Vladi is Co-Founder & CEO of Lightspin, empowering cloud and security teams to eliminate risks to their cloud and Kubernetes environments.
getty
I recently heard Jay Leek, managing partner and co-founder of SYN Ventures, talk about the difference between a feature-based security product and a mini platform. According to Leek, the majority of today’s security startups (and there are several thousand out there!) are feature-based products that don’t address a holistic need.
They are targeted at a single solution, which allows startups to go to market faster. If the feature is strong, this usually places the company on a fast track to being acquired by one of the big players. They end their lives as a feature on a large security solution’s checklist.
Understanding What Feature Products Are, And What They Are Not
There’s nothing inherently wrong with this approach. After all, as new threats come into focus, the market often needs quick, targeted solutions that meet a specific need. However, I would argue that the feature model isn’t a basis for a solid company, and it’s also heavily responsible for tool sprawl — the proliferation of software solutions in the average enterprise.
According to a recent IBM Security and Ponemon Institute study, the average organization deploys 45 security tools on its network, and those that deploy more than 50 actually ranked themselves 8% worse in terms of detecting threats and 7% worse in terms of responding to the threat. Not only that, another study found that more than half of IT leaders (53%) say they don’t know how well their security tools are working.
Narrow solutions that are based around a single feature force the need for multiple security technologies. For example, if I onboard serverless security, but then, a few months down the line, I make changes and need to support a container-based environment, I now need to add another tool to my arsenal. In today’s fast-paced world, which includes mergers, acquisitions and extreme digital transformation, change of environment isn’t just a possibility, it’s almost a certainty.
With too many security solutions, your security and IT teams start battling common problems, such as alert fatigue in which they can’t differentiate between all the notifications or keep up with the constant slew of warnings. It’s no wonder businesses actually end up feeling less secure.
The equation is simple. Feature-based security leads to limited scope, forcing your hand to onboard multiple solutions. This leads to a large volume of security alerts. You’re left with an overwhelmed security team and, therefore, an insecure environment — the very opposite of your original goal.
Holistic Platforms Take Greater Effort, For Greater Reward
On the other side of the scale, from feature-based solutions, are platforms that try to solve too much at once. I’m not talking about “boil the ocean” style technologies that claim to solve it all; that’s not practical or even possible in today’s complex landscape. But I am talking about technology that takes data from multiple sources and uses a single core technology to apply it to solve multiple use cases.
One example would be comparing cloud security technologies to those that focus on CVEs alone. Common vulnerabilities and exposures (CVEs) are exactly what they say on the tin — they’re the most common threats and approaches that attackers take. Today, there is a trend to base new cloud security tools on CVE scanning, despite this being a very niche part of an offensive strategy for attackers. There are so many ways to breach a network, and CVE scanning will only check for common and well-known threats.
On top of this, the evolution of today’s technology means that everyday containers are becoming more hardened and increasingly lean, by their very design. The number of CVEs, therefore, drops. Each “common” vulnerability actually becomes less common and quickly falls out of date. As a result, CVEs are becoming less useful for security and more focused on compliance needs — perhaps a great feature-based tool, but nothing more.
Building a platform that covers a greater number of tasks is a lot harder. A platform requires more effort, more time investment and more resources in terms of infrastructure. But once you’ve put a year or more into creating a platform, it can address multiple needs. CVEs can be part of a solution that includes application security, open-source scanning, misconfigurations and much more. With many features instead of one, your technology can correlate different information and create a way to prioritize needs, reduce manual workload and slash the time it takes to mitigate threats, with context.
Revisiting The Equation
Let’s go back to our equation, switching out feature-based tools with more robust and complex platforms. This type of platform increases the scope of what you’re managing with a single technology, allowing for correlation and prioritization of information, leading to fewer security alerts and empowering the security teams to create a strengthened security environment overall.
Before you onboard that next “must-have” security vendor, ask yourself: “Is this technology feature-based or can it offer more than that?” And make the smart choice!
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
