Security Technology Part 1 — Picking the Winners

Have you ever walked around the expo floor at a large InfoSec conference and had that sinking feeling it was impossible to keep up with the pace and breadth of new offerings, even as a full-time security professional? Hundreds of new vendors you never heard of, some refreshing old concepts, many presenting completely new approaches.

You can visit every booth to get added to the grand prize schwag drawing. You can make plenty of new professional contacts. But you need some shortcuts to sort through the overwhelming amount of information put in front of you.

Your options are: 1) Outsource the problem to the market. Let entrepreneurs and consumers experiment; then you adopt the solutions that win. This takes a while to play out, but for many enterprises, it’s a perfectly reasonable approach. Or 2) Recognize the patterns and trends that winning security solutions follow. If your enterprise requires cutting-edge IT solutions, then you will need to deliver cutting-edge security solutions. Let’s discuss a couple of trends you can look for to help you pick out the winners from the crowd.

Why care about the winners? Aren’t there many solutions that are good enough if not great? Sure, and part of a healthy market sector is vigorous competition and a variety of price points to meet many different needs. But making smart technology choices (or at least avoiding bad ones) means your organization is an early adopter of the technologies that ultimately prevail in the market. This gives your organization a competitive advantage financially and operationally and lets you focus on your value to customers instead of struggling with dead-end technology.

Selling more than fear

In the early days of network computing, organizations deployed only the technology strictly required to get connected: routers (and physical media). Gradually, as security requirements developed, a router near the edge of a network was deployed with basic security functionality, and the firewall was born.

By the mid̶-to-late 1990s, there were enough examples of malicious Internet traffic that the firewall was considered part of the required enterprise technology stack to be on the Internet. Lots of firewall solutions appeared, but the few that thrived consolidated other features (such as VPNs) and non-security functions, such as Network Address Translation (NAT). Those few delivered on more than just the fear and uncertainty of bad guys on the Internet. Everyone had more hosts to get on the Internet than they did. Internet routable IPs and NATs were a hot ticket. VPNs provided similar value, lots of companies wanted to connect, and Internet bandwidth was (and still is in many cases) cheaper than private lines.

Fast-forward to 2019, and the same trend continues in the network security space. The “Next Generation” firewall (NGFW) took off around 2012, with the expectations for FW technology considerably expanded. The NGFW concept started with consolidation. IPS, content filtering, network AV, and decryption all were — and still are — expensive point solutions. The NGFW combined all these functions with the traditional FW feature set, offering compelling technical, operational, and financial efficiencies. The industry saw a winning combination, and many vendors offered their take on the NGFW.

Many “best of breed” point solutions had loyal followings, so the bar was set even higher for the NGFW winners. Consolidated platforms also set off don’t-put-all-your-eggs-in-one-basket alarms in the minds of many security practitioners. But a consistent trend emerged amongst the NGFW winners: visibility.

NGFW winners took the security data from several point solutions, effectively combined it with new sources of data, such as user identity, and presented it to security practitioners in significantly more valuable ways than the status quo solutions. NGFW losers could check the same consolidation checkboxes as the winners. They could, in theory, offer the same operational and financial efficiencies. But the market intuitively understands that direct security value (stopping bad guys) is difficult to measure, difficult to truly implement, and all revolves around having a degree of faith in a technology’s under-the-hood, inner workings.

It was the indirect security value — excellent presentation of operational and security visibility, that won the NGFW market. People will buy on fear of the unknown if that’s all they must compare options with, but solutions that offer protection from threats — and emphasize immediate value in other ways — will always capture security markets.

In part 2, we will examine a wider trend across the security industry.