CISOs are in a constant state of conflict. While digital transformation and open business models are great for the enterprise, they dramatically expand the attack surface and expose enterprises to malicious cyberattacks. The CISOs goal is to disrupt this strategic conflict by implementing cybersecurity technologies and processes, allowing business growth while minimising cybersecurity risk.
The first step in resolving this strategic conflict is to investigate the cybersecurity marketplace and identify advanced security solutions. Unfortunately, the complexities of the market include a broad spectrum of product categories, including cloud security, endpoint security, web security, threats intelligence, and so on.
As if this isn''t enough challenging, each category is grouped into sub-categories.
Talent shortages and budget constraints cause the CISOs to tame.
Security teams are forced to involuntarily become system integrators, investing massive amounts of time and effort into market research, product validation, cross-product integration, and product maintenance automation to produce a cohesive, effective organization cybersecurity fabric. Such efforts include the recruitment of skilled professionals, as well as limited budgets. Basically, the CISOs job is nearly impossible due to a wide range of problems in the cybersecurity industry.
The CISO must adopt a different cybersecurity paradigm by creating a single security platform developed by international cybersecurity companies. This is better known as an enterprise cybersecurity platform.
These platforms are based on independent R&D efforts combined with capabilities originating from mergers and acquisitions of cybersecurity startups. While these platforms are a good alternative to the best-of-breed security paradigm and are still not a silver bullet.
Cybersecuritys endless battles
Is it possible to impose a price of vendor lock-in on one platform to help with the ever-changing range of threats? Can replacing best-of-breed capabilities with adequate solutions help with advanced threats? Is it possible to respond quickly to vendor lock-in payments?
The problem in the cybersecurity arena is the constant fights between defenders and attackers. Every day, supply chain attacks, ransomware, credential harvesting, and others, resulting in shift to a platform paradigm cannot guarantee complete protection. Finally, vendor lock-in is a problem organizations are attempting to abandon this strategy because it is costly and complex.
How can the market solve the friction between the best-of-breed security model and the huge implementation dilemma?
What the market needs today is more lateral and horizontal innovation than the actual vertical innovation, where cybersecurity startups take up one threat or one technology, such as open source, software-as-a-service (SaaS), access controls, cloud workloads, and attempts to address cybersecurity only for that domain. All these verticals have created a fractured market, which is difficult to deal with.
How horizontal innovation strengthens the cybersecurity market
I would like to offer a different approach to addressing the market''s failure, ensuring that both countries can mitigate cyberthreats in a variety of ways, without requiring drastic integration and maintenance efforts.
Vertical innovation should continue to protect new technologies and combat new threats, but in the same time, entrepreneurs and venture capitalists must encourage horizontal innovation.
Horizontal innovation transforms horizontal products into a cohesive cohesive cohesive relationship between multiple categories and segments. Intelligent integration, orchestration, and automation capabilities are emphasized at the core of horizontal innovation.
In certain sectors of the cyber market, the first buds of horizontal innovation are evident. For example, the transition from SIEM products to security orchestration, automation, and response (SOAR) products within security operations (SecOps).
SOAR products are focused on conducting horizontal maintenance of all IT layers while simultaneously avoiding cyberthreat intelligence (CTI) and automated investigation and remediation processes (IR and auto remediation). This saves security operation centers (SOCs) the labor of integration and response to small-tactic incidents, allowing them to focus on ongoing attacks and shifting to proactive threat hunting.
Application Security (AppSec) orchestration and correlation, (ASOC) components are used to enhance security vulnerabilities and vulnerabilities identified by AppSec products, such as statistic application security testing (SAST) and dynamic application security testing (DAST), open-source security tools, API security tools.
These horizontal productenable developers and AppSec professionals to handle the overflow of security exposures through automated cybersecurity clustering and context-based prioritization, all in order to bring highly secured applications to the market that are secured by design.
The enterprise cybersecurity posture management is one of the main components that has yet to be broken. This is because it has the purpose to provide the CISO and the corporate management with a comprehensive outline of cybersecurity. This includes identifying the weak underbelly and providing recommendations for improving the enterprise security system.
All market participants in this business must enable and support horizontal innovation. CISOs must demand horizontal capabilities from corporations and startups turning to feature products as a last resort. Businesses and major vendors must expose APIs for their vertical security capabilities, creating an open architecture market.
Entrepreneurs must cultivate horizontal innovation and investors should support it, even if vertical innovation may seem more complex. These services will be in great demand, and entrepreneurs and investors will reap the rewards of their investments.
It''s time to get a sense of urgency that horizontal innovation, or cross-segment product linkage, is in fact the missing link in the cyber market''s evolution from silo capabilities to an interoperable security fabric.
Elron Ventures'' managing partner is Elik Etzion.