In a blog post I wrote in August — The most important attributes of a cybersecurity platform — I listed the eight attributes that my colleague Doug Cahill and I believe are critical for a cybersecurity technology platform. The blog post also ranks the eight attributes according to a recent survey of 232 cybersecurity professionals working at enterprise organizations (i.e. those with more than 1,000 employees).
It was recently pointed out to me that while I listed the attributes, I did not define them. My apologies for the oversight, so here again is the list of attributes (along with the percentage of survey respondents that rated them as most important) along with definitions for each one.
- Coverage that includes major threat vectors such as email and web security (38%). Any security researcher will tell you that at least 90% of cyber attacks emanate from phishing emails, malicious attachments, or weaponized URLs. A cybersecurity platform must apply filters and monitoring to these common threat vectors for blocking malware and providing visibility into anomalous, suspicious, and malicious behaviors.
- Central management across all products and services (33%). In this instance, central management means configuration management and policy management, along with common administration and reporting. Cybersecurity technology platform management provides an aggregated alternative to the current situation where organizations operate endpoint security management, network security management, malware sandboxing management, etc.
- Capabilities across threat prevention, detection, and response (31%). CISOs want their security technologies to block the majority of attacks with detection efficacy in excess of 95%. When attacks circumvent security controls, they want their cybersecurity technology platforms to track anomalous behaviors across the kill chain (or the MITRE ATT&CK framework), provide aggregated alerts that string together all the suspicious breadcrumbs, and provide functions to terminate processes, quarantine systems, or rollback configurations to a known trusted state.
- Coverage that spans endpoints, networks, servers, and cloud-based workloads (27%). This one is sort of self-explanatory. Today’s enterprises feature Balkanized endpoint, network, server, and cloud-workload protection tools don’t talk to each other. Enterprise organizations want tightly integrated tools that span their IT infrastructure and work together as security force multipliers.
- Cloud-based backend services — i.e. analytics, threat intelligence, signature/rules distribution, etc. (26%). Think of the cloud as the backend brains of a cybersecurity technology platform. Cloud-based services will aggregate suspicious behaviors across customers, run these behaviors through advanced and constantly improving machine learning algorithms, track the latest threat intelligence, and provide customized analytics and threat intelligence curation for specific customers, and industries, etc. In this way, all customers benefit from universal and customized services.
- Openness — i.e. open APIs, developer support, ecosystem partners, etc. (22%). Even the best cybersecurity technology platforms won’t offer exhaustive security coverage. Therefore, security platforms must be fitted with APIs for third-party technology integration and developer support. This will also encourage the network effect where cybersecurity technology platform users share development best practices and homegrown software amongst the community.
- A combination of tightly coupled products and services — i.e. products and managed service options offering central command-and-control (20%). Given the global cybersecurity skills shortage, organizations will pick and choose which security technologies they run in-house and which they outsource to managed security service providers. Leading cybersecurity technology platforms will enable seamless interoperability across any product and managed services mix.
- A platform that is offered in multiple deployment options — i.e. on premises, cloud delivered, hybrid, etc. (18%). Large organizations tend to use hybrid technology deployments, running security appliances at corporate headquarters while opting for cloud-based security proxy services to support remote offices and mobile workers. Cybersecurity technology platforms will offer this hybrid support across all security controls (regardless of form factor) with a central management plane.
While some attributes are rated higher than others, large organizations will need all eight over time. Therefore, CISOs should qualify, evaluate, and test cybersecurity technology platforms across all attributes while prioritizing those needed to address near-term requirements.