Cloud-Native Security Platforms€¦ · allocating more than 50% of their IT budgets to projects...

© C O P Y R I G H T 2 0 2 0 4 5 1 R E S E A R C H . A L L R I G H T S R E S E RV E D.

Cloud-Native Security PlatformsThe Solution for the Digital Age

C O M M I S S I O N E D B Y

J U N E 2 0 2 0

A B O U T T H E AU T H O R

A A R O N S H E R R I L LS E N I O R A N A LY S T, I N F O R M AT I O N S EC U R I T Y

Aaron Sherrill is a Senior Analyst for 451 Research covering emerging trends, innovation and disruption in the Information Security channel with an emphasis on service providers.

2C O M M I S S I O N E D B Y E S E N T I R E

About this paperA Black & White paper is a study based on primary research survey data that assesses the market dynamics of a key enterprise technology segment through the lens of the “on the ground” experience and opinions of real practitioners — what they are doing, and why they are doing it.


B L AC K & W H I T E | C LO U D - N AT I V E S EC U R I T Y P L AT F O R M S

Executive SummaryDespite year after year of increased spending on security tools, people, services, audits and assessments, organizations have seen minimal results. Security gaps still persist as overwhelmed security teams lack the visibility, scalability, expertise and agility to adapt to a rapidly changing digital ecosystem. Although a majority (70%) of organizations believe they are more secure today than they were 12 months ago, almost half believe they will experience a data breach in the next 12 months, according to 451 Research’s Voice of the Enterprise: Information Security, Organizational Dynamics 2019 survey data.

The problem will likely not improve soon as organizations adopt modernization and transformation initiatives that are outpacing the ability of security teams to adapt. This new paradigm demands that security teams modernize and transform themselves with AI, automation, intelligence, threat detection and big-data analytic capabilities. The solution to such a radical shift is a security platform that can scale and adapt to the business’s expanding digital footprint, evolve with the growing threat landscape, and be a force multiplier, creating an integrated environment that operates as a single solution.

Unfortunately, the phrase ‘security platform’ has become so exploited and misused that it has essentially lost its meaning. As with other overused terms and phrases, we need to clearly define what security platform means to understand its importance in creating an organizational security posture that is scalable, adaptable, agile, and built for a diverse and disparate IT ecosystem. Organizations will find that platforms and MSSPs that fail to meet the characteristics of a modern security platform are still solving problems for an age that has already come and gone.

Key Findings• Massive change is occurring. Over 97% of organizations reported they are either underway

with, or expecting, digital transformation progress in the next 24 months, and over 41% are allocating more than 50% of their IT budgets to projects that grow and transform the business.

• Security platforms enable automation and orchestration capabilities across the entire IT stack, streamlining and optimizing security operations, improving productivity, enabling higher utilization of assets, increasing the ROI of security investments, and helping address interoperability challenges created by isolated, multi-vendor point products.

• Threat-driven and outcome-based security platforms address the full attack continuum, compared with legacy approaches that generally focus on defensive blocking of a single vector.

• Modern security platforms leverage artificial intelligence (AI) and machine learning (ML) to solve some of the most prevalent challenges for security teams, including expertise shortages, alert fatigue, fraud detection, behavioral analysis, risk scoring, correlating threat intelligence, detecting advanced persistent threats, and finding patterns in increasing volumes of data.

• Security platforms simplify data analytics by delivering capabilities that empower threat detection, response and mitigation activities; offer risk management insights; and help organizations stay ahead of potential threats.



• Modern security platforms are positioned to deliver real-time, high-definition visibility with an unobstructed view of the entire IT ecosystem, providing insights into the company’s assets, attack surface, risks and potential threats.

• Organizations that leverage a modern security platform combined with services are discovering they can focus on their core mission and transform security into a business enabler for the entire organization.

Introduction As organizations modernize operations and reinvent how they work, technology undoubtedly becomes the linchpin for every aspect of the business. Pervasive connectivity, the proliferation of data and analytics, AI, process automation, the internet of things (IoT), mass distributed workforces and other innovations are quickly disrupting established operating models. Technology now drives every business function, fuels new revenue opportunities, enhances customer experiences, and improves operational efficiencies. These revolutionary changes are empowering the ability of organizations to pivot, adapt and thrive at unprecedented speed.

However, organizations of all sizes are adopting new technologies and processes faster than most security teams can adapt. For security teams, this means constant change, disruptions with unknown consequences, increased risk, more data to decipher, more noise, more competing priorities, and a growing, disparate, and diverse IT ecosystem to protect. The challenge for cybersecurity teams is finding ways to deliver and maintain security at the speed of digital transformation, ensuring that every new technology, digital process, customer and partner interaction, and innovation is protected.



Trends and ConsequencesSecurity teams are facing a plethora of old, new and unforeseen challenges. According to 451 Research’s Voice of the Enterprise survey data, virtually all respondents (97%) reported they are either underway with, or expecting, digital transformation progress in the next 24 months. Over 41% of respondents reported allocating more than 50% of their IT budgets to projects that grow and transform the business. In short, massive change is occurring.

Figure 1: Massive change is happening within enterprisesSource: 451 Research’s Voice of the Enterprise: Digital Pulse, Workloads & Key Projects 2020; 451 Research’s Voice of the

Enterprise: Digital Pulse, Budgets & Outlook 2020

Ongoing transformation is the way to move forward in the new digital economy. And these ever-expanding and increasingly complex ecosystems must be protected. If it seems like the current rate of change is blistering now, consider this: it is likely the slowest pace we will experience in our lifetime.

At the same time, cybercrime is being conducted at scale, leveraging some of the same automation, orchestration and machine learning technologies that organizations are adopting. And threat actors constantly change tactics and techniques, making it increasingly difficult to distinguish between the noise and serious threat indicators – especially complex, distributed ‘low and slow’ attacks designed to avoid detection.

The impact of an ever-evolving IT ecosystem combined with an ever-evolving threat landscape can be overwhelming to even the largest, most well-funded security teams, including those at traditional MSSPs. Unfortunately, a web of disparate and siloed security tools, a growing expertise gap and an overwhelming volume of security events and alerts continue to plague internal and service provider security teams of every size. The consequences of these challenges are vast, preventing security teams from gaining visibility, scaling effectively, responding rapidly and adapting quickly. Today’s threat and business landscape demands new approaches and new technologies.

97% of organizations are either underway with or expecting digital transformation progress in the next 24 months

allocate more than half of their IT budget to projects that grow and transform the business

61%have formally adopted a hybrid IT strategy that leverages both on-premises systems and off-premises cloud and hosted resources

41%



The Key to Transforming CybersecurityIt is clear that traditional security practices, strategies and technologies are no match for the sophisticated threats and complex hybrid IT ecosystems of today. To thrive and succeed, internal security teams must transform, reinvent how they work, and leverage technologies and capabilities geared for this new era. This means modernizing security operations to deliver scale, agility, visibility, and speed empowered by AI, automation, intelligence and big-data analytics.

The ideal solution is not to integrate yet another tool but to consider a single security platform that can scale and adapt to the business’s expanding digital footprint, evolve with the growing threat landscape, and be a force multiplier, creating an integrated environment that operates as a single solution. Unfortunately, a with much of the terminology used in the cybersecurity market, the phrase ‘security platform’ can be as ambiguous and confusing as the term ‘cloud.’

Security platforms optimize the efficiency and effectiveness of security operations. They hide complexity and provide a single console to work from by bringing together data, tools, processes, workflows and policies into a unified experience. Such platforms can help security teams quickly make informed, risk-based and prioritized decisions.

Many tools tout these promises on a smaller scale, focusing on a single threat vector or a closed system, but security teams should consider security platforms that are built for a digital business and a hybrid and diverse IT ecosystem. Such platforms typically have distinct capabilities and characteristics that are beyond the scope and abilities of stand-alone or general-purpose offerings, traditional MSSPs and internal security teams.

Cloud-Native

It is vital for security tools and capabilities to be agile, scalable, automated and resilient. This calls for security platforms to have a cloud-native architecture designed from the ground up to take advantage of trademark cloud computing environments. A cloud-native architecture enables security platforms to leverage API-driven provisioning, auto-scaling, auto-management and efficiency gains that are unobtainable in a traditional on-premises model.

More importantly, cloud-native technologies enable security platforms to fully leverage the cloud by enabling the platform to scale and evolve rapidly. This flexibility empowers the frequent and rapid release of new and expanded capabilities, greater efficiency and faster innovation, resulting in a reliable and resilient platform.

A cloud-native security platform has the scale and speed necessary to digest and correlate large amounts of data from multiple, disparate signals spanning the organization’s entire digital footprint. Delivering near-real-time threat detection, these platforms enable security teams to quickly visualize the kill chain of an active or potential attack, identify critical gaps, rapidly respond to and remediate threats, and make informed security decisions in a timely manner.



Purpose-Built and Outcome-Focused

For organizations trying to leverage existing investments, a security platform that supports the broadest range of security technologies seems like the logical choice. However, achieving cohesion, telemetry and efficacy across a patchwork of legacy and disparate security tools can be difficult. Purpose-built platforms are specifically designed to detect, investigate and respond to threats across the entire IT ecosystem.

With core capabilities and threat detectors centered on native services and select partnerships, security platforms deliver deep bidirectional integration, enable simplified and expedient deployment and configuration, interpret and analyze data in near-real-time, provide situational awareness, and remove the overhead in maintaining countless third-party integrations. These attributes enable organizations to improve the operational efficiency of their security teams, increase agility and accelerate incident response.

Extensible

Extensible security platforms create an open and flexible environment that spans an organization’s entire IT ecosystem. Characterized by the capacity to append additional data sources, elements and features to their existing structure, modern extensible security platforms are designed to grow and evolve organically to address the ever-changing cybersecurity landscape and the needs of organizations. Extensibility enables organizations to embrace and secure evolving digital transformation initiatives and emerging technologies because, from a security perspective, it no longer matters whether data and workloads are on-site, in the cloud or distributed across multiple clouds.

Developed and Optimized for Cloud-Native Architectures

Many security tools were developed for traditional, on-premises environments. To protect cloud workloads, those same tools have been stretched beyond their original intent. While these approaches provide some basic security, they lack the ability to provide holistic visibility, prevention, detection, governance and compliance for a cloud-native technology stack. Cloud-native technology adoption is already well entrenched in many organizations, and the pace will accelerate in the next 12-24 months, according to recent 451 Research survey data. Comprehensive cloud-native security demands purpose-built platforms to secure cloud infrastructure and support security for greenfield cloud-native applications being deployed across multiple serverless environments.



Figure 2: Cloud-native technology adoptionSource: 451 Research’s Voice of the Enterprise: DevOps, 1H 2020

Automation and Orchestration

One of the main characteristics of effective security operations is the ability to perform at high velocity and with maximum efficiency. This is becoming increasingly difficult to achieve and maintain considering the ever-expanding and complex IT ecosystem, staffing shortages, the evolving threat landscape and the growing number of disconnected point security products.

Security platforms enable automation and orchestration capabilities across the entire security stack. This helps security teams streamline and optimize security operations and improve productivity. Automation and orchestration can enable higher utilization of assets, increase the ROI of security technologies and tools, and address interoperability challenges created by isolated, multi-vendor point products. They can also help improve response times, reduce risk exposure, diminish the burden of repetitive tasks, and help security teams ensure consistency across the security program.

The automation and orchestration capabilities of modern security platforms can optimize the entire scope of security operations: monitoring, management, deployment, access, detection, analysis, data enrichment, correlation and response. Providing end-to-end automation capabilities that span tools, processes and workflows, security platforms help alleviate the time needed to conduct mundane, repeatable tasks so more time can be focused on strategic and value-add initiatives.

22%

15%

16%

16%

33%

27%

24%

20%

18%

14%

17%

18%

12%

14%

13%

11%

4%

5%

8%

8%

6%

8%

7%

13%

6%

18%

14%

13%

<1%

<1%

1%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Containers

Kubernetes

Serverless

Service Mesh

Full adoption across 100% of IT organization Some adoption at team level, but not by all applicable IT teamsIn discovery/proof of concept Plan to trial in next 12 monthsPlan to trial in next 24 months Considering but no current plan to implementNot in use/not in plan Other



Artificial Intelligence and Machine Learning

AI and ML are ideal complements to automation and orchestration, and they are becoming vital components of security operations. AI-driven security operations can enable security teams to meet the increasing demands of a hyperscale, hyperspeed and hyperconnected digital business while machine learning can improve the effectiveness of security operations over time.

Although it seems nearly every cybersecurity vendor is using AI in its products and services to some degree, the potential of AI and ML can be maximized in modern security platforms, which leverage AI and ML to help security teams solve some of their most prevalent challenges. These include expertise shortages, alert fatigue, fraud detection, behavioral analysis, risk scoring, correlating threat intelligence, detecting advanced persistent threats, and finding patterns in increasing volumes of data.

AI and ML enable security platforms to process more data, correlate more threads of intelligence, perform deeper analysis, and enable incident response at speeds that are beyond the capability of any human-powered security team or traditional security services provider.

Data Analytics

Insights from data analytics can be a powerful weapon against cybersecurity threats. Data analytics is the process of evaluating large datasets to uncover hidden patterns and intricate correlations through statistical and data models for rapid analysis. Robust analytical capabilities can greatly improve an organization’s cybersecurity posture and advance security operations.

However, conducting data analytics within the realm of cybersecurity can be difficult. The growing and large number of attack vectors, the increasing volume of structured and unstructured data to decipher, and the processing power and data models needed to analyze billions of records in seconds can quickly overwhelm most security teams and MSSPs.

Modern security platforms simplify data analytics by delivering capabilities that empower threat detection, response and mitigation activities; deliver risk-management insights; and help organizations stay ahead of potential threats. Backed by AI and ML, security platforms provide organizations with the insights needed to improve the efficiency and effectiveness of security operations.

Intelligence

Security platforms deliver actionable intelligence that enables security teams to make rapid, informed and prioritized decisions. Threat intelligence is an integral component of a modern security platform. Threat intelligence supplies continuously updated and insightful information about existing and emerging threats that may target organizations. It encompasses a wide range of data points, including information about threat actors, indicators of compromise, attack patterns, attacker motivations and capabilities, signatures, CVEs, tactics, and vulnerabilities. Threat intelligence enables security teams to quickly determine the ‘who, what, where, why and how’ of a security incident.



While threat intelligence is vital for security operations, what enables security teams to make effective decisions regarding security operations is the aggregation and correlation of data from all the organization’s security tools, technologies and services. Modern security platforms combine multiple forms of intelligence to help security teams minimize or eliminate misconfigurations, blind spots and operational oversights. They also provide the insight and intelligence necessary to answer essential questions such as: Do we need all of our existing security infrastructure? Which tools have overlapping security capabilities? Where can we reduce cost and complexity? Which tools are no longer effective? What and where are our security control gaps?

Machine/Human Collaboration

Machine intelligence, one of the latest additions to security platforms, is being used to identify trends and anomalies at speeds that are impossible for humans. However, it is only when machine intelligence is paired with human expertise that profound advancements are being realized. The orchestration of human expertise and machine intelligence brings together the human abilities of abstract thinking, intuitive correlation and comprehensive assessment with the power of pattern recognition, logic and tireless processing speed that machine intelligence can provide. By combining domain expertise with new algorithmic approaches, security platforms can enable organizations to drive maximum value from their assets, tools, people and knowledge.

Multi-Vector Threat detection, Hunting and Response

Threat detection capabilities can vary substantially between security platforms. Detection capabilities typically encompass a combination of signatures, machine learning, behavior-based detection, anomaly-based detection and custom rule sets. Many security platforms focus their services on a specific set of threat detection capabilities; however, as attacks continue to grow in sophistication, organizations are increasingly looking for providers that can deliver threat detection across multiple vectors, including networks, endpoints, logs, users and clouds.



Figure 3: Organizations need threat protection across multiple vectorsSource: 451 Research

NETWORK Network traffic analysis (analyzing both external and internal network traffic) and packet capture analysis are critical for full visibility and real-time detection of zero-day, rogue, insider, and slow, persistent attacks and threats.

ENDPOINT Endpoints are prime targets for attackers. Focused on detecting malicious activities and behaviors on the endpoint, endpoint detection can respond to threats with evasive measures and provide real-time visibility, investigative insights and threat-hunting capabilities.

LOG SOURCES Data from log sources, including network and security devices, firewalls, intrusion detection and prevention systems, DNS servers, directory services, database systems and event management systems (SIEMs) enable security platforms to identify malicious and suspicious behavior.

APPLICATIONS Organizations often overlook the attack surface that applications present (e.g., web applications, databases, intranet applications, proprietary applications). As application stacks become increasingly dispersed across multiple compute environments, risk increases exponentially. Identifying unique threats targeting applications is critical to prevent code tampering and other malicious activities.

USER BEHAVIOR User behavior analytics (UBA) enables detection of suspicious activity and anomalies in the context of what is considered typical for a specific user. Behavior outliers may indicate compromised accounts, insider threats or privilege abuse. UBA can detect stealth attacker activities that have not yet been mapped to threat intelligence.

CLOUD Detecting threats across a dynamic and disparate ecosystem of public clouds – including IaaS, PaaS and SaaS – is vastly different and more complex than in traditional, on-premises environments. Continuous and comprehensive visibility combined with enriched and correlated data across the entire cloud infrastructure provides actionable information for threat detection.

Actionable Insights and Meaningful Metrics

While most security platforms deliver a variety of dashboards, metrics and reports, enterprise security teams should look for platforms that can convey the value and progress of security efforts to the executive team and board. Tying security metrics to business outcomes is becoming increasingly important when reporting to the C-Suite. Security platforms with strong analytical capabilities can help security teams outline how emerging threats affect each aspect of the business and how threat detection and incident response efforts are impacting the bottom line so they’re better prepared to answer pointed questions from increasingly security-conscious executive teams.

Security teams are faced with questions at every turn with little time to investigate and answer confidently. Security platforms should provide actionable insights that include context and relevance, empowering security teams to make quick and knowledgeable decisions. While most security tools can describe the ‘what’ (e.g., a typical alert or event), few give insights into the ‘why’ – why the event is occurring and the steps necessary to remedy the situation.

Meaningful and insightful metrics can also help security teams gauge the effectiveness of their efforts, make intelligent decisions regarding staffing, provide guidance for prioritizing investments, identify compliance gaps, and help with strategic planning and prioritization.



Scalable and Adaptable

The multitude of quickly shifting and variable inputs, outputs and interconnections makes it nearly impossible for security strategies to accurately account for future needs and demands. The coronavirus pandemic demonstrates just how quickly, and unexpectedly, organizational priorities, processes and schematics can change.

The capabilities of security platforms must easily scale to keep pace with volatility and modernization. Security platforms must be extensible, accommodating changes and new paradigms through flexible architecture, design and systems. Finally, security platforms must be adaptable, accommodating changing conditions without impacting security operations and without impeding the speed of the business.

Modern, cloud-native security platforms should easily and seamlessly scale capacity and extend capabilities to meet fluctuations in demand and environmental conditions. They should be able to quickly adapt to changing regulatory and compliance demands, accommodate new computing and technology paradigms, and stay ahead of the evolving threat landscape.

Integrated Ecosystem/APIs

Over the course of many years, organizations have knit together security stacks with dozens, if not hundreds, of disparate, siloed security tools aimed at protecting specific elements of the IT ecosystem. However, with little to no integration between these tools, security teams are hampered by data silos, resulting in limited visibility, high complexity and significant management overhead.

Modern security platforms provide bidirectional integration to support both data gathering and actions such as tool management and initiating response to security events. This level of integration improves operational efficiency, increases agility, improves visibility and accelerates incident response.

Security platforms ingest data from a wide variety of sources such as security devices, applications, databases, cloud systems, SaaS platforms, IoT devices, network traffic and endpoints. By gathering, correlating and analyzing data from all available sources, security platforms provide a complete picture of the organization’s environment and security posture for effective decision-making.

Most security teams look for platforms that deliver a large catalog of pre-built, managed integrations ready for deployment, saving time and effort. Still, flexibility is just as important. Open, standards-based, and well-documented APIs enable security teams to build custom integrations to proprietary or specialized systems, extending automation, policies, processes and visibility across the entire security stack, empowering agile responses to unique business-driven requirements.



Visibility

One of today’s most important aspects of security operations is visibility. Unfortunately, as IT ecosystems become increasingly complex, MSSPs and internal security teams alike are struggling to gain visibility across the infrastructure they are tasked to protect. And without visibility into every asset, service and network – including those in the cloud and in employees’ home offices – it is not possible to discover vulnerabilities, detect malicious activity, respond to incidents or provide effective protection. Yet, according to a recent 451 Research survey, 40% of enterprises collect data from less than half of their log-producing systems, and only 30% collect data from more than 75% of their log-producing systems.

Figure 4: Organizations are missing out on security insights from data that never gets collectedSource: 451 Research’s Voice of the Enterprise: Information Security, Vendor Evaluations 2019

Visibility is hampered by the sprawl of siloed and disparate tools deployed to protect organizations. A lack of integration, overlapping functionality and misconfiguration often impair visibility and lead to gaps in coverage while at the same time inflating costs and creating unnecessary complexity. It’s not easy to achieve real-time, high-definition visibility. The vast and growing array of devices, containers, applications, data, networks and services is a significant hurdle. And the dynamic, rapidly changing nature of a hybrid, multicloud IT ecosystem where systems are created, moved and destroyed exponentially compounds the visibility challenge.

Modern security platforms are positioned to deliver real-time, high-definition visibility with an unobstructed view of the entire IT ecosystem, providing insights into the company’s assets, attack surfaces, risks and potential threats. Unified visibility provides a single source of truth and gives insights into the overall effectiveness of the security infrastructure. It also drives the ability to intelligently orient defenses and policies and develop proactive measures. The bottom line is that visibility delivers the insights to understand what to protect, how to protect it and what to protect it from.

of organizations collect data from less than half of their

log-producing systems

of organizations collect data from more than 75% of their

log-producing systems

40% 30%



Speed and Agility

When it comes to hunting and containing threats, time is of the essence. Possessing real-time, high-definition visibility, strong analytical capabilities, a team with deep expertise, and a stack of the latest security tools matters little if the nimbleness of adversaries continually outpaces MSSPs or internal security teams that are tasked with limiting attacker dwell time.

Many security tools, services (MSSPs) and internal security teams talk of metrics like ‘mean time to detection’ and ‘mean time to respond’ that are cited in days or hours, but to truly gain the upper hand against adversaries, these detection and response metrics need to be measured in minutes and consistently trend even lower. While average dwell times have improved over the last few years, the time that threat actors need to exfiltrate data or wreak havoc continues to drop.

Inadequate headcount and expertise, competing priorities, outdated processes, legacy technologies and an overwhelming volume of alerts are just a few of the many factors impacting an organization’s ability to outmaneuver threat actors. Security platforms help organizations move more quickly by bringing together visibility, centralized control, automation and orchestration, AI/ML, intelligence, and analytics. Extending these capabilities across the entire IT ecosystem is a force multiplier that enables organizations to execute faster and minimize the window of time within which adversaries can operate.



Platform Plus ServicesModern security platforms help security teams deliver security at the speed of the digital world. However, only 43% of organizations reported having a security operations center (SOC) in place, and of those, 25% said they only operate their SOC during business hours. Without a fully staffed 24/7 SOC in place, security teams will not realize the full potential a security platform can deliver.

Figure 5: SOCs are far from ubiquitous within organizationsSource: 451 Research’s Voice of the Enterprise: Information Security, Organizational Dynamics 2019

Organizations that leverage a modern security platform combined with services are discovering they can focus on their core mission and transform security into a business enabler for the entire organization. For large, mature security teams, this approach augments and extends existing operational capabilities with domain-specific expertise and skills across multiple disciplines including threat hunting, data analysis, AI/ML, automation and incident response. A collaborative approach allows security teams to offload mundane, daily tasks and focus on improving the organization’s overall security posture.

For lean security teams or IT teams responsible for securing their organization, a ‘platform plus services’ approach can deliver even larger benefits. Providing key expertise, capabilities and 24/7 coverage on top of a cloud-native, modern platform enables organizations to protect workloads, users, data and applications across a hybrid ecosystem from malicious attacks regardless of the size of their security team or maturity of their security operations.

Security Operations Center (SOC) in place

Hours of operation

Yes

43%No

57%

Only during business hours

25%

Other

1%

24/7/365

74%



Conclusion Modern security platforms stand in stark contrast to the legacy approaches, services and tools of ages past, and they are more revolutionary than the SIEM+SOAR approach. Cloud-native security platforms optimize the efficiency and effectiveness of security operations by hiding complexity and bringing together disparate data, tools, processes, workflows and policies into a unified experience. They can provide security teams greater visibility and insights so they can detect threats and quickly make informed, risk-based, prioritized decisions. Modern platforms also enable security teams to quickly and seamlessly adapt to new risks, workloads, technologies and other paradigms.

Infused with automation and orchestration, artificial intelligence and machine learning, big data analytics, multi-vector threat detection, threat intelligence, and machine and human collaboration, security platforms can provide the vehicle for scalable, adaptable and agile threat detection, hunting, and response. And when combined with managed detection and response services, organizations are able to quickly bridge expertise and resource gaps and attain a more comprehensive and impactful approach to cybersecurity.

Modern security platforms can offer advantages to organizations of all sizes, and they can be key to revolutionizing cybersecurity operations and protecting a distributed, hybrid and evolving ecosystem against aggressive and sophisticated threats. The capabilities and characteristics outlined in this paper provide a baseline for security teams seeking to build or buy a security platform or partner with an MDR provider. Organizations can use this paper as a guide to assess their own capabilities as well as those of MSSPs and other security platforms.

About 451 Research451 Research is a leading information technology research and advisory com-pany focusing on technology innovation and market disruption. More than 100 analysts and consultants provide essential insight to more than 1,000 cli-ent organizations globally through a combination of syndicated research and data, advisory and go-to-market services, and live events. Founded in 2000, 451 Research is a part of S&P Global Market Intelligence.

© 2020 451 Research, LLC and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication, in whole or in part, in any form without prior written permission is forbidden. The terms of use regarding distribution, both internally and externally, shall be governed by the terms laid out in your Service Agreement with 451 Research and/or its Affiliates. The information contained herein has been obtained from sources believed to be reliable. 451 Research disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although 451 Research may discuss legal issues related to the information technology business, 451 Research does not pro-vide legal advice or services and their research should not be construed or used as such.

451 Research shall have no liability for errors, omissions or inadequacies in the informa-tion contained herein or for interpretations thereof. The reader assumes sole respon-sibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice.

N E W YO R K

55 Water StreetNew York, NY 10041 +1 212 505 3030

S A N F R A N C I S C O

One California Street, 31st FloorSan Francisco, CA 94111+1 212 505 3030

LO N D O N

20 Canada SquareCanary WharfLondon E14 5LH, UK +44 (0) 203 929 5700

B O S TO N

75-101 Federal Street Boston, MA 02110 +1 617 598 7200

Cloud-Native Security Platforms€¦ · allocating more than 50% of their IT budgets to projects...

Documents

Transcript of Cloud-Native Security Platforms€¦ · allocating more than 50% of their IT budgets to projects...