Almost every security vendor today provides a platform. What does it entail? What benefits does this move toward “platformization” have for customers? And what impact does this have on one’s business operations and existing tools? Techzine asked experts within the IT industry.
We received responses from twelve security companies: Barracuda Networks, Check Point Software, Cisco, Darktrace, Dynatrace, Fortinet, Okta, Palo Alto Networks, ReliaQuest, SentinelOne, Trend Micro and Zscaler.
The term “security platform” is not self-explanatory. Let’s start with a definition. Stefan van der Wal, Consultant Solutions Architect at Barracuda Networks, helps us further: “A security platform is a set of systems that integrates various tools, technologies, and processes to protect an organization’s digital assets, infrastructure, and users from threats. It reinforces all individual components as a platform, enabling broader risk mitigation.”
Peter Sandkuijl, VP of Engineering EMEA at Check Point Software, presents a similar picture of the security platform in the year 2024: “Platformization can be defined as the transition from a product-based approach to a platform-based approach in cyber security. It refers to the shift from using multiple security solutions in silos to a unified, integrated platform that provides comprehensive, collaborative, and consolidated cyber security. This model matches organizations’ needs regarding a cybersecurity solution that can provide the most comprehensive protection, with consolidated operation and easy collaboration between different security controls in a plug-and-play model.”
Approach or product?
But is that definition so certain? Is a security platform a software product or primarily an approach, or both? Pieter Molen, Technical Director Benelux at Trend Micro, provides a requirement: “There is a platform if there is one central place or environment that provides a complete picture of the digital attack surface, current risks, and security incidents. In addition, it is important that from this central environment, it is possible to respond immediately to security incidents and that policy changes can be made to increase the level of security continuously.”
André Noordam, AVP Solutions Engineering North at SentinelOne, offers a concrete example of what a security platform can be. “In our case, a security platform is a security datalake, which our solutions (for EDR, identity, and cloud) hook into, but at the same time open to other vendors. Through our marketplace, other security parties can also integrate with our datalake through predefined integrations from the SentinelOne marketplace. The datalake thereby acts as a single source of truth. We see the platform as the place where the best-of-breed solutions come together and can work seamlessly with each other.”
The idea of a security platform as an approach or architecture may sound vague. However, Jan Heijdra, CTO of Security at Cisco Netherlands, specifies how we can interpret a term like architecture. “A security platform according to Cisco is an integrated, unified security architecture that uses AI and cross-domain technologies. The platform combines various security tools and technologies to provide comprehensive protection against threats affecting networks, user identities, endpoints, cloud environments, and applications. A security platform is cloud-native, multi-cloud, unified, simplified, AI-driven, open and extensible, and provides full visibility and coverage across the security environment.”
Quite a few requirements, but SE Manager Netherlands at Palo Alto Networks Patrick de Jong is thinking along the same lines: “A security platform is an integrated cybersecurity solution that brings together various security systems in a scalable, unified architecture. It reduces management complexity and increases operational efficiency with comprehensive protection. A platform ensures consistent security and enables faster response to threats. With AI and centrally managed data, a security platform helps improve attack prevention and reduce mean time to respond (MTTR). Unlike separate ‘best-of-breed’ products, an integrated platform strengthens each component, making the whole more effective.”
It also helps to look at what a security platform is categorically not. “A platform does not mean an all-encompassing solution from one vendor,” said Sandkuijl of Check Point Software. “But it is a starting point, a gathering point for different solutions, so that all the necessary technologies can work well together and serve the customer’s purpose.” In short: “This often isn’t about technology.”
Incidentally, the move toward platformization is quite explainable, Sandkuijl believes. “The push toward platformization is driven by several factors: the complexity of modern threats, operational efficiency, cost reduction, and scalability and flexibility. Investing in a security platform provides better protection against modern, complex threats by integrating all security tools into one system, improving defense and operational efficiency. In addition to consolidating multiple silos into a more connected and collaborative solution, a platform provides a much higher level of automation. This can eliminate repetitive, time-consuming, and error-prone human interactions, giving specialists time to focus on what cannot be automated, usually the more complex cases.”
The customer benefit
Annabel Hazewinkel, Technical Channel Manager at Darktrace, concludes that customers are diligently looking for a security platform. “Our recent State of AI Cyber Security 2024 report shows that 87 percent of participants in the Netherlands believe that a platform-based approach to cybersecurity is more effective than a collection of individual security products in stopping threats.”
As such, Hazewinkel argues that its benefits are significant. “First, security processes can be more efficient: automated threat detection and response allows security teams to focus on strategic tasks rather than routine investigations. Second, a security platform provides faster response times: a platform can identify and address threats faster, significantly reducing the time to containment. Finally, a platform offers complete visibility, as it provides a holistic view of the organization’s security status, allowing security gaps to be closed.”
“A security platform provides an organization with more context and a complete 360-degree view of the environment, allowing the security team to work more effectively and efficiently,” says Cisco’s Jan Heijdra. “This frees up more time for the team to focus on other important tasks.” He identifies four specific benefits: he says it breaks down silos between different IT disciplines, reduces total cost of ownership (TCO) for organizations, simplifies their approach to security, and leads to more effective threat hunting.
Reducing the workload?
This begs the question of whether a platform approach is not only better but also reduces the workload. Does it? Chris Geebelen, Dynatrace’s Solutions Engineering Director Benelux, Nordics, Eastern Europe & Iberia believes so. “A security platform definitely takes work away from teams. Security teams no longer have to pull data from different tools to keep their security up to date. This makes for more robust security with improved visibility and reduced costs. Teams can also work more efficiently by no longer dealing with alert overhead or setting up separate integrations and API connections between tools. It is also possible to implement more standardizations. Ultimately, this can shorten time-to-market because security is more often embedded in new products or services from the beginning.”
“Yes, a good security platform takes work off your hands,” says Mark van Leeuwen, Regional VP Benelux at Okta. “First and foremost, because it provides capabilities for all security challenges and use cases and makes them understandable within a single interface. Because the platform offers integrated features designed to work together, it is also easier to manage than stand-alone solutions that are not integrated with each other. Automation increases the productivity of your employees.”
There are other benefits, says Daan Huybregts, Global Head of Innovation at Zscaler. “A comprehensive platform will not only change the way IT security teams look at data, but it also forms the basis for a transformation of security, application, and network infrastructure and allows overall complexity to be reduced. Instead of trying to “keep the lights on,” it will help the team eliminate noise and reduce workload. Enterprises can optimize organizational security by freeing up time to do meaningful things.”
“A security platform should increase visibility and reduce workload,” continued Stefan van der Wal of Barracuda Networks. “This comes from using one user interface for multiple products. The correlation of events and a single support point for problems and/or incidents. The improved visibility can also help an organization meet compliance requirements by ensuring a better understanding of cyber resilience and auditability.”
Pitfalls aplenty
Huybregts argues that adopting a security platform does need to follow the organization’s requirements. “Organizations need a clear vision of how they want to transform their infrastructure and what they want to achieve with such an initiative. The starting point should be defining a Pole Star, and then they can start working and acting backwards based on manageable milestones. Organizations can transform from a network-centric approach to a least-privileged application access model using a security platform based on Zero Trust principles. Organizations should start with simple policies that guide them further and can be refined throughout the project.”
IT environments are also complex, so moving to platformization has its pitfalls. On top of that, Van der Wal says the platforms themselves are anything but uniform. “Organizations need to be aware that for many vendors, ‘platform’ has become a marketing term that allows them to buy any product, put their logo on it, and call it a platform. Therefore, it is important to understand what topics the platform focuses on, what integrations are available and how this platform is integrated into one.”
André Noordam of SentinelOne agrees. In addition, strong dependence on a vendor is a risk. “A vendor lock-in is the last thing you want, so when looking for a security platform, at least choose an open platform that allows you to integrate modules from other vendors.”
There’s a good reason for that, too. “There is no single vendor that is the best in all areas,” says Noordam. “You don’t want to make any concessions on the security front, so always choose the best solutions available. Make sure a platform choice doesn’t limit you.”
Joe Partlow, CTO of ReliaQuest, agrees that one platform is not the solution. “Companies have unique needs that require a mix of technology solutions, and CISOs need a flexible platform that can incorporate data from various third-party sources. Even when attempts are made to consolidate technologies with the same vendor, telemetry still needs to be pulled from a broader ecosystem. Moreover, relying fully on one vendor can increase risk and potentially costs. A diversified approach is less risky from a security standpoint and gives the customer more flexibility.”
Cisco’s Heijdra also sees that the move to a platform should be gradual. “Unless you work in a completely greenfield environment, almost every organization deals with legacy systems. Therefore, most organizations cannot implement a full security platform overnight. Choosing a platform that increases the organization’s security maturity is important. Together with the vendor, a growth and adoption strategy can be established to realize the security platform’s full potential.”
Sometimes, perfect is the enemy of good, suggests Okta’s Van Leeuwen. “One of the biggest pitfalls is to try to draw everything out on paper before you start. Of course, it is important to be well prepared; know the current situation, the scope, what you want to achieve, and make sure you have the right expertise. However, there is a risk of never getting out of the planning phase. With the right platform, organizations can quickly scale and optimize their security levels.”
“The biggest pitfall we’ve seen so far is that organizations strive for perfection from the start,” adds Zscaler’s Huybregts. “It’s a process of harnessing the full capabilities of a platform that starts as soon as an organization gains actionable insights by sending traffic through it. The platform provides information about what is flowing through the environment and gives IT teams the tools to secure that traffic by applying detailed policies.”
Palo Alto Networks’ de Jong acknowledges that the transition can be tricky. “To implement a security platform successfully, an organization must ensure that each integrated product or service is at least as effective as individual point products. The platform must be flexible to be implemented incrementally without needing to replace everything at once. A common pitfall is that organizations sacrifice security quality to make managing their cybersecurity easier or to reduce their number of vendors. Strong integration between components is essential for optimal performance, with centralized policies and reporting. It is important to avoid platforms with superficial integrations and to ensure full, central visibility of all security activities.”
The idea that a platform should be open is widely recognized. Regional Director Fortinet NL Vincent Zeebregts also expresses this view. “The right security platform is not a closed environment but open. That allows for a steady introduction. Organizations need to be well-informed and set a point on the horizon. Then it is important to work toward a more integrated security environment in steps, when, for example, existing security solutions that do not integrate expire or are written off.”
“Above all, look carefully after the purchase to see what the solutions offer,” Zeebregts notes. “We sometimes see that only a fraction of the specs are used. That’s a shame, because optimal use can also result in good efficiency gains, allowing you to remove unnecessary solutions. This process ensures solid consolidation. It makes sense, then, that a closed security platform, i.e., one that is not open to other vendors, is a pitfall you should avoid.”
There are many potential headaches, and they are highly variable. Heijdra: “A major pitfall in security platform adoption can be the licensing model. Many platforms force organizations to purchase many licenses at once through license bundling. This leads to significant initial investments, while customers often cannot immediately deploy all licensed security solutions. This is because there is often a shortage of skilled staff to implement these solutions effectively.” So, the market certainly has a role to play in successful deployments.
Potential problems can also stem from people rather than products, as Chris Geebelen of Dynatrace notes. “Adopting a security platform is not only about the technical implementation but also about the mindset of security teams. IT leaders need to take their teams through the transition from separate tools to the adoption of a security platform from the beginning, making it more logical for security teams to start working from a platform mindset.”
Finally, the list of pitfalls includes another familiar one: patching. Keeping up with your IT environment remains necessary, said Hazewinkel of Darktrace. “When it comes to optimizing the use of a security platform, it is important to update and maintain the platform regularly. This is the only way to ensure the platform remains up-to-date with the latest threat information. Moreover, continuous monitoring and adaptation are necessary: security teams must adjust settings and response strategies based on the changing threat landscape.”
A must
The picture of the security platform is becoming more evident. Different visions aside, we can conclude that the movement toward it can be seen as logical and desirable. However, argues Heijdra, it also fits with a secure IT environment as defined by governmental authorities. “A good example of this is cloud security. Organizations moving to the cloud often choose the security solution their cloud provider offers. However, the Dutch government recommends using multiple cloud providers. This means an organization working with three clouds must also manage three separate cloud security solutions.”
“The platform approach allows one integrated security solution to secure all clouds, which means fewer tools are needed to address the same issue. The big advantage is that organizations no longer have to manage all these separate tools separately, which creates more visibility and efficiency,” Heijdra concludes.
“The biggest driver for using a security platform is, of course, security,” said Okta’s Van Leeuwen. “We live in a time when you cannot open a news site without seeing that a company has fallen victim to a cyber attack. It is therefore crucial to take appropriate measures to prevent this.”
Beyond the point solutions?
Now, the question remains: Does a security platform also eliminate certain point solutions? Opinions on that are divided. Hazewinkel of Darktrace is clear: “The cybersecurity landscape is constantly changing, and we are seeing a shift to more integrated approaches. While point solutions have their place in addressing specific security needs, there is a growing recognition of the challenges they present, namely increased complexity and potential security gaps.”
“Yes, point solutions will eventually decline,” Palo Alto Networks’ De Jong says. “Organizations currently use an average of 32 security tools, leading to fragmented data and limited visibility. Complexity within customer environments is increasing with the adoption of technologies such as work-from-home, public cloud, and AI, while legacy systems often persist. This results in a jumble of uncoordinated security measures stacked on each other. Getting all these separate tools to work together effectively is virtually impossible, especially in complex, multi-layered attacks. A platform approach, such as the one from Palo Alto Networks, integrates all functions into a single system. This gives organizations better insight into threats and strengthens their defenses against increasingly sophisticated attack techniques powered by AI and cloud infrastructure.”
Zscaler’s Huybregts also thinks organizations will need fewer tools in the future. However, “We still believe in security as a layered approach. In the end, it’s all about creating context. Point solutions can help add context to traffic flows in certain areas. An API integration can feed data into the platform system that uses AI capabilities for actionable insights and security suggestions.”
“A platform can correlate all data sources, establish the final context, and use AI/ML to understand better what is flowing through the organization,” Huybregts continued. “Based on those flows, policy recommendations can be generated and established. Ultimately, security is a data game.”
Van Leeuwen of Okta expresses a similar view: “Platforms are the future because they provide faster time-to-value, integration, higher security, easier management at lower cost, and better insights.”
Initially, Fortinet’s Zeebregts suggests the opposite: “Point solutions will always exist, as solution offerings continue to innovate and evolve to keep up with the evolution in malware.” Still, he sees that open security platforms can coexist well with these tools because “sooner or later” integration will be available for it, he concludes.
Van Leeuwen agrees. “There will always be new innovative niche solutions for specific market challenges and questions. Importantly, these solutions must enable integrations so organizations can still get a unified view of potential cyber threats.”
Joe Partlow of ReliaQuest sees room for tools within an umbrella platform: “Point solutions fulfill a role and can fill security gaps depending on the needs of an individual business, as long as they are integrated independently with the rest of the security stack. Integrating across a diverse set of tools, current and future, improves visibility and operational efficiency to more effectively manage and quickly respond to emerging threats. This approach helps eliminate resource constraints by optimizing existing tools and technologies. Security teams can then focus their efforts and resources on higher-level tasks rather than managing compatibility and integration issues.”
The data problem
Trend Micro’s Molen warns about the risks of a decentralized approach. “An organization whose strategy is to use multiple point solutions must realize that a complete picture of risks and security incidents is impossible. This is not an option with today’s attack techniques. An alternative to not using platform-based solutions is to create your own. This requires huge investments, both financially and in having – and keeping – the necessary knowledge available. This “make-or-buy” decision is not viable for almost all organizations. In short, to achieve effective security without extreme investment, the number of different tools will have to be limited.”
In addition, Geebelen, on behalf of Dynatrace, points out that we cannot forever rely on point solutions independent of security platforms. “The amount of data will soon double almost every few days. It will be challenging to manage this efficiently from separate security tools, let alone discover vulnerabilities without full visibility into where data resides or is created. Separate tools cost too much time and money and bring little value. Customers don’t want that anymore. There comes a time when you can hardly keep up as an organization if you don’t standardize. And that standardization works best from a platform.”
However, standardization seems to go only so far. This is evident from one of the strongest opinions against the disappearance of point solutions, expressed by Noordam of SentinelOne: “No, point solutions are not over (in the long run). There will always be specialists for different sub-areas. Point solutions can add great value as long as they can integrate with platforms and collaborate with other solutions. The best-of-breed approach can make you stronger.”
“You do see vendor consolidation today,” said Noordam. “But the market is huge, and every customer has specific needs and requirements. So I still see a right to exist for all kinds of point solutions.”
It is also up to the platform vendors not to do too much, noting Van der Wal of Barracuda Networks. “New problems and risks will arise that require new solutions, and it will take time to integrate those solutions into existing platforms. The saying ‘Jack of all trades, master of none’ also comes to mind. By tackling each risk and technology independently, a platform provider does itself a disservice. The number of tools will diminish, point solutions will persist, and the strongest platform players are those willing to work with point solution providers to integrate those solutions into their platforms. This can be done, for example, through an open XDR approach.”
How does one steer this process? And who should do it? Cisco’s Heijdra: “The solutions we offer for various security issues will continue to exist but will increasingly be platform-based. Specific tooling has been developed for many of these issues, which will be integrated into one or more security platforms. While some single point solutions are likely to be used less, the number of different solutions solving a particular security issue may increase in the coming years.”
“For example, we will see more AI agents, tools focused on specific tasks such as policy control or monitoring. At the same time, the number of vendors providing security solutions will decrease as consolidation occurs on the platform side.”
Conclusion: a security landscape on the road to consolidation
We can say that the security platform is, to some extent, mature. Although the exact interpretation varies, it is clear that integration with other tools is a hard requirement. No one advocates consolidation toward one vendor that can do everything. Similarly, we don’t hear from any experts that organizations should move rigorously to a platform approach if they are used to point solutions. Nevertheless, the external threat, the accumulation of data, and the consolidation of security parties themselves mean that we should expect fewer tools than before.
In addition, the term has been around long enough for the vendors themselves to point out the pain points and to have solutions for them. With that in mind, it is good to provide a roadmap to platformization within an organization. Below is an addition from Molen of Trend Micro to this story, which translates platformization concretely into a roadmap.
Extra: a roadmap
When setting up an effective cybersecurity solution, the steps below must be followed. Achieving this with multiple point solutions is not realistic, so a platform approach is the only option.
1. Discover your digital attack surface
To start, you need to know which elements are used within the entire IT ecosystem. Examples are the workstations, servers, networks, cloud environments, SaaS applications, and IoT environments linked to the IT domain. All these elements form the digital attack surface that can be used to gain unauthorized access.
Once this digital attack surface is mapped, it is essential to know the status of those components. Do they comply with policies? What software versions are in use, and are there vulnerabilities in them? And which modules with vulnerabilities are used by the applications? The answers to these questions help establish a risk profile for the entire IT ecosystem.
2. Assess current cyber risks
To get cybersecurity risks under control in enterprise environments, it must first be clear where these risks potentially reside. As always, this should be an ongoing process in which current risks become apparent. For example, a change in a configuration or the disclosure of a vulnerability in an Operating System can cause the risk level to increase. In addition, user behavior may change, indicating that the account being used has been compromised. All this information can lead to immediate action depending on the risk level.
3. Proactively mitigate risk
While discovering and assessing risks on an organization’s digital attack surface is important, it should go hand in hand with a proactive policy. This could include updating the software, making “virtual patching” active, adjusting configurations, or excluding specific systems or user accounts to mitigate risk directly.
4. Detection & Response for a timely response
It remains crucial to continuously monitor for and accurately respond to suspicious activity to stop an attack early. If, despite proactive measures, an attack goes undetected, you can still catch it with Detection & Response as a reactive solution. The power of a Detection & Response solution lies, on the one hand, in the collection of telemetry data from the entire IT ecosystem, think workstations, servers, cloud & SaaS solutions to the network and IoT environments. On the other hand, you also take necessary actions such as isolating a workstation to stop a ransomware attack.
Tip: NIS2 compliance is the beginning, better security the goal