Story image

Gartner: Is security just too damn hard? Is product+service the future?

23 Jun 18

Article by Gartner research VP and distinguished analyst Anton Chuvakin

OK, I got a catchy headline, now what? :-) This is another philosophical post about the fate of our beloved domain of cyber.

Specifically, we all remember Dan Geer’s classic quote “Internet security is quite possibly the most intellectually challenging profession on the planet” and most of us doing security read it optimistically (as in “oh yeah, we are pretty damn smart!”)

However, many IT leaders and more senior managers read the same line pessimistically, it seems. They read it as “oh no, security is too hard for us to do” and “security products are too hard for us to use”, which are one step away from the hopeless “we’ll get hacked anyway, whether we do anything or not.”

I've alluded before that “SIEM is too hard for many organisations” and they see the answer in either outsourcing (->MDR) or automating (->UEBA). Succeeded with either involves copious amounts of luck, to be sure….

But what if I told you that we are starting to see the same trend for many other security product categories!? For example, we see many EDR deployment fail, and then eventually saved by the managed EDR (a type of MDR) services. One EDR provider (selling tools) essentially became a near-exclusively managed EDR (a sub-type of MDR) provider (selling services with their tools).

This may mean that we are approaching “peak security product” as there are a/ not enough people to use the products and, worse, b/ there are not enough skilled people to use the products that require skilled people. In light of this, I take a VERY (and I mean … VERY!) dim view of many recent security startups. Guys, rethink software/SaaS/appliance selling! There is nobody to use your stuff out there in the real world….

To finalise, I think a revolution is coming. The revolution that will sweep away many security products and replace them with “product-service fusions” where you pay one amount for using the tools together with ongoing help with their operation. Today, the best examples of this trend are various MDRs (including managed EDRs), co-managed SIEM shops and other product vendors that offer tools-with-services.

Notably, this revolution may or may not mean that MSSP are out to make a killing. Many MSSPs are hopelessly stuck in the past, addressing the late 1990s demands like firewall rule changes and super-basic-bordering-on-fake event monitoring (“today only! deep insight from IDS logs! no other data required!”). I think MDRs and smart product vendors will win this one….

NZ Internet Task Force joins iSANZ Hall of Fame
NZITF chair Barry Brailey and former chairs Mike Seddon and Paul McKitrick received the award in Auckland last week.
Quantum computing: The double-edged sword for cybersecurity
Quantum computing is quickly moving from science fiction to reality.
Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."
How IoT and hybrid cloud will change in 2019
"Traditional VPN software solutions are obsolete for the new IT reality of hybrid and multi-cloud."
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
GCSB's CORTEX project scoops iSANZ Award
“I believe this award is particularly significant as it is acknowledgement from our peers in the information security industry and from across the private sector."
NZ firms lack cybersecurity confidence, HP survey says
Out of 434 of New Zealand’s small and large businesses, only half (50%) feel confident that they would be able to cope if they experienced a significant cybersecurity breach.
SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.