The federal government spends about $20 billion a year on cybersecurity solutions, yet a large portion of that spend is not for technology: It’s for services required to stitch together products from multiple vendors that don’t naturally work together. One product might trigger an event as an indicator of compromise, while another might indicate no threat at all, creating confusion and requiring intervention from a cyber professional to make a decision. This lack of integration in cyber technologies has been a problem for years, and the ever-changing and rapidly growing cybersecurity industry has exacerbated it. As new threats emerge, vendors come up with new products designed to meet the latest need, perpetuating the cycle of technologies that don’t integrate into the existing cyber ecosystem. Companies release solutions said to counter the most recent threat vector, and government buyers are persuaded to invest in the next hot technology to stay ahead of the curve. Not surprisingly, this practice, known as “best of breed,” has significant drawbacks.
The counter scenario to the best-of-breed approach is the platform approach, and it too has had drawbacks in the past. There’s been a decades-long debate between “best of breed” and “platform.” Do organizations want the latest, greatest and most effective product, or do they want a platform that delivers natively integrated features, unified policies and stability? That’s been a difficult choice for government buyers, as they might like the ease of a platform but worry that they’ll be missing out on best-of-breed solutions. There have been pros and cons to each approach, but at its core the debate has come down to innovation vs integration. Is it possible to have both? It very well could be. But first, more about the industry and how we got here.
The cybersecurity industry has never had an incentive to create products that are interoperable. Like Silicon Valley start-ups, the industry is defined by innovation and speed, not stability and collaboration. While industry partnerships exist, and are the focus of many marketing campaigns, the result is often overlap, confusion and eventually direct competition. And even in that rare case where true partnerships emerge, the integrations are plagued by interdependencies, lack of integrated roadmaps, acquisitions and impossible federal certification/accreditation milestones. By the time the average federal cybersecurity project is deployed, the adversary and industry have moved on.
The cybersecurity industry is also one of few IT industries that has not experienced a mass consolidation. Sure, we have witnessed accelerated merger and acquisition activity, but the buying cycle remains unchanged: new threat, new product, new investment, from a wide variety of vendors. Yet there is a reason that most organizations don’t have two enterprise productivity suites. Enterprises do not use GSuite for their calendar but Office365 for email. Organizations do not use Zoom for video conferencing but Webex for audio bridges. Most large organizations have standardized on a single enterprise resource planning platform. So why does the security industry remain the outlier?
Perhaps it comes down to integration versus innovation. The best-of-breed approach promises innovation, even at the expense of integration. As we’ve seen, many government entities opt for the former, even if they end up with a hodgepodge of solutions that don’t always work together. A platform is easier to manage. The solutions work together seamlessly, the vendor does most of the work, and the organization is not always taxed with purchasing the next hot solution. The fear, however, is that organizations are missing out – that they’ve chosen integration over innovation.
While this might have been true at one point, it is no longer the case. In the last several years, a few cybersecurity providers have invested to deliver unified platforms that provide the latest and greatest capabilities through a unified and highly integrated platform. Gartner has even gone so far as to create new Magic Quadrant market research reports for cloud native application protection platforms (CNAPP) and single-vendor secure access service edge (SASE). The debate is over: Government organizations no longer have to sacrifice innovation for integration. Best-of-breed integrated cybersecurity platforms have become the new normal, and some are available today.
Unified policy, greater consistency, lower cost, and – importantly – continuous innovation are all core to these platform offerings. And, as many of the industry’s leading extended detection and response, SASE and CNAPP offerings are cloud-hosted, there is continuous delivery and continuous integration. As new threats emerge, new features and capabilities are launched from a code push rather than a product launch. When entirely new threat vectors or attack surfaces emerge, new features are rapidly deployed within the platform to address them.
Federal agencies now have the opportunity to break the old best-of-breed, unintegrated cycle and make investments today that will ensure the latest in cybersecurity technology for tomorrow. New, continuously innovating platforms offer the best of both worlds: the most current solutions plus integration and ease of management. In the current environment of accelerating threats, an ever-changing threat landscape and a cyber workforce shortage, this new approach could be a game-changer.
Drew Epperson is vice president-federal engineering at Palo Alto Networks.
Can cybersecurity platforms deliver innovation for government agencies?
The cybersecurity industry has never had an incentive to create products that are interoperable.
The federal government spends about $20 billion a year on cybersecurity solutions, yet a large portion of that spend is not for technology: It’s for services required to stitch together products from multiple vendors that don’t naturally work together. One product might trigger an event as an indicator of compromise, while another might indicate no threat at all, creating confusion and requiring intervention from a cyber professional to make a decision. This lack of integration in cyber technologies has been a problem for years, and the ever-changing and rapidly growing cybersecurity industry has exacerbated it. As new threats emerge, vendors come up with new products designed to meet the latest need, perpetuating the cycle of technologies that don’t integrate into the existing cyber ecosystem. Companies release solutions said to counter the most recent threat vector, and government buyers are persuaded to invest in the next hot technology to stay ahead of the curve. Not surprisingly, this practice, known as “best of breed,” has significant drawbacks.
The counter scenario to the best-of-breed approach is the platform approach, and it too has had drawbacks in the past. There’s been a decades-long debate between “best of breed” and “platform.” Do organizations want the latest, greatest and most effective product, or do they want a platform that delivers natively integrated features, unified policies and stability? That’s been a difficult choice for government buyers, as they might like the ease of a platform but worry that they’ll be missing out on best-of-breed solutions. There have been pros and cons to each approach, but at its core the debate has come down to innovation vs integration. Is it possible to have both? It very well could be. But first, more about the industry and how we got here.
The cybersecurity industry has never had an incentive to create products that are interoperable. Like Silicon Valley start-ups, the industry is defined by innovation and speed, not stability and collaboration. While industry partnerships exist, and are the focus of many marketing campaigns, the result is often overlap, confusion and eventually direct competition. And even in that rare case where true partnerships emerge, the integrations are plagued by interdependencies, lack of integrated roadmaps, acquisitions and impossible federal certification/accreditation milestones. By the time the average federal cybersecurity project is deployed, the adversary and industry have moved on.
The cybersecurity industry is also one of few IT industries that has not experienced a mass consolidation. Sure, we have witnessed accelerated merger and acquisition activity, but the buying cycle remains unchanged: new threat, new product, new investment, from a wide variety of vendors. Yet there is a reason that most organizations don’t have two enterprise productivity suites. Enterprises do not use GSuite for their calendar but Office365 for email. Organizations do not use Zoom for video conferencing but Webex for audio bridges. Most large organizations have standardized on a single enterprise resource planning platform. So why does the security industry remain the outlier?
Join WTOP Nov. 21 for an exclusive conversation with congressional and health care industry leaders about what is on the nation's health care policy agenda right now. Register today!
Perhaps it comes down to integration versus innovation. The best-of-breed approach promises innovation, even at the expense of integration. As we’ve seen, many government entities opt for the former, even if they end up with a hodgepodge of solutions that don’t always work together. A platform is easier to manage. The solutions work together seamlessly, the vendor does most of the work, and the organization is not always taxed with purchasing the next hot solution. The fear, however, is that organizations are missing out – that they’ve chosen integration over innovation.
While this might have been true at one point, it is no longer the case. In the last several years, a few cybersecurity providers have invested to deliver unified platforms that provide the latest and greatest capabilities through a unified and highly integrated platform. Gartner has even gone so far as to create new Magic Quadrant market research reports for cloud native application protection platforms (CNAPP) and single-vendor secure access service edge (SASE). The debate is over: Government organizations no longer have to sacrifice innovation for integration. Best-of-breed integrated cybersecurity platforms have become the new normal, and some are available today.
Unified policy, greater consistency, lower cost, and – importantly – continuous innovation are all core to these platform offerings. And, as many of the industry’s leading extended detection and response, SASE and CNAPP offerings are cloud-hosted, there is continuous delivery and continuous integration. As new threats emerge, new features and capabilities are launched from a code push rather than a product launch. When entirely new threat vectors or attack surfaces emerge, new features are rapidly deployed within the platform to address them.
Federal agencies now have the opportunity to break the old best-of-breed, unintegrated cycle and make investments today that will ensure the latest in cybersecurity technology for tomorrow. New, continuously innovating platforms offer the best of both worlds: the most current solutions plus integration and ease of management. In the current environment of accelerating threats, an ever-changing threat landscape and a cyber workforce shortage, this new approach could be a game-changer.
Drew Epperson is vice president-federal engineering at Palo Alto Networks.
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Related Stories
NIST finalizes Cybersecurity Framework updates
CISA’s new plan to better align cybersecurity operations
HHS pushes better cybersecurity across the health sector