Will Managed Services Lead the Creation of Cybersecurity Platforms?

Given the state of the cybersecurity landscape here’s an interesting thesis: Managed Services firms will lead the creation of broader, integrated cybersecurity platforms.

This idea came out of the podcast interviews I’ve done at RSA 2020 in San Francisco. After talking to Esentire, Reblaze, Tempered, and Sonrai Security, I have made a ton of progress in answering the questions on my research agenda for this year. (“Research Topic for RSA 2020: Comprehensive Cybersecurity Platforms”). My goal at this RSA is to advance the Early Adopter Research Mission “Creating a Balanced Cybersecurity Portfolio”.

Here’s the context:

  • In other areas of enterprise software we have seen broader platforms created. SAP and the Oracle E-business Suite are the highest profile examples.
  • If you look at the cybersecurity industry we seem to have lots more point solutions than platforms. Jeff Hussey, CEO of Tempered, said that more than 2,000 cybersecurity companies have been funded with more than $10 million from VCs.
  • Why haven’t we seen broader platforms develop in cyber security?

It’s clear that companies like Fortinet, Cisco, Palo Alto Networks, Zscaler, and a few others are attempting to build large portfolios of integrated technology that would qualify as platforms.

You could also argue that CrowdStrike, Carbon Black, Cylance and others have created targeted platforms defined by Garner as Endpoint Protection Platforms. There are many other vendors that have targeted platforms like EPP in other domains of cybersecurity.

In my view, the motivation for a platform is strong. As point solutions proliferate customers are eager to have many of the following aspects of the using multiple point solutions productized by a vendor, specifically:

  • Integration of many point solutions.
  • Automaton of event response across all solutions.
  • Simplified and automated management from a single console.
  • Threat intelligence that allows each solution to provide information and benefit from information from other solutions.
  • Modeling of threats and activity across a broad landscape.
  • Reporting and compliance.
  • Integrated roadmap so each solution moves forward in a way that makes the platform stronger.
  • Ecosystem support so that other point solutions can become part of the platform.

But do we have a broad platform now? I would say no. We have targeted platforms for the most part with a few companies seeking to create what I would call a broad platform.

What’s getting in the way of a broad cybersecurity platform? 

Here are a few forces retarding the creation of a broad platform from the executives I talked to and my own musings:

  • Lack of commonality of requirements: It could be that targeted platforms are as far as we can go in cybersecurity because the needs of customers are not common.
  • Complexity of point solutions: Especially when a portfolio of companies has been assembled through acquisitions, is it possible to really integrate them into a platform.
  • Persistence of point solutions: In cybersecurity, hackers are constantly ensuring that point solutions must be created to solve urgent problems.
  • Persistence of on-premise solutions: The move to cloud-based solutions that allow the vendor to take on more of the work and responsibility will not take place quickly. 
  • Skills shortage: There is a massive shortage of skills needed to run cybersecurity systems no matter what the form

So, now back to our thesis. Is it possible that a managed service provider could overcome some of these barriers and create an integrated platform.

Could a managed services provider create a defacto platform as follows:

  • Master a bunch of targeted platforms along with point solutions that could be combined to create the kind of broad platform that does not yet exist.
  • Create the missing components for integrated analytics, reporting, governance, threat intelligence not as a product for external consumption, but for their own use by highly skilled staff.
  • Create the integrations between the point solutions and targeted platforms needed to create a platform.
  • Staff this internally.

In my view such a model would amount to an external SOC. This managed services platform would identify events, resolve them if possible, and then pass them to an internal SOC that would be staffed by the company and understand the business and technology context so that problems could be properly understood, prioritized, and resolved.

It is an interesting idea but there are some problems:

  • This could cost too much for a managed services provider to fund.
  • The public APIs are narrow in terms of the data provided and the scope of control of APIs. This may prevent the kind of integration needed to create a platform.
  • Would the cost of providing such a service be too high?

This is just the beginning of a discussion, but I would love to hear more arguments for and against this thesis. Drop me a line at dwoods@evolvedmedia.com or @danwoodsearly on Twitter.