Oct 24, 2019

2020 may be cybersecurity's "year of the platform"

Illustration: Aïda Amer/Axios

Vendors and cybersecurity pros anticipate businesses may finally pivot from using dozens of independently working products to using integrated platforms built with coordination in mind.

Why it matters: It’s a small-seeming tweak with the power to completely reshape the industry. Business users currently layer sometimes dozens of unconnected security products on top of each other, creating overlaps and gaps in coverage. It's like building a pile of loose string when what you really want is a net.

But, but, but: A lot of the innovation in cybersecurity comes from how sprawling the industry is — a complex ecosystem of products designed to solve single problems. If clients begin to demand one-stop, one-provider solutions, the industry could contract, losing its research and design finesse along the way.

Large enterprises use 20 security products on average from nine different vendors, according to Forrester Research. Ask around, and it's easy to find companies using two or three times as many.

Vendors and their clients have long anticipated this change, but now they say it's here.

  • "2020 will be the year of the platform," said Nicole Eagan, CEO of Darktrace.
  • "This is the way the pendulum is swinging," said Kiersten Todt, managing director of the Cyber Readiness Institute (CRI), a nonprofit that works with small businesses to bolster cybersecurity.

Vendor fatigue: Cutting down the number of security products an enterprise uses is most often seen as a way to boost efficiency and save money.

  • A variety of vendors means security staffers need to be trained on a variety of systems and work with a variety of customer service agents.
  • "We found talking to customers that the most important factor in picking products is customer service," said Kevin Simzer, COO of Trend Micro, talking about why he expected a shift toward platforms. "They want to work with a single trusted vendor."
  • Certain classes of cybersecurity products, ones designed to look for indicators of attack, produce false alarms just under 99% of the time, according to a Kaspersky study earlier this month. More overlapping products mean more overlapping alerts to investigate.

Cost: Typically, when businesses cut down the number of products they're using, they cut costs. And, at least according to Darktrace's Eagan, there are a number of solutions sold as products that would be more appropriate as features in larger packages.

Security: It isn't just an efficiency issue.

  • It's easy for a business not to notice when a crateload of security products has a gap. But hackers search for systems vulnerable to their preferred gaps.

An integrated platform could be one built by a single vendor designing a unified system. Or it could be built out of products from separate vendors designed to piece together without overlaps or gaps.

For businesses, cybersecurity products tend to accumulate over time.

  • "Very few companies would create a network the same way if they started from scratch," said retired Maj. Gen. Earl Matthews, of Verodin, a company that helps clients integrate disparate cybersecurity products into more cohesive units.
  • Some products, he says, come from trying to solve an emerging problem like ransomware right away with ransomware-specific solutions. Over time, other products add ransomware protection to their capabilities, eliminating the need for the specific product, but companies are slow to eliminate its use.
  • Sometimes products are purchased because companies feel pressure to buy every "best in breed" product rather than try to integrate their existing products.
  • "Also, some salesmen are very good," Matthews said.

The catch: Todt worries that a move toward platforms might encourage smaller companies to overlook the occasions when they do need specialized products.

  • "You actually have to have the appropriate functionality," she said. "You’re starting to see mobile security become part of platforms. But not all mobile security is alike."

Go deeper

Massachusetts tees up sweeping flavored tobacco and vape ban

Massachusetts Gov. Charlie Baker (R) has expressed interest in vaping regulation. Photo: Isaac Brekken/Getty Images for National Clean Energy Summit

Massachusetts lawmakers passed the toughest ban on flavored tobacco and vaping products in the country on Thursday, proposing a 75% excise tax on vaping products and requiring the state's Medicaid program to cover tobacco cessation counseling, AP reports.

The big picture: Massachusetts now awaits Gov. Charlie Baker’s decision whether to sign the bill. Several states introduced bans and filed lawsuits to address the high rate of lung injuries and dozens of deaths due to vaping. A nationwide ban on flavored e-cigarette products, which was ready to be rolled out by the Trump administration, has been stalled, the Washington Post reports.

Go deeper: American Medical Association calls for ban on vaping products

Keep ReadingArrowNov 21, 2019

CDC confirms 2,758 hospital cases of lung injury linked to vaping

Photo: Eva Hambach/AFP/Getty Images

There are 2,758 confirmed hospital cases of lung injury associated with vaping in all 50 states, Washington, D.C. and two U.S. territories, the Centers for Disease Control and Prevention reports as of Feb 4.

The big picture: Nationally, most vaping-related patients with data on how they sourced products reported obtaining THC-containing products from "informal sources," per the CDC. The agency now recommends users should consider no longer vaping THC products, rather than its original claim to refrain from e-cigarettes.

Go deeperArrowUpdated Feb 11, 2020 - Health

Influencer marketing comes to cybersecurity

Illustration: Aïda Amer/Axios

The cybersecurity community is reckoning with influencer culture for the first time after several popular figures ran paid advertisements on their social media accounts.

The big picture: For years, the world of cybersecurity experts has operated more like a scientific community than a commercial one — and, until very recently, more like a counterculture than a service. The paid posts provided a glimpse of a corporate sponsor-driven future for security specialists surprised to find out that corporations knew who they were.

Go deeperArrowNov 21, 2019