Why Platformization is Reshaping Cybersecurity

Platformization is one of the cybersecurity buzzwords of the year. The concept is based on the idea that cybersecurity practitioners are juggling too many tools across their security stack and consolidating these will allow enterprises to streamline their security tech tools.

Palo Alto Networks is one of the largest players in the cybersecurity market that is driving platformization.

Acquisitions like Palo Alto’s purchase of CyberArk, Cisco’s buyout of Splunk, Zscaler’s deal to purchase Red Canary and Google Cloud’s takeover of Wiz, demonstrate a drive towards a consolidated market for cybersecurity.  

Palo Alto Networks is also in a strategic alliance with IBM, which recently released a study into the value security platforms generated for businesses.

The IBM study found that organisations juggle an average of 83 different security solutions from 29 vendors. 

The research found that organisations which have begun to adopt platformization report substantially fewer incidents and data breaches.

According to the IBM study, their mean time to identify (MTTI) or detect security incidents is 72 days shorter, while mean time to contain (MTTC) is 84 days less. Also, 80% of platformization adopters in the research said they have full visibility into potential vulnerabilities and threats, versus only 28% of non-adopters. 

“Platformization is gaining traction because it offers a practical solution to a widespread problem – too many disconnected tools and too little visibility. For many organisations, it’s a logical step toward reducing cost and complexity, improving oversight and strengthening their overall security posture. The key is making sure that any platform investment is grounded in sound architecture, strong governance and independently validated standards,” commented Darren Guccione, CEO and co-founder at Keeper Security.

In this article, Infosecurity investigates the benefits and pitfalls of platformization and what CISOs need to consider when looking to adopt a platform-centric approach to their cybersecurity tool stack. 

With the plethora of tools currently in use within single organisations, consolidating to fewer vendors can reduce complexity, the number of alerts and streamline workflows for cybersecurity teams.

Bringing multiple security capabilities together in one environment can give security teams a clearer view of threats, advanced prevention, faster detection and consistent policy enforcement. 

Most cybersecurity leaders are working with a strict, if not tight, budget, so cost savings are critical where they can be made.

Consolidation simplifies administration, training and vendor management, cutting costs and overheads. 

Having centralised visibility is key to being able to identify network vulnerabilities and detect unusual activity.

Heightened visibility can help with faster detection and response. The centralisation of logs and alerts from endpoints, networks, cloud and identity platforms enables analysts to see the full picture of a potential attack without having to expend effort and time on navigating between different monitoring systems, each providing a fragmented view of the monitored landscape.

Over-reliance on a single vendor can create a single point of failure if that vendor is compromised or targeted in a supply chain attack. Exposure to risks can also be heightened if controls are not implemented correctly. 

If an organisation has highly specialised cybersecurity needs, a single vendor may not have the capability to meet these requirements. While best-in-class features in certain categories can address many problems, they may not provide solutions to more niche needs. In some cases, a platform may need to be supplemented by specialised tools to meet these requirements. Therefore, the platform must be vendor agnostic. 

While some vendors are touting a platformed approach to tools, on closer inspection they can be bundles of tools and products linked by a single console. This can result in integration challenges.

A platform should have a genuinely unified architecture with a shared data lake and seamless workflows. It should be able to work with products outside of its own vendor’s offerings.

Locking into one vendor can make it difficult and costly to make a switch in the future if the platform does not meet expectations.

When looking to adopt a platform centric approach to cybersecurity, CISOs need to consider how well a platform aligns to the organisation’s desired outcomes. The cybersecurity team will also need to be able to demonstrate the value of this approach to both the wider business and the board.

CISOs must consider the risk areas their organisations are most vulnerable to and assess whether the platform approach is able to mitigate these risks significantly.

While there is a cost-benefit to a platform approach, there will be a cost aligned with migrating from multiple platforms to fewer vendors. This is where CISOs will need to work with the wider business to help justify the costs and outline the long-term advantages.

A good platform should complement existing architecture and the vendor should be able to work with you on your future roadmap.

The trend towards platformization is here to stay, therefore CISOs must consider whether the platform their organisation aligns with will meet future goals and strategies. 

Most cybersecurity experts believe that the platformization approach is more than a fad, it is a trend that is here to stay.

Platformization in cybersecurity is gaining traction because it is a solution to a widespread problem of too many disparate tools lacking integration and not offering sufficient visibility.

Consolidation of tools in cybersecurity can achieve both cost savings and reduce vendor complexity.

However, there is much for CISOs to consider before embarking on this strategy, ensuring that the platformized approach suits their business and the needs of the organisation.  

ADVERTISEMENT

Enjoyed this article? Make sure to share it!

Looking for something else?