We’re excited to bring Transform 2022 back to life on July 19th and virtually July 20-28. Join AI and data leaders for sensible conversations and exciting networking opportunities. Register today!
The CISO is in a state of constant conflict. While digital transformation and open business models are best for the enterprise, they dramatically expand the attack surface and expose the enterprise to malicious cyber attacks. CISO’s job is to address this strategic conflict by implementing cybersecurity technologies and processes that enable business growth by minimizing cybersecurity risks.
His first step in resolving this strategic conflict is to explore the cyber security market and identify advanced security solutions. Unfortunately, the fragmentary nature of the market offers dozens of product categories ranging from Cloud Security, Endpoint Security, Application Security, Web Security, Threat Intelligence, etc.
As if this were not challenging enough, each category was subdivided into sub-categories.
Lack of talent and budget constraints undermine CISO’s goals
Market hyper-segmentation forces security teams to unwittingly become system integrators, investing vast amounts of time and energy to perform market analysis, product validation, cross-product integration, and product maintenance automation to create a consistent, effective organizational cyber security fabric. Such efforts require the recruitment of skilled professionals or the use of advanced services, which is a challenge due to the acute shortage of workers in the field as well as the limited budget. Essentially, the endless fragmentation and lack of qualified talent in the cybersecurity market makes CISO jobs almost impossible.
To meet this challenge, CISO should adopt a separate cybersecurity paradigm by implementing a single security platform created by the global cybersecurity giants. This enterprise is better known as Cyber Security Platform.
Such platforms integrate security capabilities across all categories with centralized management into an integrated, consistent defense system, which can allegedly reduce. most Cyber security risks to the enterprise. The platform is built on independent R&D efforts combined with capabilities arising from mergers and acquisitions of cybersecurity startups. While enterprise security platforms provide the right alternative to the best-of-bread security paradigm and address comprehensive integration and orchestration efforts, they are still not the silver bullet.
Endless battles of cyber security
The enterprise platform approach raises serious questions. For example, can a platform respond to an ever-increasing range of threats? Can advanced risks be met by replacing best-of-breed capabilities with “good enough” solutions? Can this platform quickly adapt to changes in the cyber threat landscape? Is the organization willing to pay the vendor lock-in price?
The problem in cybersecurity space is the inherently endless battles between defenders and attackers. The landscape of evolving risk and new challenges are emerging every day, such as supply chain attacks, ransomware, credential harvesting and others, Complete security cannot be guaranteed by moving to platform paradigm. After all, vendor lock-in is a problem – organizations want to get away from that strategy because it’s expensive and complicated.
How can the market resolve the trade-off between the best-of-breed safety precedent and the abundant implementation friction?
What the market needs today is more horizontal and horizontal innovation than today’s vertical innovation, where cybersecurity startups adopt a threat or a technology – such as open source, software-a-service (SaaS), access control, cloud workload , Etc., – and only tries to address cyber security for that domain. Although necessary, all these verticals cause a fragmented market, which is challenging to face.
How horizontal innovation strengthens the cyber security market
I want to offer a different approach to addressing market failures so that organizations can enjoy the benefits of both worlds – minimizing cyber threats through a range of products without rigorous integration and maintenance efforts.
Vertical innovation should continue to protect new technologies and neutralize new risks; At the same time, however, entrepreneurs and venture capitalists need to encourage horizontal innovation.
Horizontal Innovation sprouts “Horizontal Products”, weaving together the capabilities of different categories and segments on an effective defensive front. At the core of Horizontal Innovation are smart integration, orchestration and automation capabilities powered by AI algorithms.
The first buds of horizontal innovation can be seen in certain areas of the cyber market. For example, the transition from SIEM products to Security Orchestration, Automation and Response (SOAR) products to Security Operations (SecOps).
SOAR products horizontally integrate the defense capabilities of all IT levels while fusing Cyberthreat Intelligence (CTI) and automated screening and treatment procedures (IR and auto remediation). This saves security operations centers (SOCs) hard work of integration and response to small-strategic incidents, allowing them to focus on investigating advanced attacks and shifting to active threat victims.
Another example of horizontal innovation is the AppSec orchestration and correlation (ASOC) products. These products integrate and correlate security exposures and vulnerabilities from AppSec products such as Statistical Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), open-source security tools, API security tools, and more.
These horizontal products enable developers and AppSec professionals to handle the “overflow” of security exposure through automated cyber security clustering and context-based prioritization, all to bring highly secure applications to market that are “protected by design.”
An additional horizontal domain that is yet to be cracked is Enterprise Cybersecurity Posture Management, which aims to provide CISO and corporate management with a comprehensive overview of the state of cybersecurity. This includes identifying the “soft underbelly” and providing recommendations for improving the enterprise security system.
To enable this market paradigm shift, all market players need to enable and encourage horizontal innovation. CISOs need to demand horizontal capabilities from companies and startups – turning to feature products as a last resort. Startups and major vendors should open up APIs for their vertical security capabilities, creating an open architecture market.
Entrepreneurs need to germinate horizontal innovation and investors should support it, even if vertical innovation seems more attractive. As Horizontal Innovation solves the difficult problem, these products will be in high demand and entrepreneurs and investors will reap the rewards of their investment.
Horizontal innovation, or cross-segment product linkage, is, in fact, the “missing link” from the silo capabilities to the interoperable security fabric in the evolution of the cyber market. His time has come.
Elik Etzion is the managing partner of Elron Ventures
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including tech people working on data, can share data-related insights and innovations.
If you would like to read about the latest ideas and latest information, best practices and the future of data and data tech, join us at DataDecisionMakers.
You might even consider contributing to your own article!
Read more from DataDecisionMakers