If enterprise security were an automobile it would be a Ford Taurus circa 1995. Good car way back when and still running but burning oil, barely passing inspection, and held together by bondo today. Like my Ford Taurus example, enterprise security continues to hang on but it certainly isn\u2019t a model of technical excellence or operational efficiency. To be more specific, current enterprise security is based upon disjointed organizations, manual processes, and an army of disconnected point tools. Functional but no match for IT complexity or the volume and sophistication of cybersecurity threats. I firmly believe we are at the beginning of a tipping point. Enterprises need a vast improvement in enterprise security analytics, automation, efficacy, integration, and intelligence soon. I\u2019ve thought and talked about this transition quite a bit, but I was caught off guard in a recent meeting by the following inquiry from a customer: \u201cI agree we are in the midst of an enterprise security transition, but what type of event will actually push this change over the cliff?\u201dIt took me a few seconds to respond to this question. I thought about a major security breach that disrupted critical infrastructure for days, weeks, or even months. I pondered the economic fallout from this type of event and the follow on finger-pointing and beehive of misguided activity in Washington. This could lead to reactive legislation that forced enterprise organizations into major security projects and massive changes. On and on\u2026.Yup, all this may happen \u2013 and if it does it will indeed drive major modifications. That said, I now think something much less exciting is already happening. In lieu of some catastrophic cyber event, the current enterprise security model is experiencing \u201cdeath by a thousand cuts.\u201d The cuts are simply getting more abundant and deeper. Allow me to bring in some ESG research to elaborate on my thesis here. In a recent survey, ESG asked security professionals to comment on changes in a number of security activities over the past few years. The data revealed that:\u2022 42% of security professionals believe that \u201ckeeping up with the latest threats and vulnerabilities\u201d is \u201cmuch more difficult\u201d or \u201csomewhat more difficult\u201d than it was two years ago\u2022 39% of security professionals believe that \u201ckeeping up with internal security skills\u201d is \u201cmuch more difficult\u201d or \u201csomewhat more difficult\u201d than it was two years ago\u2022 38% of security professionals believe that \u201coverall security monitoring\u201d is \u201cmuch more difficult\u201d or \u201csomewhat more difficult\u201d than it was two years ago\u2022 35% of security professionals believe that \u201crecruiting\/hiring new security professionals\u201d is \u201cmuch more difficult\u201d or \u201csomewhat more difficult\u201d than it was two years ago\u2022 33% of security professionals believe that \u201cmanaging disparate security point tools\u201d is \u201cmuch more difficult\u201d or \u201csomewhat more difficult\u201d than it was two years agoWe in the security community tend to look at the world through a series of segments \u2013 network security, endpoint security, analytics, identity management, risk management, etc. Okay but the CISO sits at the top of the organization and has to deal with the whole enchilada. When you look at enterprise security in total, it is a pretty ugly situation with all kinds of things breaking down simultaneously. So what can CISOs to fix things across people, processes, and technology at the same time? Many simply throw up their hands and turn to security services. This trend will continue and increase. Enterprises could hire an army of CISSPs but cybersecurity experts are in short supply and few companies can throw around this kind of money. This leave only one other alternative: Work smarter, not harder. In other words, find ways to make the security infrastructure more effective and personnel more efficient. When CISOs come to this epiphany they will realize that they need a new enterprise-class security technology architecture to make this happen. This is where we are headed \u2013 sooner than most people think.