Is the Cybersecurity Tool Space Evolving Toward a Platform Approach?

The cybersecurity marketplace is rife with tools and approaches, reflecting the endless proliferation of threats and countermeasures. The IT-Harvest cybersecurity dashboard lists over 3,700 vendors selling 8,000-plus products. 

Many of these are point solutions that address specific threats but lack interoperability or integration with other programs. According to the IBM Institute for Business Value (IBV), the average enterprise security portfolio includes 83 tools from 29 vendors—a daunting level of complexity that may create more risk than it mitigates. 

Is an integrated “platform approach” the way forward for SMBs? This article explains why more and more organizations are choosing single-vendor platform options over a multi-vendor array of point products.

Why are cybersecurity suites gaining ground on “best of breed” tool sets?

52% of executives in the IBV survey rate complexity as their biggest cybersecurity operations problem. A platform/suite approach, in contrast, improves incident detection and response while cutting costs, aiding operational efficiency, and delivering about 70% greater ROI versus multi-vendor environments. 

Cybersecurity suites may also offer stronger AI-backed features that help teams analyze aggregated data to sort out critical insights. Overall, surveyed executives in companies with integrated/platform security investments were 12 times more likely to rate security as a “value generator” for the business and not just a “necessary cost.”

Why the wide disparity in cost/benefit and user satisfaction between platforms and point products? Trends shifting the marketplace towards integrated cybersecurity platforms include:

• • A fragmented view of threats.
    Security teams often struggle to build a comprehensive view of threats from unintegrated security data from multiple standalone tools, increasing the risk that attacks will slip past their defenses.

• The need to reduce “time to insight.”
  Rather than receiving cyber alerts through one dashboard and investigating them through another interface, companies increasingly want to accelerate the process by merging detection and response activities in a common UI or “single pane of glass”—one that is configurable for different use cases. 

• Cloud integration requirements.
  With the huge majority of organizations now needing to defend cloud environments, the move to cloud-native, modular cybersecurity platforms like cloud detection and response (CDR) is inexorable.
• Relentlessly morphing attacks.
  Cyber attacks become more numerous and complex with each passing week. A platform approach can offer a more flexible and comprehensive defense-in-depth posture versus a multi-vendor approach. 
• Cost and complexity.
  A single-vendor platform can potentially provide comparable or better cybersecurity controls with less cost and complexity than managing tools from multiple vendors.

Integrated platforms as “the next phase of security evolution”

According to Arick Goomanovsky, Vice President of Product Innovation at Tenable Security, most of the vendors in today’s cloud detection and response (CDR) space are “converging toward the same kind of platform-like visibility.”

“That’s exactly where the market is going in the next few years,” Arick asserts. “You want to be able to look at the same platform, see the pre-breach and post-breach data, and be able to connect the dots in a meaningful way. That’s the next phase of security evolution.”

But Arick acknowledges the challenges vendors face with delivering unified tool suites that consolidate security insights within a single platform. A particular challenge with platform products is meeting the disparate needs of different teams within an organization.

Pick your favorite solution set: attack surface management, configuration and vulnerability management, cloud security posture management—they largely offer similar capabilities across different points on an incident lifecycle. 

The overall goal of a cybersecurity platform solution is to deliver protection from cyber threats across:

• Diverse environments and users (DEV, TEST, PROD)
• Repeating cycles of pre-breach, breach, and post-breach timelines
• Different public cloud infrastructure (AWS, Azure, IBM, etc.)
• Compliance versus information security 
• And more.  

Arick continues: “If the age of single-case siloed security solutions is over and platforms are going to be the winners, ultimately you have different users you need to cater to—such as the data owners, identity people, workload people, developers… You have to build smart products that are able to support multiple use cases.”

Supporting multi-vendor integrations

In a vendor’s perfect world, every prospective customer would want the whole platform offering. But especially in evolving market spaces like CDR, some businesses want to combine a portion of the platform with their existing complementary tools, like adding CDR to a competitor’s cloud native application protection platform (CNAPP). Or augmenting a CNAPP offering with a different vendor’s cloud identity entitlement management (CIEM) tool.

“It’s better to have a single pane of glass,” notes Arick. “But, for example, the key user of a CIEM solution is an identity person. They have different use cases that many CNAPP tools don’t support. That’s why they need a different tool.”

At the same time, the incremental cost of investing in an additional cybersecurity solution may still be justifiable because it is much smaller than the cost of a data breach or compliance issue resulting from gaps in the cybersecurity posture. 

“Obviously, we’re still going towards consolidation,” emphasizes Arick. “But whatever we say today might be less relevant six months or twelve months down the road. I would encourage everyone to try to keep up with the pace to see what new things are coming out and make informed decisions.”

What’s next?

For more guidance on this topic, listen to Episode 148 of The Virtual CISO Podcast with guest Arick Goomanovsky, Vice President of Product Innovation at Tenable Security.