The missing link in the cybersecurity market

We’re excited to bring Transform 2022 back to the scene on July 19th and almost July 20th-28th. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

CISOs are always in conflict. While digital transformation and open business models are great for businesses, they greatly expand the attack surface and expose businesses to malicious cyberattacks. The CISO’s job is to resolve this strategic conflict by implementing cybersecurity technologies and processes that minimize cybersecurity risk while enabling business growth.

Their first step in resolving this strategic conflict is to study the cybersecurity market and identify advanced security solutions. Unfortunately, the fragmented nature of the market offers dozens of product categories, including cloud security, endpoint security, application security, network security, threat intelligence, and more.

As if that wasn’t challenging enough, each category is divided into subcategories.

Talent shortages and budget constraints hurt CISO goals

The high segmentation of the market forces security teams to unconsciously become system integrators, investing significant time and effort into market analysis, product validation, cross-product integration, and product maintenance automation to create a coherent, effective organizational cybersecurity structure. These efforts require the recruitment of skilled professionals or the use of advanced services, which pose challenges due to a severe shortage of workers in the field and limited budgets. Essentially, the infinite fragmentation of the cybersecurity market and the lack of qualified talent make the CISO’s job nearly impossible.

To meet this challenge, CISOs must embrace different cybersecurity paradigms, implementing a single security platform created by global cybersecurity giants. This is called an enterprise cybersecurity platform.

Such platforms integrate cross-category security capabilities into a single, coherent defense system with centralized management, purportedly mitigating most Cybersecurity threats to businesses. These platforms are built on independent research and development work combined with the capabilities of mergers and acquisitions from cybersecurity startups. While enterprise security platforms provide suitable alternatives to best-in-class security paradigms and address extensive integration and orchestration efforts, they are still not a panacea.

The never-ending battle for cybersecurity

The enterprise platform approach raises serious questions. For example, can a platform handle the ever-increasing threat landscape? Can replacing best-in-class features with “good enough” solutions neutralize advanced threats? Can these platforms quickly adapt to changes in the cyber threat landscape? Are organizations willing to pay for vendor lock-in?

The problem in the cybersecurity field is the essentially endless battle between defenders and attackers. With the ever-changing threat landscape and new challenges emerging every day, such as supply chain attacks, ransomware, credential harvesting, and more, Moving to a platform paradigm does not guarantee adequate protection. Lastly, vendor lock-in is a problem—organizations are looking to move away from this strategy because it is costly and complex.

How does the market address the trade-off between optimal security paradigms and huge implementation frictions?

Today’s market demands more horizontal and horizontal innovation than today’s vertical innovation, where cybersecurity startups embrace one threat or one technology – e.g. open source, software as a service (SaaS), access control, cloud workloads, etc., and try to address network security issues only for that domain. While necessary, all of these verticals lead to fragmented markets that are difficult to deal with.

How Horizontal Innovation Strengthens the Cybersecurity Market

I wanted to offer a different approach to addressing market failures so that organizations can enjoy the best of both worlds – mitigating cyber threats with a range of products without the need for extensive integration and maintenance work.

Vertical innovation should continue to protect new technologies and neutralize new threats; however, at the same time, entrepreneurs and venture capitalists need to encourage horizontal innovation.

Horizontal innovation sprouts “horizontal products,” weaving the capabilities of different categories and market segments into an effective defensive front. The core of horizontal innovation is intelligent integration, orchestration and automation capabilities driven by artificial intelligence algorithms.

The first germs of horizontal innovation can be seen in certain areas of the online marketplace. For example, transitioning from a SIEM product to a Security Orchestration, Automation, and Response (SOAR) product in Security Operations (SecOps).

SOAR products horizontally integrate defense capabilities across all IT layers, while converging cyber threat intelligence (CTI) and automated investigation and remediation processes (IR and automated remediation). This saves Security Operations Centers (SOCs) the heavy lifting of integrating and responding to small tactical incidents, allowing them to focus on investigating advanced attacks and move to proactive threat hunting.

Another example of horizontal innovation is application security (AppSec) orchestration and association (ASOC) products. These products integrate and correlate security exposures and vulnerabilities from AppSec products such as Statistical Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), open source security tools, API security tools, and more.

These horizontal offerings enable developers and AppSec professionals to handle the “spillover” of security risks through automated cybersecurity clustering and context-based prioritization, all to bring highly secure applications to market that Programs are “safe by design”.

Another horizontal area that has yet to be cracked is enterprise cybersecurity posture management, which aims to provide CISOs and enterprise management with a comprehensive overview of the state of cybersecurity. This includes identifying “soft spots” and providing recommendations for improving corporate security systems.

To achieve this market paradigm shift, all market players need to support and encourage horizontal innovation. CISOs need to demand horizontal capabilities from companies and startups—with featured products as a last resort. Startups and major vendors must expose APIs for their vertical security functions, creating an open architecture marketplace.

Entrepreneurs need to sprout horizontal innovation, and investors should back it, although vertical innovation may seem more glamorous. As horizontal innovation solves a difficult problem, these products will be in high demand and entrepreneurs and investors will reap the return on their investment.

In fact, horizontal innovation or cross-sectoral product linkage is the “missing link” in the evolution of the networking market from siloed functions to interoperable security structures. The time has come.

Elik Etzion is the managing partner of Elron Ventures

data decision maker

Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including technologists working with data, can share data-related insights and innovations.

If you want to learn about cutting edge ideas and the latest information, best practices and the future of data and data technology, join us at DataDecisionMakers.

You might even consider contributing your own article!

Read more from DataDecisionMakers


Leave a Reply