The most important attributes of a cybersecurity platform

We’ve seen an ongoing cybersecurity technology trend that goes something like this:

1. Enterprise organizations address cybersecurity using disconnected point tools. This strategy is no longer adequate, as it impacts security efficacy and adds operational overhead.
2. Security teams address these problems by consolidating and integrating the security tools they use. Many are building security technology architectures a la SOAPA (i.e. security operations and analytics platform architecture).
3. Seeing this trend in process, security technology vendors push internal development teams to integrate point tools across their portfolio. They then pitch integrated security “platforms” to customers.

This story has been unfolding for many years and is now reaching a climax. According to ESG research, 62% of enterprise organizations are now willing to buy a majority of security technologies from a single vendor. (Note: I am an employee of ESG.)

So, we are at the onset of the cybersecurity “platform wars” where vendors compete for bigger lucrative deals where deployment projects could span several years. OK, but this begs a few obvious questions: What is the definition of a cybersecurity technology platform, and what platform capabilities are most important?

8 attributes every cyberscurity platform must have

To answer these questions, my colleague Doug Cahill and I came up with eight attributes that we believe every cybersecurity technology platform must offer. We then surveyed 232 cybersecurity professionals and asked them to rank these attributes in order of importance. Here are the results:

• Coverage that includes major threat vectors such as email and web security (38%)
• Central management across all products and services (33%)
• Capabilities across threat prevention, detection, and response (31%)
• Coverage that spans endpoints, networks, servers, and cloud-based workloads (27%)
• Coud-based backend services — i.e. analytics, threat intelligence, signature/rules distribution, etc. (26%)
• Openness — i.e. open APIs, developer support, ecosystem partners, etc. (22%)
• A combination of tightly-coupled products and services — i.e. products and managed service options offering central command-and-control (20%)
• A platform that is offered in multiple deployment options — i.e. on premises, cloud delivered, hybrid, etc. (18%)

As I mentioned, ESG believes all eight are essential, but organizations will pick and choose based upon their own requirements. Bigger organizations will likely need and demand all eight, while smaller and less regulated firms can get by with fewer demands.

At any rate, CISOs should assess potential platform partners across all eight attributes. This will help them gain short-term benefits while future-proofing their cybersecurity architecture strategy.