Story image

Gartner: Is security just too damn hard? Is product+service the future?

23 Jun 18

Article by Gartner research VP and distinguished analyst Anton Chuvakin

OK, I got a catchy headline, now what? :-) This is another philosophical post about the fate of our beloved domain of cyber.

Specifically, we all remember Dan Geer’s classic quote “Internet security is quite possibly the most intellectually challenging profession on the planet” and most of us doing security read it optimistically (as in “oh yeah, we are pretty damn smart!”)

However, many IT leaders and more senior managers read the same line pessimistically, it seems. They read it as “oh no, security is too hard for us to do” and “security products are too hard for us to use”, which are one step away from the hopeless “we’ll get hacked anyway, whether we do anything or not.”

I've alluded before that “SIEM is too hard for many organisations” and they see the answer in either outsourcing (->MDR) or automating (->UEBA). Succeeded with either involves copious amounts of luck, to be sure….

But what if I told you that we are starting to see the same trend for many other security product categories!? For example, we see many EDR deployment fail, and then eventually saved by the managed EDR (a type of MDR) services. One EDR provider (selling tools) essentially became a near-exclusively managed EDR (a sub-type of MDR) provider (selling services with their tools).

This may mean that we are approaching “peak security product” as there are a/ not enough people to use the products and, worse, b/ there are not enough skilled people to use the products that require skilled people. In light of this, I take a VERY (and I mean … VERY!) dim view of many recent security startups. Guys, rethink software/SaaS/appliance selling! There is nobody to use your stuff out there in the real world….

To finalise, I think a revolution is coming. The revolution that will sweep away many security products and replace them with “product-service fusions” where you pay one amount for using the tools together with ongoing help with their operation. Today, the best examples of this trend are various MDRs (including managed EDRs), co-managed SIEM shops and other product vendors that offer tools-with-services.

Notably, this revolution may or may not mean that MSSP are out to make a killing. Many MSSPs are hopelessly stuck in the past, addressing the late 1990s demands like firewall rule changes and super-basic-bordering-on-fake event monitoring (“today only! deep insight from IDS logs! no other data required!”). I think MDRs and smart product vendors will win this one….

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."
Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.