Defending enterprises against the growing frequency and complexity of cyberattacks is becoming an ever-increasing burden to cybersecurity budgets and manpower. An ESG enterprise-class cybersecurity technology platform white paper commissioned by McAfee shows CISOs have “reached a tipping point where the current cybersecurity point tools are no longer acceptable.” Current high-cost, complex strategies using disconnected point tools aren’t working and CISOs are abandoning their collection of cybersecurity point tools in favor of a consolidated, integrated approach.
ESG reports that consolidation is wide spread and growing – 22% of organizations are actively consolidating the number of cybersecurity vendors they do business with on a large scale while 44% of respondents are consolidating the number of cybersecurity vendors they do business with on a limited basis. ESG expects this trend to gain momentum over the next 12 to 24 months.
In response to this consolidation trend, more service providers are attempting to market their disparate tools as a platform. According to the ESG white paper, “Industry hyperbole has led to user confusion about what qualifies as a cybersecurity technology platform.”
Based on ESG’s survey findings, the following eight key attributes should be included in all RFIs/RFPs and become part of every cybersecurity technology platform:
- Prevention, detection, and response capabilities. CISOs expect cybersecurity platforms to provide strong defensive capabilities (i.e., rules, heuristics, machine learning models, behavioral algorithms, threat intelligence integration, etc.) capable of blocking and detecting threats with close to 100% efficacy. When threats are detected, cybersecurity platforms should average low false positive rates and provide concise forensic evidence that enables analysts to track events that led to an alert. Cybersecurity platforms should also include simple mitigation techniques such as quarantining a system, halting a process, or terminating a network connection. Users should have the ability to automate these remediation measures when desired.
- Coverage that spans endpoints, networks, servers, and cloud-based workloads and API-driven services. Cybersecurity platforms should be able to prevent, detect, and respond to threats across an enterprise IT infrastructure composed of endpoints, networks, servers, or cloud-based workloads and API-driven services. Prevention, detection, and response capabilities should be united so that security and IT operations teams can monitor activities and take actions across any security technology controls and any location.
- Central management and reporting across all products and services. All security controls should report to a central management plane delivering configuration management, policy management, monitoring, and remediation capabilities. Central management must be built for scale, support role-based access control, and offer the ability to customize multiple UIs and functions for different security and IT operations profiles.
- An “open” design. Security platforms must be built for integration by supporting common messaging buses and open APIs. Best-in-class cybersecurity platforms will also feature an open design capable of supporting third-party developers and security vendors with developer support resources, partner ecosystems, technical support services, and go-to market programs.
- Tightly coupled plug-and-play products and managed services. The transition from point tools to cybersecurity platforms may be an arduous process journey requiring a phased implementation. As a result, cybersecurity platforms must play the role of force multiplier, providing incremental value through the integration of additional products and services. Supplementing any security product or managed service should increase the security efficacy and operational efficiency of the entire platform.
- Security coverage that includes major threat vectors including email security and web security. Most malware attacks emanate through compromised systems using techniques such as phishing, malicious attachments/links, and drive-by downloads. Cybersecurity platforms must include strong prevention/detection filters that work inline and service the entire IT infrastructure. Filters can be provided by the platform vendor or through third-party integrations.
- Cloud-based services. Cybersecurity platforms should be capable of utilizing cloud-based resources for processes such as file analysis, threat intelligence integration, behavioral analytics, and reputation list maintenance. Cloud-based services should be applied to all cybersecurity platform users in real time. When a malicious file is detected at one site, all other platform customers should be updated with prevention and detection rules to safeguard them from that threat.
- Multiple deployment options and form factors. The components of cybersecurity platforms should be accessible as on-premises software/devices, cloud-based server implementation, SaaS, or some combination. ESG provides the example of a large global enterprise may deploy on-premises software/devices at corporate headquarters, cloud-based server implementation for large regional offices, and SaaS for remote workers. All form factor options should be anchored by central configuration management, policy management, and global monitoring.
ESG’s white paper advises CISOs to approach cybersecurity platforms with a long-term strategy and project plan that spans a 24-to-36-month timeframe.
ESG also identifies McAfee as “one of a few vendors” whose product fits the description of a cybersecurity technology platform. Because McAfee’s ePO-based cybersecurity technology platform aligns well with ESG’s eight key cybersecurity technology platform attributes and high priority enterprise customer requirements, ESG states “CISOs would be well served to explore McAfee’s ePO-based cybersecurity technology platform as it aligns well with current and future cybersecurity requirements for improving security efficacy, increasing operations efficiency, and enabling the business.
Read more on how McAfee’s ePO can consolidate and improve your enterprise’s cybersecurity defenses.
About the Author