MUSINGS ON FUZZY PRODUCT CATEGORIES
In the past at RSA, you easily noticed that there were “SIEM vendors”, “DLP vendors”, “TI providers”, “anti-virus vendors”, etc. There were also larger vendors that sold product of several categories.
But at least there WERE categories. My experience at RSA 2015 show floor really ruined this world view!
First I thought that it was about marketing (like a booth that says “security intelligence” really just sells SIEM or a booth that says “breach prevention” and really just sells …eh… eh… dumb marketing?), but deeper conversations with many vendors – big and small – lead me to believe that the product category walls in security are becoming very fuzzy indeed.
“DLP that may also catch malware”, “an agent that can stop risky user action, and also collect forensics data”, “a network forensics tool that also does some malware analysis”, “a SIEM that collects packets and TI”, “an analytic tool that detects lateral movements and excessive account privileges”, etc, etc.
So, what is going on here? Presumably the markets should settle to more firm product category boundaries … but maybe changes in threat landscape prevent that? Is security truly as unique as some say – a set of markets that will never mature? (in another space, it would be considered market devolution, not maturation).
Thus, will we eternally live in The Long Tail World, where the choices are plentiful and rapidly changing – but few people use each choice? How do you do security architecture in such a world?
After all, “place a firewall here, a NIDS over there” 1990s thinking likely won’t work when there is a dozen types of network threat detection products, with a lot of overlap in features and unknown (sometimes unknowable!) effectiveness in their detection approaches.
Why is this happening? One explanation is that vendors “go broad” and try to take over some adjacent niches – sometimes at the cost of losing their excellence in the core market. So, is this innovation or confusion?
Or, maybe vendors decided that sporks and foons sell better than spoons and forks? But while sporks may solve a real problem (less weight to carry on a hike? less utensil types to stock?), most people use spoons and forks on a daily basis (spork is a mediocre spoon and a worse fork, IMHO).
Another reason maybe that there is a lot of VC money in infosec / cyber today and any type of a hybrid product have a right – and money!- to exist, however narrow its niche?
Or maybe vendor flee what some see as discredited categories, like SIEM and DLP, and make up funky new ones to appear new and innovative?
Thus, if I am even close to being correct in this assessment, we will live in a very, very different world of “cyber.” A fun world – but a risky one, with A LOT more uncertainty! So, go ahead, let’s discuss!
P.S. Does it make you want to be an analyst?