail.
By this definition, Palo Alto’s products are built around three platforms: its next-generation firewall, Strata, its Cortex SOC tools, and the cloud portfolio. What’s notable here is that Palo Alto isn’t trying to create “one platform to rule them all” but rather build platforms for specific outcomes, such as the Cortex platform improving SOC effectiveness.
Customers are increasingly interested in security consolidation
An interesting question is, do customers want to consolidate security tools? My research shows that 73% of enterprise-class companies are looking to reduce the number of security tools by using fewer vendors. However, only a few security pros believe they can get down to one vendor, as many of the emerging capabilities for new attack vectors come from the world of startups, many of which are on display at RSA. On my call, I asked Rachwald about the desire to consolidate, and he cited ESG data that found 69% of companies are actively consolidating the number of security tools in the SOC.
This begs the following question: Why consolidation now? Other vendors have attempted to deliver a security platform, but no one, including Palo Alto, has been successful. The answer is multifaceted. Earlier in this article, I shared that AI is needed to fulfill the vision. Data without AI is just data that requires analysis. While some companies could build the analytic tools in-house, they could not analyze information fast enough to be meaningful.
The current state of security is untenable, driving customers to platformization
Better Mortgage is a company that rethought its approach to security and embraced the platform concept. As the company has grown, so has the number of security threats it faces daily. The company was looking to mature its SOC, and CISO Ali Khan aimed to automate more operations. He stated, "As we scaled up, we couldn't keep up with all the threats. We have dozens to hundreds of alerts daily. What do you do? Many of them were rinse-and-repeat alerts, and we used the Palo Alto Cortex platform to automate their triage.”
Another factor is the demand. While managing 30, 40, or 50+ security tools is a pain, it was manageable, arguably just barely. Then the pandemic happened, workers scattered everywhere, the use of the cloud jumped, and people started putting more data in more places. Barely manageable turned into untenable, forcing companies to rethink their approach to security. A few months ago, I interviewed the CISO from one of the US three-letter agencies, and he told me that his organization had over 200 security vendors two years ago. Today, that’s been rationalized to about 70, but ideally, he would like it under 10.
Lastly, the vendor community has oriented its commercial motions around platform selling, making it easier for customers to get started. From a customer perspective, complicated licensing, inconsistent software upgrades, and high up-front costs will hold back adoption. When I asked Rachwald about that, he mentioned the company had introduced introductory offers, free trials, and other programs to help companies shift to a platform and realize the benefits before committing to the big check.
Rachwald explained Palo Alto’s flexible commercial approach. “We are trying to minimize the economic impact for our customers to evolve to a platform. We recognize that not all contracts with security vendors end simultaneously, and we must be flexible. For example, if a customer is in the middle of a contract with CrowdStrike, they can shift to our platform, get the benefits for free, and pay the remainder of their CrowdStrike contract. We can formalize the commercial agreement at the end of the contract term. The critical point is that we must be flexible with the economics to make the transition easy for our customers.”
Security vendors need to demonstrate effectiveness
The platform wars are on. Almost all of the larger security vendors and even some of the network vendors have been pushing the platform message. The winners of platformization will be based on the following:
Demonstratable ROI: The platform must deliver reduced costs and more efficient operations. Security spending continues to increase, but companies are being breached at an unprecedented rate. A platform should help control security spending better.
Improved security efficacy: From a threat perspective, a security platform should catch more threats faster without human intervention.
Open platform: Protecting against attack vendors will always be the mission of security startups. Platform vendors should be open to working with third parties and simplifying the process of integrating acquisitions.
Zeus Kerravala is the founder and principal analyst with ZK Research.
Read his other Network Computing articles here.
Related articles:
About the Author
You May Also Like