• United States



Contributing Writer

The most important attributes of a cybersecurity platform

Aug 29, 20182 mins
Cloud SecurityCybercrimeEndpoint Protection

Information security professionals want coverage across major threat vectors, central management, and technologies for prevention, detection, and response in any security platform.

Network World: IoT Hacks [slide-06] > Lateral Attacks > Network access via a single breach point
Credit: HYWARDS / Getty Images

We’ve seen an ongoing cybersecurity technology trend that goes something like this:

  1. Enterprise organizations address cybersecurity using disconnected point tools. This strategy is no longer adequate, as it impacts security efficacy and adds operational overhead.
  2. Security teams address these problems by consolidating and integrating the security tools they use. Many are building security technology architectures a la SOAPA (i.e. security operations and analytics platform architecture).
  3. Seeing this trend in process, security technology vendors push internal development teams to integrate point tools across their portfolio. They then pitch integrated security “platforms” to customers.

This story has been unfolding for many years and is now reaching a climax. According to ESG research, 62% of enterprise organizations are now willing to buy a majority of security technologies from a single vendor. (Note: I am an employee of ESG.)

So, we are at the onset of the cybersecurity “platform wars” where vendors compete for bigger lucrative deals where deployment projects could span several years. OK, but this begs a few obvious questions: What is the definition of a cybersecurity technology platform, and what platform capabilities are most important?

8 attributes every cyberscurity platform must have

To answer these questions, my colleague Doug Cahill and I came up with eight attributes that we believe every cybersecurity technology platform must offer. We then surveyed 232 cybersecurity professionals and asked them to rank these attributes in order of importance. Here are the results:

  • Coverage that includes major threat vectors such as email and web security (38%)
  • Central management across all products and services (33%)
  • Capabilities across threat prevention, detection, and response (31%)
  • Coverage that spans endpoints, networks, servers, and cloud-based workloads (27%)
  • Coud-based backend services — i.e. analytics, threat intelligence, signature/rules distribution, etc. (26%)
  • Openness — i.e. open APIs, developer support, ecosystem partners, etc. (22%)
  • A combination of tightly-coupled products and services — i.e. products and managed service options offering central command-and-control (20%)
  • A platform that is offered in multiple deployment options — i.e. on premises, cloud delivered, hybrid, etc. (18%)

As I mentioned, ESG believes all eight are essential, but organizations will pick and choose based upon their own requirements. Bigger organizations will likely need and demand all eight, while smaller and less regulated firms can get by with fewer demands.

At any rate, CISOs should assess potential platform partners across all eight attributes. This will help them gain short-term benefits while future-proofing their cybersecurity architecture strategy. 

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author