One of the major themes from last week’s RSA Security conference was the rise of converged network and security platforms as organizations look to consolidate the number of vendors they have and leverage the ubiquity of the network.
During my interview on theCUBE from RSA, I mentioned how chief information security officers are starting to understand that perceived best-of-breed does not lead to best-in-class threat protection. In fact, most security professionals I talk to discuss the difficulty of maintaining policies across dozens of security vendors. This has finally led to organizations wanting to rationalize down to a few platforms.
That said, I think it’s important to define what a platform is and is not. Within the context of security, a platform has multiple products tied together with common telemetry.
That latter point enables vendors to accomplish two things. The first is to configure or change a policy once and push it out across the environment. The second is that it enables faster threat detection and response as the platform can see more security events and identify where the breach occurred, enabling faster response. Regarding product capabilities, for security and network convergence, I believe the vendor needs to have a minimum of cloud, network and endpoint security to be a viable platform, as that gives the end-to-end view of the threat landscape.
Given the definition, here is how I rank the security platform companies, which are listed alphabetically inside each tier, since I have not ranked them inside their tier:
Because FortiGate is so widely deployed, the company is best known as a firewall vendor. What many don’t know is that it offers an incredibly broad portfolio that spans everything from Wi-Fi to endpoint security to zero trust and a software-defined wide-area network solution that seemingly came out of nowhere. Fortinet’s “secret sauce” is its homegrown silicon, which gives the company a consistent set of features with the industry’s best price/performance. More importantly, the silicon provides the standard telemetry for rapid threat identification and resolution. The downside of this approach is that it can make acquisitions difficult, since the capabilities of the purchased company need to be ported to the silicon. This can prevent the company from being first to market, but that has never been Fortinet’s game.
The biggest security by revenue is also best known as a firewall vendor. The company has done a great job of assembling a broad product line through acquisition, complemented by organic development. Of all the security vendors, Palo Alto has been the loudest when articulating the value of platforms. For a while, it was fair to say that its marketing was well ahead of the product capabilities. Today, its Cortex XDR SOC tool is built on its end-to-end platform and provides customers with automated detection and response.
The watch list
On paper, Cisco should be one of the most potent security platforms, particularly now as networking, Cisco’s area of dominance, is coming together with security. The company has a number of excellent security products as well, including Kenna, Talos, Duo, Umbrella and AnyConnect, the most widely deployed endpoint client. This gives Cisco tremendous potential, but it remains just potential until Cisco can tie those products together. In reality, Cisco Security has never been what it could be. However, I do think the tide is changing. Over the past month, I’ve met with Cisco Security leadership on a number of occasions, and they are laser-focused on bringing the security capabilities together and creating a much better experience for its customers. However, I do think the tide is changing. At RSA, the company launched its XDR solution and now has a unified policy engine across all its form factors of firewalls. The company is well aware that security presents the most significant “needle-moving” opportunity for growth. I believe this will be the top focus area for innovation for Cisco in for the foreseeable future.
Microsoft is approaching security like it does other markets – with bundles. The E5 license is loaded with many “good enough” products except Defender, which is best in class when running on Windows. What holds Microsoft back is that it doesn’t do cross-platform very well. For example, the previously mentioned Defender has much more instrumentation on Windows than on Macs. Also, maintaining Microsoft security is highly complex and requires a number of consoles which require manual correlation across them.
This might be the most interesting security company today. The company came out of nowhere and has been the most vocal evangelist for shifting security to the cloud. Technically the company wouldn’t fall into the converged network and security platform category as it doesn’t do network security – at least not the traditional way. Instead, Zscaler has taken a fundamentally different approach with the network by going directly to the internet and Zscaler cloud to eliminate the potential for lateral threats. Initially, I was skeptical of this approach, but I’ve talked to enough of its customers to know this model does work, and the company should close the year at more than $1.5 billion in revenue, so I’ve included it on my watch list.
Could sneak up on people
The high-performance network vendor has maintained its mission of building products built on a single operating system with common telemetry across its portfolio. Initially, the data was held individually on each switch, but when it rolled out its CloudVision management portal, it introduced a data lake that aggregated the information. In 2020, it acquired Awake Security, which brought it network detection and response, and since then, it has quietly been rolling out more security capabilities. Given the size of the security market, I expect Arista to continue to build more security capabilities with an eye toward eventually being a platform. The company never bites off more than it can chew, but when it targets a market, it typically has success.
CrowdStrike is arguably the leading endpoint protection company, with a growing cloud security presence. Its lack of network security would exclude it from being a converged platform by my above definition. However, its large installed base and nearly $30B market cap make it a
formidable security company with the resources to acquire or build capabilities. Most of the vendors in this list have historical strength in networking, but CrowdStrike could take the opposite approach.
Security has been a core offering for Juniper since it acquired Netscreen in 2004. However, it spent many years integrating ScreenOS with Juniper’s operating system, Junos and the security business have lost momentum since then. Since the arrival of Chief Executive Rami Rahim and the acquisition of Mist, the company has doubled down on enterprise. It has an opportunity to couple the advanced AI capabilities from Mist with security. This could act as a strong differentiator for Juniper.
The virtualization leader has built a strong network portfolio but currently has limited security capabilities, although it has chosen to partner with many security companies. At a recent Cloud Analyst Day, I asked VMware leadership about their security aspirations, and they currently do not want to compete with the mainstream security platform vendors. Instead, the company is choosing to adopt a “better together” strategy where its technology is used to secure VMware deployments.
The Google security story is similar to how it approaches everything in that it’s a little bit Amazon Web Services and a little bit Microsoft but, in reality, just confusing. Microsoft has laid the gauntlet down and wants to be a platform. Conversely, AWS has provided a platform for security vendors to run on and would instead partner with them. When Google acquired Mandiant, I thought the company was heading down the platform path, but it has chosen to be part platform and part enabler, which in reality means it’s neither.