The New Security Stack: While old school security vendors are trying to buy their way into relevance, it’s still not making organizations any safer
October 9, 2018
We’ve heard it a million times: those who don’t learn from history are doomed to repeat it. Some of us take heed, while most figure we can beat history on our own terms. What we can’t beat, however, is evolution.
Evolution has brought us, both from a technology and behavioral perspective, continuous and rapid innovation, and it’s changing how we communicate, collaborate, and transact through things like mobile platforms and the cloud. Cloud computing is a perfect example of a major evolutionary force. By design, it’s agile, collaborative, and facilitates continuous innovation. It is not, however, secure, and far too many organizations are applying old, outdated security approaches that are irrelevant in modern cloud environments.
Security used to be hardware
Early security vendors built boxes that ran firewalls around networks and intrusion prevention systems that controlled access at endpoints. All of this was based on a methodology of linear traffic; people and data want to get into your network, and the people and data already in your network, want to go out and access data and resources that live in other networks. Individual machines were managed through antivirus software. These regular scans, of course, were worthless if a virus entered your system, but it was about the best the Internet had to offer at the time, and everyone just sort of went along with it.
As organizations grew, their networks subsequently grew. The security solution was more firewalls, more intrusion detection, and more validation of IP addresses. More boxes were the answer to more traffic.
So, there’s the history. But the question remains…have we learned anything?
Well, these vendors are still very much alive and successfully guarding organizations that adhere to on-premises infrastructures. The problem is that we’re not living in that kind of world now. Today’s IT infrastructures rely on the cloud because their technology must enable things like DevOps, rapid scaling, and simplicity in order to use speed as a competitive advantage. Enterprises are obsessed with pushing code, iterating, and pushing again. To do that requires a collaborative and focused culture, and the technology must reflect that.
The new generation of security
Old school security merchants can’t build solutions quickly enough to address the growing tide of cloud migrants and upstarts initiating a cloud-first strategy, so they’re opting to piece together component parts to make something that resembles a comprehensive solution. Their sales approach is menu-like, but its product strategy is far from unified. Customer confusion will be high, especially as security teams question whether a company with a hardware mentality can adapt its technology and product strategy to meet demand, and do it in a way that addresses their velocity and scalability needs.
Legacy vendors like Palo Alto Networks, Symantec, McAfee, and others are using a piecemeal strategy by acquiring vendors who do parts of the security stack (compliance, or workload, or containers) and cobbling together a product offering. They will suffer from integration issues and users will still be operating as if they have multiple vendors in their stack, all performing different functions.
That’s precisely what an organization should not do if they want comprehensive awareness of all their cloud activity, and across different platforms. Far too many vendors are just layering different products on top of each other and leaving it to customers to sort how to apply them. That’s not a solution, and it certainly doesn’t support their security efforts.
The power of one
Lacework gets a lot of attention because we’ve stayed very focused on doing what we set out to do: automating end-to-end cloud security at scale. Our customers keep telling us, “You guys did the hard stuff first.” What they mean is that we focused first on building a superior solution for a complex problem and didn’t go to market until we had a workable product. We are up against a varied mix of competitors but our founders identified something early on that has been our guiding vision from the beginning, namely, using the cloud to secure the cloud.
This is the power of being singularly focused. Rather than distributing our attention across cobbled-together products, we built one product that solves for all cloud security needs. The energy of our engineering and product teams goes into one goal – securing the environments of our customers. And the benefits to our customers are singular as well; they can see, identify issues, and manage their security posture through one product.
That focus is based on how we approach our product development. We emphasize five key things, all of which are combined to ensure that customers know what’s happening in their workloads, that they can identify and analyze events against normalized behavior, and be alerted accordingly. To us, the security of public cloud environments is served through these things:
- Automated security & compliance for AWS: Organizations require security monitoring that is continuous so that configurations adhere to compliance requirements.
- Container security: With the growing use of containers, organizations need container monitoring solutions for Kubernetes, Docker, & CoreOS that can operate at their scale.
- Host security: When deployed at the server level, an organization gets insights about what’s happening with configurations, settings, users, workloads, and potential external threats.
- File integrity monitoring (FIM): With automated FIM, organizations satisfy requirements for PCI DSS, HIPAA, FISMA, and more.
- Engineering for massive scale: Every organization is moving fast in order to meet stakeholder demand. Solutions are needed that analyze and protect customer deployments at velocity and scale.
Consolidation, investment, and acquisition in the security market is a great validation that demand for the cloud continues at a breakneck pace. It also validates that others are trying to achieve what we have done from the start, namely, to deliver a valuable, user-friendly solution that uses a single product to achieve end-to-end security awareness, insight, and management. At stake for organizations that need cybersecurity solutions, however, is what vendors can address their needs with legitimate solutions that are hyper-focused on the specific needs of cloud environments.