As Bob Dylan sang, "The times they are a-changin'." This is certainly true when it comes to security technologies \u2014\u00a0just about every security monitoring tool and control is going through a profound transformation. Here are just a few examples:Endpoint security is evolving from signature-based antivirus to next-generation endpoint security suites.\u00a0ESG views endpoint security as a continuum with prevention on one side and detection\/response on the other. A few years ago, upstarts pushed into endpoint security with aggressive attacks at one of these poles \u2014\u00a0Cylance jumped into threat prevention with solutions based upon artificial intelligence (AI), while Carbon Black, Crowdstrike, Cybereason, and Endgame moved into threat detection\/response with EDR tools.\u00a0The most recent battle is for the whole enchilada \u2014\u00a0comprehensive endpoint security suites that span across ESG\u2019s endpoint security continuum. While startups continue to act as new shiny objects, old-guard players such as McAfee, Sophos, Symantec, and Trend Micro have spruced up their offerings with advanced prevention\/detection\/response features of their own. In the meantime, confused users are getting dozens of phone calls from vendors asking for meetings.\u00a0Network security is moving to a software-defined and cloudy model.\u00a0Remember five to seven years ago when everyone was gaga over next-generation firewalls? Well, in my humble opinion, next-generation firewalls are now a legacy technology. Micro-segmentation software from vendors such as Edgewise, Illumio, vArmour, and VMware has elbowed aside physical firewalls for protecting the confidentiality and integrity of east\/west traffic, especially in hybrid cloud environments.\u00a0Meanwhile, software-defined perimeter technologies from the likes of Cryptzone, Google, ScaleFT, and Vidder are starting to gain traction for securing connectivity between users and applications regardless of device type or location. I also see lots of organizations vying for cloud-based alternatives from Cato Networks, Comodo, and Zscaler, rather than deploying hardware or software on premises.\u00a0Like the endpoint security market, traditional network security players such as Check Point, Cisco, Fortinet, and Palo Alto Networks are pushing back on startups with their own multiple form-factor network security \u201cplatforms,\u201d but these vendors would readily admit that the network security market continues to grow more competitive and confusing. (For more details on this topic, read a\u00a0blog\u00a0post I wrote earlier this year:\u00a0Are next-generation firewalls legacy technology?)\u00a0Security operations is transforming to SOAPA.\u00a0SIEM solutions from AlienVault, IBM, LogRhythm, and Splunk used to be the center of the security operations universe. While these products remain important, many organizations are surrounding SIEMs with other tools to improve security analytics and streamline operations. I see lots of activity in areas such as user entity behavior analytics (UEBA) from companies such as Exabeam, HPE and Securonix; threat intelligence platforms (TIPs) from vendors such as Anomali, EclecticIQ, ThreatConnect, and ThreatQuotient; and incident response platforms (IRPs) from Demisto, Phantom, Resilient, Resolve Systems, ServiceNow, Siemplify, and Swimlane.CISOs are also kicking the tires on advanced network security analytics and endpoint detection and response (EDR) solutions as well. To add to the mayhem in this space, all of these technologies will morph from standalone products to a tightly integrated security operations and analytics platform architecture (SOAPA) over the next few years.\u00a0Rather than defaulting to the status quo, CISOs need to be more strategic about security technology planning in all areas.What do these technology transformations mean? Rather than defaulting to the status quo, CISOs need to be more strategic about security technology planning in all areas. This means thinking in terms of services rather than technologies themselves. The challenge for CISOs then is to choose the best services in the most appropriate form factors for addressing current and future security requirements.\u00a0Yes, this makes researching and procuring security technologies more complicated, but cybersecurity professionals who are up to this task can help their organizations enhance security efficacy, improve operational efficiency, and enable business processes. Isn\u2019t that what CISOs are paid to do?