Recently
Palo Alto Networks
released its latest quarterly financial results and revealed lower guidance for billings and revenue due to the revamped investment and growth strategy. The lower guidance was due to the "platformization" of customers by offering the SIEM/EDR product for free so customers could see the value of switching from their current vendor to
Palo Alto Networks
This has sparked off an intense debate of best of breed vs "platform, " a long-standing debate in the cyber industry. Purists believe that cyber is a best-of-breed industry and platforms cannot provide the same quality (in terms of coverage). Even if they did, buyers should buy from multiple vendors to derisk hackers finding vulnerabilities in one platform (similar to recent Microsoft hacks). Also, platform vendors tend to be large and are not always as nimble as smaller best-of-breed vendors
I think the debate is misguided as most are confusing the concept of "platformization" from a pure "platform" or "consolidation"
Let's go over these concepts:
Platform: A platform is a group of technologies used as a base upon which other applications, processes, or technologies are developed.
- A true platform enables other healthy businesses to be built on top. Good examples are Microsoft, VMware, Oracle, SAP, cloud providers such as AWS, and GCP, and even horizontal SaaS companies such as Salesforce/WorkDay that have enabled other applications to be developed on their platforms. Normally you see the platform build a few valuable apps but also enable/support other app providers.
- In cyber security, the closest to a platform is SIEM, which gathers all the data/events and enables apps such as UEBA, SOAR, IR, and Compliance to be built on top of it Unfortunately with Splunk buying UEBA, SOAR products killed the independent vendor market, so SIEM has not been a true platform as others. Endpoint Security (EDR), Network, or Identity security are not true platforms. These are products or a suite of products as discussed below
Consolidation/Suites: Consolidation/Suites is a company building or acquiring multiple products/features.
- EDR platforms are suites combining AV, run time detection and incident response.
- CNAPP (cloud security) is a suite offering CSPM, CIEM, CWPP, and DSPM in one product.
- SASE is a suite offering web gateway, URL filtering, firewalling, zero trust, etc. These products could be "well integrated" so they talk to each other.
Platformization: Platformization is a hybrid of "Platform and Consolidation/suites".
- Platform because both
CrowdStrike
and
Palo Alto Networks
have the SIEM/XDR which is the only legit platform in cybersecurityIt is not clear if these two vendors would dedicate as much effort proactively as Splunk
did to support every single data source/vendor.
- They might not be true platforms because 3rd party apps (best-of-breed solutions) could be supported in the short term but "swappable" medium term (through internal build or buy). As mentioned above even
Splunk
has not worked out as a true platform.
- The ambition is to be the one-stop vendor for all your security needs and grab as much wallet share as possibleThe differentiation here is the "platform" type data platform that integrates with other products and provides the most efficient/effective holistic solution for customers
"4) Platformization" Is there a reason for you to choose SIEM/XDR only for platformization? I have been using the term Platform for Platform builders. While you build first party products on it e.g. FW, IAM, CDN, WebOps, ImageOpts, API gateway, Observability, DevOps Tooling.. etc. and open up the public interfaces that 3rd party could deliver the better version of similar products faster than you, and eventually your platform becomes the best platform for delivering the product that you created as first party first. (Cloud) Platform approach, treat everything as a workload and optimize your platform for those workloads, be it Security or Data, or ML/training, etc. There are a couple of examples of companies outside the list above.
Executive Vice President, Product Management and Marketing at SonicWall
8 个月Pramod only a matter of time before we see a "magic quadrants" for "platformization"!
Cybersecurity Leader | Security CTO & Product Leader | Innovator & Strategist | Intrapreneur | M&A Advisory
8 个月Pramod Gosavi the only problem I see with Platformization is fear of vendor lock-in vs. best of breed. What if you integrate with 3rd party in PANW’s platformization definition? The benefits of unification for AI use cases outweighs the lack of best of breed. This is a shift to a better together approach overall with more data for AI analysis. Contextual information can come only with that unification or platformization.
Great job simplifying complex & confusing concepts! Strategically, I believe we're witnessing the emergence of a fourth narrative centered around an 'Open' Platform approach. While consolidating security/network/observability functions into one platform, as seen with SASE and CSMA, remains a strong strategy, there's a growing emphasis on openness. Take SASE, for instance: companies have robust internal platforms housing common functions (such as Proxy, SSL MITM, User Auth/identification, Device context, Threat intelligence gathering https://www.aryaka.com/blog/evolution-of-sase-architecture/) across SWG, ZTNA, CASB, NGFW, and more, enabling rapid development of both 'first' and 'second party security functions'. Now, there's a shift towards embracing an "Open SASE Platform" mindset, empowering third parties—be they vendors or enterprises—to deploy custom security functions seamlessly, whether as WASM modules, ICAP based Micro services, Lua scripts, or others. Picture a landscape where innovation flourishes, fueled by inclusivity and collaboration, while simultaneously consolidating known and universal security functions as part of the platform!
Experienced product leader in cybersecurity
8 个月100% agree with this take. As a former Solaris guy (now *that*, was a true platform), I think that 'platform' is a bit overused. But rather than get lost in the pure definition of that word, I am charitable to companies that use a common 'base' to offer their suite of products and refer to that 'base' as a platform. Maybe a more business definition is warranted for Platforms. About 4-5 years ago I mentioned to someone that "You can call it a platform if at least 30% of the revenue from that platform is being monetized by 3rd parties"