The cybersecurity industry is at an interesting point in its evolution. Business is booming (Gartner expects global information spending to hit $113 billion by 2020), and the cybersecurity technology ecosystem is thriving for both large, established vendors with extensive resources and nimble, innovative startups. With market conditions like these, one would easily believe that a steady stream of new technological developments and eager cybersecurity entrepreneurs and developers are well-positioned to keep churning out innovations for another decade. But that hasn’t proven to be the case.

For example, if you look in even the most advanced network SOC today, you’ll see the same point solutions (antivirus, firewall, IPS, etc.) that security teams have been using for over a decade. While these products have evolved over time, the changes have been more iterative than innovative – hardly a strategy that will keep pace with the rate at which adversaries are evolving.

Traditional methods of creating, delivering and operationalizing security innovations have grown ever more complex due to a combination of several market factors:

• Fragmented data stores: Even the best machine learning and artificial intelligence techniques rely on a critical mass of telemetry and threat intelligence to train their analytics engines, which is only available in bits and pieces from multiple sources, not to mention adding vendor sprawl, complexity and putting additional burdens on limited resources.

• Increasing workflow complexity: Organizations must stitch together dozens of products to support use cases across threat identification, analysis, prevention and mitigation. Each new deployment increases complexity, restricts automation and puts a high burden on limited human resources, resulting in lower security outcomes.

• Need to rapidly consume new security capabilities: Attackers constantly innovate, and organizations must be able to rapidly adjust their security capabilities to detect and prevent successful cyberattacks in a highly agile, automated and instrumented way, without deploying new infrastructure that needs to be purchased (Capex) and managed (Opex). 

We need to rethink the way we design, adopt and deploy new security innovations. We need security solutions that can support hundreds of use cases and applications, not just a few. And there needs to be a better way for tomorrow’s cybersecurity innovators to deliver and deploy the next disruptive security applications. In short, we need a new consumption model for security.

Scott Simkin is a Senior Manager in the Cybersecurity group at Palo Alto Networks. He has broad experience across threat research, cloud-based security solutions, and advanced anti-malware products. He is a seasoned speaker on an extensive range of topics, including Advanced Persistent Threats (APTs), presenting at the RSA conference, among others. Prior to joining Palo Alto Networks, Scott spent 5 years at Cisco where he led the creation of the 2013 Annual Security Report amongst other activities in network security and enterprise mobility. Scott is a graduate of the Leavey School of Business at Santa Clara University.

Previous Columns by Scott Simkin:

Tags: