Written By: John Maddison
Ever since the birth of the Next-Generation Firewall, organizations have come to expect security devices that combine a variety of critical features and functions into a single package. To meet that demand, the number of security vendors referring to their offerings as a “platform” rather than an appliance, even if that platform only offers a handful of independent solutions using separate management interfaces, has grown dramatically. In fact, the use of the term has become so widespread – and so intentionally vague ¬– that it has begun to lose its meaning.
But that shouldn’t be the case. A true security platform should be able to deliver essential security solutions into a complex network environment while reducing things like management, configuration, and orchestration overhead. But to differentiate between a real platform strategy that can simplify the lives of your IT team members, and a set of solutions that simply shift the complexity of managing independent security tools from the wiring closet to a box, we need to define exactly what we mean when we use the term platform.
Defining a Security Platform
To start, a platform needs to provide a common architecture through which all its embedded security tools can interoperate. Ideally, this would allow different security elements, such as firewall, IPS, AV, web filtering, and sandbox solutions to see each other and share information, and provide a common management interface to check things like policy consistency and uniform compliance. Interestingly, even this basic definition disqualifies a number of security solutions being touted as security platforms.
A platform also needs to address three critical requirements: being broad, integrated, and automated. To qualify as broad, a cybersecurity platform needs to provide effective and consistent security across the entire distributed network – including multi-clouds, branch offices, edge networks, mobile devices, and data centers – to enable digital innovation and protect every edge in the infrastructure. And broad also includes the ability to provide the speed necessary for digital innovation to thrive rather than be bottlenecked by security, even in extreme environments that rely on hyperscale and hyperconnectivity.
In addition, all solutions deployed on a platform need to be fully integrated together – ideally because they all run on the same underlying operating system to enables unified correlation, management, orchestration, and response. This allows them to provide comprehensive visibility and protection across all devices, users, endpoints, cloud environments, SaaS applications, and infrastructures to ensure consistent enforcement covering the entire attack surface. Integration also means that different platforms can be woven together, even when deployed in different environments, into a single, holistic security framework.
And the security elements built into the platform need to be automated to not only enable them to detect and respond to events at digital speeds individually, but to also correlate data and coordinate responses across and between platforms for more effective and comprehensive threat detection and resolution.
The Eight Critical Elements of a Security Platform
To achieve these three critical expectations, an effective security platform needs to consist of the following eight essential components:
1. Network Integration: The core of an effective security platform must be the network. Security can no longer function as a moat around a castle. It needs to see and interoperate with network devices and understand network functions. A security platform needs to enable security-driven networking and be able to tightly integrate an organization’s network infrastructure and security architecture together to ensure that whenever the networking infrastructure evolves or expands, security adapts because it is an integral part of the environment.
2. Internal Segmentation: A security platform also needs to see beyond the perimeter controls to manage internal network risk through access control and dynamic internal segmentation – including working in conjunction with wireless access points and the wired switching infrastructure, to enhance threat detection, automated threat protection, and policy enforcement. This enables the creation of zero-trust network access to identify all users and devices, only permits the minimum amount of network rights needed for users to do their job, and then applies dynamic segmentation to automatically secure workflows and transactions.
3. Automated Workflows: You must build automated workflows across the platform to ensure that everything from access to transactions are secured. For example, a laptop with a virus should automatically communicate with an access point to prevent the laptop from joining the network, and the security platform should then automatically redirect it to a quarantined network segment. A unified platform enables automated workflows that can address the challenge of interoperability created by isolated, multi-vendor deployments.
4. Broad Deployment: A platform also needs to support a wide variety of form factors, including support for dynamic cloud environments, including hybrid, public, and private clouds – and even containers. Platforms, for example, need to run as cloud native solutions to take better advantage of the unique functions of any cloud environment, while still deploying and enforcing security policies consistently across the distributed network regardless of a platform’s form factor or where it is located.
5. Ultra-High Performance: Platforms also need to be able to run at the speeds of today’s businesses, including support for environments such as hyperscale data centers, high-volume gaming and e-commerce sites, and low-latency financial trading environments. And it needs to perform the most difficult tasks, such an inspecting encrypted traffic, without slowing down traffic. Most of these demands are outside the ability of virtually every security platform on the market. Which means that, as with virtually every other performance-heavy environment in today’s digital world, platforms will require custom-built processors to meet the escalating performance demands on the horizon.
6. AI-Enhancements: To meet the demands of today’s hyperscale, hyperspeed, and hyperconnected networks, platforms also need to be enhanced with machine learning to improve effectiveness over time, as well as AI-driven security operations to provide actionable, customized threat analysis and response at the speed of digital business.
7. Integrated Management: All of the tools incorporated into the security platform need to run on a single, unified operating system to enable single-pane-of-glass management and configuration, broad threat and event analysis, consistent compliance, and unified orchestration to ensure consistent policy enforcement across the entire distributed environment.
8. Open Standards: Finally, platforms need to use open APIs and common standards to ensure integration with third-party solutions. This enables the creation of a single, unified security architecture that can overcome the challenges of today’s growing vendor and solution sprawl. This integrated approach ensures that no single security tool ever functions in isolation, but is able to share threat intelligence and participate in coordinated responses to detected threats. It also enables all devices to dynamically adapt to evolving IT infrastructure in order to defend a rapidly changing attack surface.
Your organization needs a security platform. Make sure you actually have one
A platform is much more than just wrapping a collection of security tools together into a single bundle and then adding some sort of a shell script so independent management tools appear to be part of a congruent solution. This goes well beyond the very basic interoperability that far too many vendors try to pass off as integration.
Platforms are essential for developing and deploying a security framework that can seamlessly scale and adapt to your ongoing digital transformation efforts. To do this, they need to be dynamic, comprehensive, and deeply integrated environments that enable critical security, management, and orchestration tools to operate as a single, seamless security solution.