Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Building the Right Vendor Ecosystem – a Guide to Making the Most of RSA Conference

As you look to navigate RSA Conference, with so many vendors, approaches and solutions, how do you know what solutions you should be investing in?

This year’s RSA Conference (RSAC) is taking place from May 6 to 9 at the Moscone Center in San Francisco. The conference serves as the epicenter for the global cybersecurity community to converge, gain valuable insights, engage in deep conversations, and discover transformative solutions that can change their business model. The Expo also reveals the latest advances in cybersecurity technology from over 600 of the world’s foremost vendors.

So, as you look to navigate RSA, with so many vendors, approaches and solutions, how do you know what cybersecurity solutions you should be investing in? Will they work with your current tools and solutions? What about future solutions?

Right now, many SOC teams are at a crossroads, torn between choosing vendor-based platform solutions or best-of-breed products. Here we help you analyze the vendor landscape and understand what questions you should be asking to not only stay one step ahead of the ever-evolving threats of today, but also anticipate the challenges of tomorrow.

Seek to eliminate security tool siloes

Today’s SOC teams face an uphill battle with fragmented tools and data silos. There are also major challenges around alert fatigue and overloaded SOC teams who, despite all their tools, end up undertaking manual investigations to determine the best response. This is causing SOC burnout, with more than two-thirds (66%) likely to change jobs in next year.

Siloed security tools are a big part of this challenge because they are hard to manage and often data from one doesn’t correlate or integrate with another. This limits opportunities to achieve visibility across the digital environment and apply findings uncovered in one area to risks relating to another.

Platform versus best of breed – weighing advantages and disadvantages

Most organizations are utilizing both vendor-based platform and best-of-breed security tools, some of which they may be looking to consolidate. Platforms promise a streamlined interface between the vendor’s solutions within your environment, but they have drawbacks and often lack the functionality and features provided by best-of-breed solutions.

Advertisement. Scroll to continue reading.

To deliver a platform, a vendor needs a very wide set of products and services and it needs to be capable of developing and refining them all over time. It’s therefore important to ask questions around the product roadmap and direction so you can understand how comprehensive the vendor’s platform really is and whether it will evolve and scale with your needs.

One of the main advantages that best-of-breed has over a platform approach is that it allows customers to choose the most suitable and effective tools for their specific needs and preferences, and benefit from the innovation and expertise of specialist vendors.

However, best-of-breed solutions also have drawbacks, the SOC team may have limited visibility across the entire attack surface, limited workflow integrations, Also, as mentioned above, the tools could be siloed and this can lead to challenges integrating intelligence across the whole environment.

Integration with other tools

One of the key questions you should be asking vendors, when looking for the optimum solution, is how well their platform or solution integrates with other tools.

It is important that you understand your strategy before you get into any conversations. For example, you may be looking to consolidate several tools to reduce complexity, but you will still need to integrate those you do select.

Unfortunately, there is little incentive for many of the large vendors to work with their competitors, which often limits integration opportunities between them. On the other hand, best-of-breed providers know that they must integrate and work with an ecosystem of organizations and competitors in order to deliver comprehensive defensive capabilities. Additionally, when you integrate with a broader ecosystem of providers, you are able to leverage intelligence, information and data from other tools. This enables broader visibility and additional control.

It is also worth noting how existing and new regulations play into your decisions. Often regulatory environments prefer best-of-breed solutions but recognize that integration is essential to get the full picture.

Breadth versus depth – the value of the depth of information

A vendor may have a wide breadth of integrations with third-party providers, but these might not go that deep. Ideally, integrations won’t be merely surface level, but will draw on the deeper capabilities of the complementary solutions. Therefore, it is important to understand the depth of these integrations and whether they will meet your needs.

At the end of the day, if you are building out a platform approach you will inevitably still have some technologies that you need to integrate. Additionally, you should be aware of the issue of vendor lock-in; customers that rely on a single company for their entire security environment, rarely move off that platform. So if you are committing to a dominant vendor, you need to ensure it has flexibility to incorporate those best-of-breed solutions that you still want to use.

Central to this is asking how robust the vendors APIs are. I say this because legacy vendors, that evolved in a standalone environment, may have limited APIs, meaning that there will be less that the SOC team is able to do from an ecosystem standpoint. The extent and limitations of your capability to integrate with other third-party solutions will be dependent on how robust your platform provider’s APIs are.

At the end of the day, SOC teams want to quickly identify which events matter the most, eliminate alert fatigue and enable more value-added activities. They want to use vast amounts of untapped event, network, ecosystem, and DNS intelligence data to move from a reactive to a more proactive posture. They want to stop threats before they occur, starting with proactively hunted threat intelligence and insights derived from massive dataset analytics.

Therefore, before you set off to RSA this year, here are four additional points to consider:

  • Assess your current and future security needs and challenges and prioritize the most critical and urgent ones.
  • Evaluate the existing and potential products and services that can address your needs and challenges, and compare their features, benefits, drawbacks, and costs.
  • Consider the reliability and reputation of the vendors and their vision and direction for the future.
  • Beware of the risks and trade-offs of consolidation in the cybersecurity landscape. If your tool vendor’s plans are misaligned with your strategic goals, and they get acquired by another company, it’s likely to change its product roadmap, support, and pricing structures.
Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Fastly announced that Scott Lovett will join the company as Chief Revenue Officer, effective June 3, 2024.

Digital transformation consulting firm Synechron has hired Aaron Momin as CISO.

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

More People On The Move

Expert Insights