Leadership Lens: Joe Morin's Views
In this month's "Leadership Lens", our CEO, Joe Morin, delves into the evolving world of cybersecurity and addresses a recent trend gaining attention: the rise of "unified" security platforms offered by various SOCaaS and security portfolio companies. These platforms aim to provide an all-encompassing suite of tools covering multiple security categories, but Joe, a discerning observer, argues that the concept is fundamentally flawed.
The world of cybersecurity is constantly evolving, with new technologies and approaches emerging every day. One recent trend that has gained significant attention is the rise of “unified” security platforms offered by various SOCaaS and security portfolio companies. These platforms aim to provide a comprehensive suite of homegrown tools that cover multiple security categories, such as SIEM, EDR, vulnerability scanning, and Zero Trust. Additionally, these companies often invest in building their own Security Operations Centers (SOCs) and integrate with other solutions through APIs, branding themselves as XDR providers.
However, as a discerning observer, the thesis behind these unified security platforms is fundamentally flawed. Let’s explore some of the realities of this model and why it may not be the optimal approach for organizations seeking robust security solutions.
Firstly, the lack of focus is a glaring issue. When a company tries to excel in multiple categories simultaneously, it often becomes mediocre at best in each one. The truth is that none of these unified tools can truly compete with best-of-breed point solutions that specialize in a specific area. So, the promise of comprehensive coverage may be illusory.
Moreover, the early-stage maturity of these solutions and the complexity of their integration can result in missed detections and vulnerabilities. Despite investing in a unified platform, organizations may still fall victim to attacks due to the limitations of these tools. In the security realm, where the consequences of failure can be severe, settling for “good enough” is not an option.
Another concern is the vendor lock-in effect. By relying on a single vendor for all critical security categories, organizations depend on that vendor’s roadmap and offerings. If dissatisfaction arises or a need for change emerges, replacing all the tools and services that vendors provide becomes an arduous and time-consuming process. This lack of flexibility can hinder an organization’s ability to adapt to evolving threats and technologies.
Furthermore, the integration capabilities of these unified platforms often fall short. Simply relying on syslog for integration is insufficient. Organizations need API connectors that seamlessly integrate with other prevalent apps and tools to source telemetry and take response actions. This level of integration is crucial for maximizing the effectiveness of security operations.
Running a SOC is already challenging, and using inferior tools only exacerbates the nightmare. The turnover rate at companies relying solely on these unified platforms is likely high due to the frustrations faced by security professionals who must work with subpar tools. Instead of chasing after unification, the industry should prioritize convergence.
Convergence allows organizations to leverage emerging or best-of-breed tools, optimizing efficacy in specific security categories. It also offers freedom of choice, enabling organizations to switch to a different solution when needed without disrupting the entire security infrastructure. Harnessing intentional automation through vendor APIs can greatly enhance the enterprise’s catch rate and response capabilities. Convergence empowers organizations to leverage multiple tools within the same category, as enterprises commonly do with EPP/EDR solutions. This flexibility ensures that organizations can tailor their security approach to their unique needs and challenges.
At CyFlare, we have been pioneering convergence from the start, recognizing the limitations of unified platforms. We stand ready to support those customers who have realized the drawbacks of unification and are seeking a more effective and flexible security solution.
In conclusion, unified platforms may seem appealing but can be a trap. In the security landscape, pursuing fast and cheap solutions often ends in disappointment. To prioritize security, organizations should be smart and embrace convergence, leveraging the best tools available while maintaining the agility to adapt to changing threats and technologies.
Stay vigilant, my friends.