As the cybersecurity vendor market matures, it’s hard to know what’s best for your organization. Leaders might follow trends or simply take the market’s lead, which isn’t always ideal as it doesn’t necessarily align with your goals or objectives.
If a cybersecurity leader doesn’t approach the market with the right framework of what to expect and how to make the right purchase, it can lead to serious pitfalls. For example, you might purchase a solution that’s poorly matched to your organization’s needs. Even if the fit feels right (or is marketed as such) you may end up with an inefficient and/or ineffective solution. The result is often a wasted budget with minimal improvement in overall cybersecurity and cyber resilience.
Here’s how to think about the market so you can better position your organization when procuring a solution.
As threat types grew, cybersecurity started becoming immensely complex. In the early 2000s, it was almost enough to have just an antivirus and firewall. Email was a primary attack vector and the world was barely connected. All you had to do was lock down your email and keep your AV updated. Attacks were fairly simple and much easier to defend against as threat actors didn’t yet have sophisticated capabilities.
When portable computing grew, cybersecurity had to consider things such as theft and loss, which led to the introduction of encryption tools. With more interconnectedness, network security became a major priority. DDoS (distributed denial of service) attacks led to the need for DDoS mitigation services and CDNs.
Technology continued to advance and cloud computing became more prevalent, leading to greater attention to privacy. Then came IoT devices, mobile devices, a further shift to the cloud, and the rise of ransomware and ransomware-as-a-service. App-based threats started to appear. The average company’s attack surface grew, as did the incidence of data breaches.
Companies now had a longer list of things to keep in mind. They needed to consider network security, address state-sponsored attacks, and also be aware of sophisticated social engineering tactics via social media platforms.
The industry responded to these new threats via various solutions, most of which collected data points to assess a company’s risk and indicate potential vectors of attack. SIEMs (security information and event management) emerged as a method to aggregate log data from various sources and thus bring greater visibility to the growing attack surface. EDR (endpoint detection and response) emerged as a way to protect endpoint devices, going beyond the protection provided by traditional antiviruses. MDR (managed detection and response) emerged as a more complete done-for-you version of EDR.
Vendors sprang up left and right, offering point solutions for seemingly every new type of threat. Suddenly, implementing even “basic” cybersecurity required a dozen or more vendors.
Research by Trend Micro indicates that organizations use an average of 29 security monitoring solutions, resulting in alert fatigue and increasing the management load of already stressed teams. With so many solutions, these departments’ effectiveness at minimizing risk and managing incidents can actually be hindered. Organizations with more than 10,000 employees have an average of 49 monitoring tools, further exacerbating the issue.
Despite all these tools, over half of the respondents in the survey said they didn’t use them, either because the tools don’t integrate (42%), they lack the professional skills for the tool (39%), it’s difficult to understand how to operationalize them (38%), they’re out of date (37%), or the users simply don’t trust the tools (20%).
The cybersecurity “tool sprawl” results in conflicting solutions, disproportionate costs, and confusion.
As a result, platforms offering an all-in-one solution began to rise in prominence. Major industry players started consolidating security offerings leading to solutions like XDR—extended management and response—and single stack vendors. However, organizations are still falling into similar pitfalls when it comes to considering platforms.
The misconception about platforms was that they’d work like any other SaaS solution—you sign up, get smoothly onboarded, and voila, cyber resiliency is achieved. The reality was quite different.
Here are some of the promises platforms include:
Whereas these points can be true, they aren’t always true. It depends on both the organization using it and the platform itself. A surprising number of platforms are less integrated than they’d like their customers to believe. This can be due to misalignment between product development methodologies, economics, technical limitations, and, what’s arguably most important, lack of resources available to manage them.
Departments quickly discovered that managing and using a platform effectively required a high degree of technical knowledge, understanding, and expertise, potentially more capability than was available from the average employee within a cybersecurity department.
Overall, this led to the following problems when organizations looked to leverage a platform:
The result is that an organization pays a hefty fee for a technology it barely uses. Ironically, an organization might truly be better served by different point solutions that can be well-managed by their cybersecurity department.
When considering what kind of solution is best for your organization, it’s important to clearly understand what a platform is and how it functions.
Platforms bring disparate point solutions under one roof— and they call each of those point solutions a “feature.” For example, a platform may package:
These may all technically fall under a single solution, but they’re still distinct elements that each require management and oversight.
Implementing a platform and its “features” is essentially the same as implementing each distinct point solution. The platform doesn’t reduce any of the complexity of the point solution; it just houses it within a single tool. This does little to teach you how and when to use it and doesn’t require any less work to use it.
Think about this, if a platform includes network monitoring and segmentation capabilities, how do you approach using and managing this “feature”? Is it that much different than onboarding and implementing a separate networking monitoring and segmentation solution?
You can replicate this thought experiment across any platform’s full features and service set. As you look through and match each feature to a point solution, ask yourself if your organization can handle each of these different tools. The answer might dictate if the platform or a platform solution, generally, is right for you.
When purchasing a platform, be honest about your requirements, and assess the relative value of each platform feature as they would be used in your environment. If you don’t use enough of the platform to justify its purchase, you’ll find yourself shackled to an inefficient (and costly) stack.
Cyber resiliency and effective cybersecurity aren’t the result of making great shopping decisions. It’s easy to get this wrong if you’re focused primarily on procurement. But your success as a cybersecurity department isn’t defined by your toolset or what you’ve purchased – it’s defined by the results you achieve as a department.
As a leader, you need to get an understanding of what your org faces as far as risks and threats go, and what it requires for cyber resiliency. You also have to look at what your org can manage in-house with existing talent and expertise, and what it might be better off giving to a partner.
Before purchasing, it’s best to design and envision your org’s cybersecurity strategy and program. By doing so, you come to the table knowing what you need and can thus ensure that your purchase serves your organization’s goals. Failing to do your homework first means purchasing a solution based on the flashiest and loudest marketing, a strategy that can be dangerous to both your organization’s risk exposure and its budget.
Effective procurement requires an intimate understanding of your organization’s needs and its realistic capabilities, that takes time and effort.
If you’d like help from SolCyber to understand what your organization genuinely needs, feel free to reach out to us for a call.
By subscribing you agree to our Privacy Policy and provide consent to receive updates from our company.
