We’re excited to bring back Transform 2022 in person on July 19 and virtually from July 20-28. Join leaders in AI and data for in-depth discussions and exciting networking opportunities. Register today!
CISOs are in a constant state of conflict. While digital transformation and open business models are great for business, they greatly expand the attack surface and expose businesses to malicious cyberattacks. The CISO’s job is to resolve this strategic conflict by implementing cybersecurity technologies and processes, enabling business growth while minimizing cybersecurity risks.
Their first step in resolving this strategic conflict is to study the cybersecurity market and identify advanced security solutions. Unfortunately, the fragmented nature of the market offers dozens of product categories, ranging from cloud security, endpoint security, application security, web security, threat intelligence, and more.
As if that were not enough, each category is divided into subcategories.
Talent Shortages and Budget Constraints Hurt CISO Goals
Market hyper-segmentation forces security teams to unwittingly become systems integrators, investing huge amounts of time and energy in market analysis, product validation, cross-product integration and automation product maintenance to create a coherent and effective organizational cybersecurity fabric. Such efforts require the recruitment of qualified professionals or the use of advanced services, which poses a challenge due to the acute shortage of workers in the field, as well as limited budgets. Essentially, the endless fragmentation of the cybersecurity market and the lack of skilled talent makes the job of CISOs nearly impossible.
To meet this challenge, the CISO must adopt a different cybersecurity paradigm by implementing a unique security platform created by global cybersecurity giants. This is better known as the Enterprise Cybersecurity Platform.
These platforms integrate security capabilities across all categories into a single, cohesive defense system with centralized management, purportedly mitigating more corporate cybersecurity threats. These platforms rely on independent R&D efforts combined with capabilities from mergers and acquisitions of cybersecurity startups. Although enterprise security platforms offer a suitable alternative to the best-of-breed security paradigm and solve the massive integration and orchestration efforts, they still aren’t a silver bullet.
The endless battles of cybersecurity
The enterprise platform approach raises serious questions. For example, can a platform respond to the ever-increasing range of threats? Can replacing the best features with “good enough” solutions counter advanced threats? Can these platforms quickly adapt to changes in the cyber threat landscape? Is the organization ready to pay the price of vendor dependency?
The problem in the cybersecurity space is the inherently endless battles between defenders and attackers. With the changing threat landscape and new challenges emerging every day, such as supply chain attacks, ransomware, credential harvesting and more, moving to a platform paradigm cannot guarantee complete protection. Finally, dependency on vendors is an issue – organizations are looking to move away from this strategy because it is expensive and complex.
How can the market resolve the trade-off between the best security paradigm and immense implementation friction?
What the market needs today is more lateral and horizontal innovation rather than the vertical innovation of today, where cybersecurity startups tackle a threat or a technology – like open source, software as a service (SaaS), access controls, cloud workloads, etc. — and tries to address cybersecurity just for that area. Although necessary, all these verticals cause a fragmented market that is difficult to manage.
How Horizontal Innovation Strengthens the Cybersecurity Market
I’d like to offer a different approach to solving the market failure, so that organizations can enjoy the benefits of both worlds: mitigating cyber threats through a range of products without drastic integration and maintenance efforts.
Vertical innovation must continue to protect new technologies and neutralize new threats; however, at the same time, entrepreneurs and venture capitalists need to encourage horizontal innovation.
Horizontal innovation sprouts “horizontal products,” weaving together capabilities from different categories and segments into an effective defensive front. At the heart of horizontal innovation are intelligent integration, orchestration, and automation capabilities powered by AI algorithms.
The first buds of horizontal innovation are appearing in certain areas of the cybermarket. For example, the transition from SIEM products to security orchestration, automation, and response (SOAR) products within security operations (SecOps).
SOAR products perform horizontal integration of defense capabilities across all IT layers, while merging Cyber Threat Intelligence (CTI) and automated investigation and remediation processes (IR and auto-remediation). This frees security operations centers (SOCs) from the hard work of integrating and responding to small tactical incidents, allowing them to focus on investigating advanced attacks and moving on to proactive threat hunting.
Another example of horizontal innovation is the Application Security Orchestration and Correlation (AppSec) (ASOC) products. These products perform integration and correlation of security exposures and vulnerabilities of AppSec products such as Statistical Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), open source security tools, API security tools, etc.
These horizontal products enable developers and AppSec professionals to manage the “spillover” of security exposures through automated cybersecurity aggregation and contextual prioritization, all to bring highly secure applications to market. that are “secure by design”.
An additional horizontal area that has yet to be cracked is enterprise cybersecurity posture management, which aims to provide the CISO and business leadership with a comprehensive overview of the state of cybersecurity. This includes identifying the “soft underbelly” and making recommendations to improve the company’s security system.
To enable this market paradigm shift, all market players must enable and encourage horizontal innovation. CISOs should demand horizontal capabilities from enterprises and startups, turning to flagship products as a last resort. Startups and major vendors need to expose APIs for their vertical security capabilities, creating an open architecture market.
Entrepreneurs need to sprout horizontal innovation and investors need to support it, even though vertical innovation may seem more glamorous. As horizontal innovation solves a difficult problem, these products will be in high demand and entrepreneurs and investors will reap the rewards of their investments.
Horizontal innovation, or linking products between segments, is in fact the “missing link” in the evolution of the cybermarket, from siled capabilities to an interoperable security fabric. His time has come.
Elik Etzion is the managing partner of Elron Ventures
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including data technicians, can share data insights and innovations.
If you want to learn more about cutting-edge insights and up-to-date information, best practices, and the future of data and data technology, join us at DataDecisionMakers.
You might even consider writing your own article!
Learn more about DataDecisionMakers