I wrote a blog last week about new integrated anti-malware technology last week in response to Palo Alto Network's acquisition of Cyvera. In fact, this integrated technology model isn't limited to anti-malware but is becoming the new reality across the cybersecurity life cycle of risk management, incident prevention, incident detection, and incident response.
I'm convinced that this is where the market is headed, driven by burgeoning cybersecurity requirements across organizations large and small. Why do I believe this? Well, in a recent ESG research survey, 315 security professionals working at enterprise organizations (i.e. more than 1,000 employees) were asked how their organization's security strategy would change over the next 24 months. A little under half (44%) of respondents said that their organization would, "design and build a more integrated enterprise security architecture," the highest percentage of all responses. This trend is actually reverberating on the supply side as Blue Coat, Cisco/Sourcefire, FireEye, IBM, McAfee, PAN, and Trend Micro are all engaged in R&D and M&A activities to meet the need for technology integration.
In my humble opinion, the move toward cybersecurity technology architecture has a number of other ramifications on:
1. Security professionals. When evaluating and procuring IT security products in the past, security professionals lived by a common credo, "best-of-breed." Of course, each cybersecurity technology must stand on its own, but each point tool must also be an active cog in a greater systemic whole. This means that security professionals must ask about integration in RFIs/RFPs and include integration testing as part of evaluations and POCs.
2. Security technology vendors. Large security vendors may have holes in their portfolios while users can't simply rip-and-replace heterogeneous security technologies with years remaining on their amortization schedules. Because of this, cybersecurity technology vendors need to establish partner ecosystems and support them with SDKs, open APIs, and adequate resources. On the flip side, smaller vendors must make sure that they support technology development with proactive partnering and business development activities. Finally, all vendors must remember that (cybersecurity architecture) Rome wasn't built in a day. Therefore, they have to help their customers with architectural project planning, engineering, milestones, and metrics so that they continue to progress and benefit as they build their cybersecurity architecture over time.
3. Cybersecurity VARs and MSSPs. Independent resellers have an incredible opportunity to supply the brain- and man-power to glue disparate products and architectures together. These skills could shift the center of cybersecurity gravity to accomplished VARs and channel experts like Accuvant, FishNet, and Presidio. MSSPs can also play here by extending their services into leading cybersecurity technology architectures as they are established. For example, Proofpoint may be able to plug its Targeted Attack Protection into an on-premise architecture with Fortinet for network security and RSA for security analytics.
4. Analysts, labs, and researchers. Security professionals aren't the only ones programmed for a best-of-breed approach to cybersecurity. In fact, the entire industry is built upon one-off evaluations and testing of individual security widgets rather than end-to-end architecture. This myopic analysis is no longer enough however. Analyst reports, product testers, and academics can certainly continue to evaluate the individual piece-parts but this work will become useless unless each "link" is appraised based on its individual merits AND its cooperation and contribution to the overall cybersecurity chain.
The title of this blog really says it all - the whole integrated cybersecurity architecture if far greater than the sum of its parts. Now the whole industry must adjust its behavior accordingly.