You already understand that cybersecurity is important to the long-term success of your firm. Network security, email security, endpoint security, browser-based security, data loss prevention, encryption, and more. However, as companies begin to demand more comprehensive solutions, vendors are working to centralize the management of everything.
This has led to many companies offering cybersecurity “platforms.” Unfortunately, many of the companies providing platforms are just rolling up point solutions but failing to deliver on the promises that a true platform can deliver. In anticipation of our look at some of these providers who are close to delivering or effectively delivering, we today ask, what is a cybersecurity platform?
So what is a Cybersecurity Platform, Anyway? Are Platforms Even Possible?
In the simplest definition, cybersecurity platforms are built to protect the entirety of your business. Years ago, CISOs relied on a broad selection of point solutions to protect their business. These were disconnected, expensive, and left much to be desired in terms of visibility.
With visibility one of the most important factors in cybersecurity (you can’t protect yourself from what you can’t see), cybersecurity companies began to consolidate point solutions into broader ‘systems’ that began to deliver comprehensive and cohesive end-to-end protection.
Hype or Reality? The Promise of Platforms
Understandably, the true dream of a platform is yet to be fully realized and there’s a lot of hyperbole at the moment. However, as vendors integrate their assorted point tools into consolidated cybersecurity “platforms,” we’re getting closer to getting where we need to be.
In fact, according to a recent Enterprise Strategy Group study, the definitions are still unclear. When asked, “which of the following most closely aligns with your organization’s definition of a cybersecurity “platform?”,” respondents were split into three groups:
- 41% believe a cybersecurity platform is an integrated product suite from a single vendor that also provides APIs for the integrations of third-party technologies.
- 35% believe a cybersecurity platform is an environment that allows me to integrate a variety of open source security tools.
- 22% believe a cybersecurity platform is an integrated product suite from a single vendor.
Key Focuses for Platforms
So, what do they do? What do they provide? What should you look for? Here are just a few of the things you can expect to see in a cybersecurity platform.
It’s Comprehensive—Able to Handle Devices, Networks, and Processes
Possibly the top priority for businesses looking at cybersecurity products, the solution has to be comprehensive. Especially as you begin to add new devices, technologies, and networks, comprehensiveness will be even more important in coming years.
According to CSO, “Platforms must provide comprehensive coverage that includes endpoints (i.e. PCs, mobile devices, IoT devices, etc.) and networks, as well as physical servers, virtual servers, and cloud-based workloads (VMs, containers, etc.).”
Added to this, platforms must address a full threat lifecycle and provide prevention, detection, and response capabilities. As a constantly evolving platform, cybersecurity solutions need to handle evolving threats.
Today’s CISOs need cybersecurity platforms to provide strong defensive capabilities (i.e., rules, heuristics, machine learning models, behavioral algorithms, threat intelligence integration, etc.) capable of blocking and detecting threats with close to 100% efficacy.
In turn, a centralized platform should minimize the number of false positives, and cybersecurity platforms should also include simple mitigation techniques such as quarantining a system, halting a process, or terminating a network connection. Users should have the ability to automate these remediation measures when desired.
The goal of consolidating cybersecurity into one single product is to simplify the management. McAfee explains that simplicity refers to the following three concepts.
- First, it must offer one familiar management console that delivers central management and reporting of multiple products and services.
- Second, your cybersecurity platform needs to easily integrate with third-party products.
- Third, it needs to protect these products, delivering incremental value for the integrations.
This integration is often harder to achieve and more important than one may think, as large organizations have established best practices around point tools. As this is the case, security technology platforms must be open for easy third-party technology integration by offering developer support, technology partnerships, and well-documented and standards-based APIs as a core part of their platform.
Eight Criteria Platforms need to Deliver
According to ESG, a platform needs to include the following:
- Prevention, detection, and response capabilities: The key focus needs to be a strong defense that gets smarter with each attack.
- Coverage that spans endpoints, networks, servers, and cloud-based workloads and API-driven services: Discussed above, comprehensiveness means protecting everything.
- Central management and reporting across all products and services: All security controls should report to a central management plane.
- Open Design: As there are a variety of point products available, platforms need to meet companies where they are.
- Plug and Play with Products and Managed Services: The transition from point tools to cybersecurity platforms will require the company delivering the ‘hub’ to add value to the ‘spokes’.
- Addresses a Number of Threat Vectors: To truly be considered a platform, a solution must include strong prevention/detection filters that sit inline and service the entire IT infrastructure.
- It has to be Cloud Ready, as Well as Powered by the Cloud: The cloud is a reality. In order to rapidly adapt, cybersecurity platforms should take advantage of cloud-based resources for activities like file analysis, threat intelligence integration, behavioral analytics, and reputation list maintenance.
- It Has to Provide Multiple Deployment Options: The components of cybersecurity platforms should be offered as on-premises software/devices, cloud-based server implementation, SaaS, or some combination including all possibilities.
For more information, read the entire ESG introduction to Cybersecurity Technology Platforms, provided free, courtesy of McAfee.
Cybersecurity Resources and Advice
There are many ways to look at security providers. Endpoint Protection, Security Information and Event Management, Intrusion Detection and Prevention, Incident Response, and more. As more of these come together in a full suite of security products, here are just a few of the many vendors to watch in 2020.
Next week, we will explore some of the companies who have delivered solutions that span processes and services, looking at who’s closest to making a platform a reality. Until then, we’ve compiled a list of resources for readers interested in understanding their options in cybersecurity.
- Security software reviews, 2019: Lab tests of today’s top tools
- Cybersecurity Excellence Awards 2019
- Gartner Magic Quadrants for Managed Security Services, Security Information and Event Management, Endpoint Protection Platforms, and Intrusion Detection and Prevention Systems
- Solutions Review