I know we have sparked a debate around platformization, vs best of breed in Cybersecurty. We have been pretty consistent in the need for the market to continue to consolidate various functionalities onto common platforms. Our announcement yesterday was more around the time has come to accelerate this effort because the attacks are coming fast and furious and we need near real time resolution. Near time resolution is hard for customers with many products stitched together and who are constantly looking to hire security talent, on the other hand - attackers will use AI to analyze the attack path they should take and analyze every vulnerability that our customers have, so we really can't avail of the luxury of time. There is a growing mismatch between speed of an attack and the speed of resolution. Let's step back - in network security, companies were created to solve a problem, IPS, DNS security, blocking malware, IoT. Then the company set about trying to convince the customer to deploy those capabilities, each of these have a management plane, required to be inline. Additionally, if the customer chose to fragment their network access across VPN, SASE, Firewall vendors feel free to multiply the sprawl on just one topic! Even if you can master the multiple products, policy panes etc, how long does it take a customer to find out what happened in a breach? How do you make sure all your policies were consistent? and... and... What if you have one management and policy pane, one in-line device and one way of deploying this solution and AI constantly validating your configuration - and it had all those features in one product and not just that - all those features were "individually the best of breed in the magic quadrant "? - With stitched data, you remediate faster!! We discovered that customers do! The only thing holding them back, is existing legacy contracts - and the risk associated with replacement. All we did yesterday was say "That's on us"! The same story is true for cloud security - where we shouldn't make the errors we made in Enterprise Security - start with a stitched platform, don't create vendor sprawl - if you have only one CSP - go cloud native, if you are on multiple clouds get Prisma Cloud. Last but not the least - the SOC hasn't been reinvented in 15 years! XSIAM has 64 customers in 12 months, large organizations have seen value in consolidating in replacing a plethora of vendors and their data lake so they can truly leverage AI to reduce their median time to remediate.. the average? from 4-7 days to a few hours. So don't take a parochial view of platforms and don't call it bundling - it's an integrated strategy that delivers faster security outcomes leveraging AI, lower TCO for our customers and cost savings from reducing multiple sensors with a few. We made a choice 5 years ago to go in this direction, we feel confident that in the next five years point solutions will become a thing of the past.
I think “Platformization” happens when deployment complexity is decreased or superior capabilities can be achieved. The business value of vendor consolidation and cost reduction is not compelling enough (except for the commercial segment where good enough works). For example, CRWD is able to consolidate many markets (AV, EDR, ITDR, DLP…) around their single agent (less complexity). SASE is consolidating inline cloud gateways (SWG, FW, CASB, ZTNA) because of the insane complexity of daisy chaining multiple vendors in the cloud (complexity). Next-gen SIEM/XDR naturally consolidates cyber telemetry into a single data-lake (less complexity and superior analytics). Wiz is beating cloud security suites to lead the CNAPP consolidation because of a single security graph (superior construct for managing posture). Now, If you guys can converge two out of these four very large markets, I will be proven completely wrong...
Your heart is in the right place but your grasp of how the industry works is a fantasy. You did not spark a debate, you jumped on a grenade that has had its pin out for 25 years. No vendor will ever be able to make point solutions a thing of the past. Not unless it somehow disintermediates human nature and manages to employ all future Nir Zuks who are inventing the next generation of products. Nir did consolidate a bunch of features into one platform. Palo Alto is hands down the leading seller of multi-purpose hardware appliances today. But there are still 23 UTM vendors. The customers of Check Point, Fortinet, and Red Piranha, have reasons they chose those products over yours. Just as the customers of CrowdStrike, Okta, Tenable, Zscaler, and Orca, chose what they consider to be best of breed. Yes, your marketing team has doubled down on messaging that has been around for two decades. Yes, there are plenty of CISOs who bemoan the complications of weaving dozens of products into a defensible posture. But what you are proposing has been tried over and over and NEVER succeeds. It is not possible. cont...https://stiennon.substack.com/p/cyber-fantasy-versus-reality
IMHO two separate debates are getting confused 1) SIEM/SOC needs to be modernized with real AI (not just anomaly detection) and XSIAM is the next gen solution. 2) Platformization vs best of breed: If XSIAM supports Crowdstrike or Microsoft endpoint as 1st class citizen, customer can still get the same benefits of modern SOC solution. But if XSIAM insists it does the best job only with Palo end point (totally understandable as it is much easier to control data flows), that's the "platformization" flag. Since Palo relies on acquiring startups for innovation, startups tend to be ahead (for a short time) of Palo. So as a CISO I would like to see my SOC/SIEM solution be Switzerland and if a particular customer chooses to go all in, that's fine.
Where does IAM fit into your platformization strategy?
Or we could just continue debating which is better- Corel WordPerfect or MS Word. Or maybe Netscape over IE…..😎 It’s Cybersecurity’s turn..
It does not have to be black and white. Platformizaton started 10+ years ago with firewall + IDS + IPS and more. It's good for the sanity of cyber teams who need to manage dozens of tools. But innovation is key in cybersecurity. And startups can move fast and bring innovative ideas to tackle new threats. I see 3 areas with holes (and opportunities): - OT and industrial environments, - Cybersecurity tools that truly account for the uniqueness of each industry, - Business metrics around cybersecurity, cyber risk quantification, value at risk, expected loss and more so that executive and BoDs can optimize the security budget. #gopaloaltonetworks - I'm a big fan.
It’ll be interesting to see how it goes, Symantec thought the same thing with SESA, planned it, built it and delivered and failed to see minimal success. Granted the rollout of it was poorly executed and most field sales reps just couldn’t define the value to / for the customer. IMHO and based on my experience with it in Japan.
Let’s agree that platformization is the future and the best course. In said scenario we must also recognize new technologies will continue to develop and new architectures will be deployed thus generating new attack vectors. No single product will get the job done and even with the most robust / profound platform; enterprises will have significant gaps that require innovative “best in breed” technologies. How many companies can tell you how they are leveraging AI? How many companies know what AI exposures exist as users continue to upload content into AI prompts?
Great post. I listened to the conference call and there is much room for improvement in the delivery there. The stock retraced that $186 gain over 5 years by $100 in a day. I'm sure you and the shareholders are all aware of that.
CEO @ Better | $100M+ pre-seed fund backing top-tier Indian founders on day zero. $7B+ enterprise value & growing | 3X Founder
2mospot on - in so many ways. the question is can one company truly build or buy all the best pieces fast enough -- tough one but you've been on that path ... all the best!