Security manufacturers increasingly refer to their solutions as a platform, with the vague implication that this gives their technology a distinct advantage. The challenge, of course, is that the term platform is rather ambiguous. It simply refers to the environment in which a piece of software is executed. It can refer to the hardware it is installed on, the operating system (OS) that runs it, or even a web browser loaded with specific APIs to execute the program code. As a result, the term often isn’t really all that useful when you are shopping for a security solution.
However, a carefully crafted platform can provide distinct advantages for deploying, managing, and running security solutions. So, like other terms that are often overused by marketing teams – such as “cloud-ready” or even “artificial intelligence” – we need to get specific about what we mean by the term platform if it is to be of any value. The trick is to establish a uniform definition against which you can judge the merits of any solution claiming to be a platform.
So, what can we agree to as the functional requirements of a security platform? We can boil this discussion down to three specific requirements. A platform needs to be broad, integrated, and automated. Let’s look at each of these:
A platform needs to be broad
First, a platform needs to be able to run a number of different security tools simultaneously. The NGFW is a classic case, as most include such things as firewall, IDS/IPS, web filtering, and sandboxing capabilities bundled into a single framework. But that alone doesn’t make it a platform.
A security platform also needs to be able to run on as many environments as possible. Physical network perimeters have different requirements than data centers and branch offices. Internal virtual networks, like NFV and private cloud, have their own unique requirements. Many organizations, for example, run more than one hypervisor and they shouldn’t have to deploy a different security platform for each one. Each needs its own security platform.
The public multi-cloud complicates things further. Every major cloud provider has its own unique requirements that a platform needs to support. Cloud-native functionality allows a platform to take full advantage of an environment’s unique strengths and leverage the APIs made available to make security solutions faster and more effective.
But operating in and across different platforms is only part of the challenge. These solutions also need to operate at the digital speeds each environment requires. In today’s digital marketplace, the delivery of data, workflows, applications, and transactions cannot afford to be slowed down by security tools that just can’t keep up. Which means that the idea of broad needs to also encompass depth as well as breadth, running at the speed of business in any environment.
A platform needs to be integrated
Just as important as ubiquitous deployment and the support for hyperscale and hyper performance, is the need for the various tools deployed on a security platform to function as a single, integrated solution. For example, they can’t require separate management, configuration, orchestration, or analysis consoles. By integrating these devices into a common operating system, they can see each other, share and correlate threat intelligence, and participate in any coordinated threat response.
Likewise, all management, configuration, and orchestration needs to be integrated into a single-pane-of-glass console. This not only allows for a single source of truth to support visibility and control, it also helps ensure that all configurations are compatible and that there are no gaps in terms of meeting compliance obligations. It also ensures that external feeds that provide actionable threat intelligence are distributed consistently across all security solutions.
Of course, integration shouldn’t be limited to the handful of security tools provided natively on the platform. The platform also needs to provide APIs that allow third-party solutions to build integrations between the platform fabric and their products, connect to orchestration systems to support dynamic topology changes and workflows, and even develop complimentary solutions for a stronger end-to-end security solution .
Finally, integration needs to extend between every platform deployment. A true security platform not only needs to deploy and enforce security policies consistently regardless of where the platform is located, but also coordinate activities, correlate data, and ensure consistent enforcement between platforms. This integrated network of platforms establishes a unified security fabric that can span and adapt to the entire distributed network.
A platform needs to be automated
The third essential pillar of any platform is that it needs to function at the speeds that human operators simply cannot. Transactions and threats happen at blazing speeds and require a security platform that can not only process threat intelligence gathered from across the distributed security fabric but also automatically pull the trigger on an orchestrated response in order to stop a threat in its tracks.
By augmenting traditional automated security scripts with machine learning, security platforms can enhance their ability to detect and respond to threats, while centralized orchestration tools ensure that all systems are armed with the latest intelligence. Adding Artificial Intelligence will enhance automation further by enabling platforms to perform those functions traditionally reserved for security analysts. But they will be able to process more data, correlate more threads of intelligence, and perform deeper analysis at faster speeds than any team of human analysts.
Platforms also need to support automated workflows to ensure that things like network segment access and transactions between resources are automatically secured. For example, a laptop with a virus should communicate with an access point and the security platform to prevent it from joining the network, and an automated workflow should then automatically redirect it to a quarantined environment. A unified platform enables automated workflows between devices that overcomes the challenge of interoperability created by isolated, multi-vendor deployments.
And by driving the platform deeper into the network to perform such tasks as zero-trust network access, dynamic network segmentation, and automated workflows, the security platform will be able to monitor network behaviours and automatically adapt and scale as they evolve to prevent security from continually functioning in reaction mode.
A common set of platform requirements will simplify evaluation, save money, and shorten time to deploy. These three pillars – broad, integrated, and automated – should be a baseline against which any product claiming to be a platform should be assessed. By establishing a common set of requirements of what a platform needs to be able to do, organizations will have a much better foundation from which to evaluate solutions from different vendors, as well as determine how those solutions can secure their distributed networks and ongoing digital innovation efforts.