Illustration: Aïda Amer/Axios
Vendors and cybersecurity pros anticipate businesses may finally pivot from using dozens of independently working products to using integrated platforms built with coordination in mind.
Why it matters: It’s a small-seeming tweak with the power to completely reshape the industry. Business users currently layer sometimes dozens of unconnected security products on top of each other, creating overlaps and gaps in coverage. It's like building a pile of loose string when what you really want is a net.
But, but, but: A lot of the innovation in cybersecurity comes from how sprawling the industry is — a complex ecosystem of products designed to solve single problems. If clients begin to demand one-stop, one-provider solutions, the industry could contract, losing its research and design finesse along the way.
Large enterprises use 20 security products on average from nine different vendors, according to Forrester Research. Ask around, and it's easy to find companies using two or three times as many.
Vendors and their clients have long anticipated this change, but now they say it's here.
- "2020 will be the year of the platform," said Nicole Eagan, CEO of Darktrace.
- "This is the way the pendulum is swinging," said Kiersten Todt, managing director of the Cyber Readiness Institute (CRI), a nonprofit that works with small businesses to bolster cybersecurity.
Vendor fatigue: Cutting down the number of security products an enterprise uses is most often seen as a way to boost efficiency and save money.
- A variety of vendors means security staffers need to be trained on a variety of systems and work with a variety of customer service agents.
- "We found talking to customers that the most important factor in picking products is customer service," said Kevin Simzer, COO of Trend Micro, talking about why he expected a shift toward platforms. "They want to work with a single trusted vendor."
- Certain classes of cybersecurity products, ones designed to look for indicators of attack, produce false alarms just under 99% of the time, according to a Kaspersky study earlier this month. More overlapping products mean more overlapping alerts to investigate.
Cost: Typically, when businesses cut down the number of products they're using, they cut costs. And, at least according to Darktrace's Eagan, there are a number of solutions sold as products that would be more appropriate as features in larger packages.
Security: It isn't just an efficiency issue.
- It's easy for a business not to notice when a crateload of security products has a gap. But hackers search for systems vulnerable to their preferred gaps.
An integrated platform could be one built by a single vendor designing a unified system. Or it could be built out of products from separate vendors designed to piece together without overlaps or gaps.
For businesses, cybersecurity products tend to accumulate over time.
- "Very few companies would create a network the same way if they started from scratch," said retired Maj. Gen. Earl Matthews, of Verodin, a company that helps clients integrate disparate cybersecurity products into more cohesive units.
- Some products, he says, come from trying to solve an emerging problem like ransomware right away with ransomware-specific solutions. Over time, other products add ransomware protection to their capabilities, eliminating the need for the specific product, but companies are slow to eliminate its use.
- Sometimes products are purchased because companies feel pressure to buy every "best in breed" product rather than try to integrate their existing products.
- "Also, some salesmen are very good," Matthews said.
The catch: Todt worries that a move toward platforms might encourage smaller companies to overlook the occasions when they do need specialized products.
- "You actually have to have the appropriate functionality," she said. "You’re starting to see mobile security become part of platforms. But not all mobile security is alike."