{"id":1987,"date":"2019-10-01T10:45:38","date_gmt":"2019-10-01T10:45:38","guid":{"rendered":"http:\/\/kusuaks7\/?p=1592"},"modified":"2024-03-18T15:56:51","modified_gmt":"2024-03-18T15:56:51","slug":"why-are-we-still-facing-so-many-security-products-and-vendors","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/bigdata-cloud\/why-are-we-still-facing-so-many-security-products-and-vendors\/","title":{"rendered":"Why are we still facing so many security products and vendors?"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

A symptom of the unhealthy relationship between cyber security and large firms<\/h2>\n<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tAs we reach one of the high points of each year\u2019s conference season, one has to reflect once more on the staggering number of products and vendors active across the cybersecurity space.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tOnce again, they will line up in their hundreds at Infosec<\/a> in London and elsewhere. Of course, not all of them are making money; many are still burning the cash of their generous VCs, but the fact that such a crowded market still attracts large amounts of investment is still \u2013 in itself \u2013 bewildering.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tIn addition, many of those products still aim to address security requirements which are as old as security good practices themselves, for example across segments such as Incident and Event Management or Identity & Access Management.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tTo see those segments so fragmented across so many players after 15 or 20 years of evolution is not the sign of a healthy marketplace.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tThey should have consolidated years ago and each should be dominated by a few players \u2013 in addition to the usual big names \u2013 all bound by healthy competition.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\nThe fact that it\u2019s not the case simply tell us that buyers are not serious: They do not buy those products because they address a real business need: They only buy those products to put ticks in compliance boxes, to close down some audit points or in support of somebody\u2019s pet project. Or very often, in reactive mode, under pressure to show responsiveness after an incident and without any attempt \u2013 or time \u2013 \u00a0to analyse the market, compare offerings and structure a defensive strategy.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tEven if the \u201ctick-in-the-box\u201d market is huge \u2013 and GDPR has just made it bigger \u2013 in the long-term, nobody wins at that game: Product development ends up driven by regressive compliance-led dynamics, instead of positive dynamics aimed at countering ever-evolving threats, poorly-protected buyers get breached and the industry at large stagnates.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tIn many large organisations, the situation has reached astounding levels: The 2019 Cisco CISO benchmark study<\/a> highlights that 37% of respondents have more than 10 security vendors to manage (3% have more than 50 !!!)\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\u201cBest-of-breed\u201d may be an interesting concept in the security space, but as we pointed out above, it is rarely the real reason behind product proliferation, and in practice, it presents operational teams with considerable challenges: How to orchestrate an efficient incident response when the data you need is scattered across so many platforms? How to build an effective and meaningful reporting capability?\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tAnd the situation is often compounded by the fact that many security tools only end up partially deployed, or simply covering a fraction of the estate \u2013 functionally or geographically.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tFirms which find themselves in that mess must stop<\/a> buying more tech, look back at their genuine security requirements in relation to the threats they face and start building a consolidation strategy.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tThey should also look beyond the products marketplace and consider the ever-growing services offerings in that space. MSSPs have been active for over 15 years but the cloud has also facilitated the emergence of a number of new players in recent years.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tConsolidation and integration become key factors, as the \u201cwhen-not-if<\/a>\u201d paradigm around cyber attacks takes centre-stage with senior executives and their focus shifts away from risk and compliance, towards execution and delivery.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\nAll those who have been riding the compliance wave should bear that in mind.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

A symptom of the unhealthy relationship between cyber security and large firms As we reach one of the high points of each year\u2019s conference season, one has to reflect once more on the staggering number of products and vendors active across the cybersecurity space. Once again, they will line up in their hundreds at Infosec<\/p>\n","protected":false},"author":529,"featured_media":4122,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[187],"tags":[95],"ppma_author":[3178],"class_list":["post-1987","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bigdata-cloud","tag-big-data-amp-technology"],"authors":[{"term_id":3178,"user_id":529,"is_guest":0,"slug":"jean-christophe-gaillard","display_name":"Jean-Christophe Gaillard","avatar_url":"https:\/\/www.experfy.com\/blog\/wp-content\/uploads\/2020\/04\/medium_b55e5afa-fb86-428a-a054-3be0451df2a4-150x150.jpg","user_url":"https:\/\/www.corixpartners.com","last_name":"Gaillard","first_name":"Jean-Christophe","job_title":"","description":"Jean-Christophe Gaillard\u00a0is Managing Director and Founder at Corix Partners. He is also a Non-Executive Director with\u00a0Strata Security Solutions<\/a>, a specialized cybersecurity firm. He has been co-president of the Cyber Security group of the\u00a0Telecom Paris Tech alumni association<\/a>\u00a0since May 2016. He is the author of \u201cCyber Security: The Lost Decade<\/a>\u00a0\u2013 A Security Governance Handbook for the CISO and the CIO\u201d, He contributes regularly to\u00a0The Digital Transformation People<\/a>,\u00a0Business 2 Community<\/a>, and\u00a0IoTforAll<\/a>\u00a0platforms, as well as the\u00a0Business Transformation Network<\/a>. He is an expert contributor on the\u00a0CIO Water Cooler<\/a>\u00a0and has previously published articles on\u00a0InfoSecurity<\/a>\u00a0Magazine, \u00a0Computing<\/a>, the C-Suite.co.uk,\u00a0Info Sec Buzz<\/a>\u00a0and the\u00a0IoD Director<\/a>\u00a0websites."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/1987","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/529"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=1987"}],"version-history":[{"count":9,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/1987\/revisions"}],"predecessor-version":[{"id":36465,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/1987\/revisions\/36465"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/4122"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=1987"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=1987"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=1987"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=1987"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}