A CISO’s Perspective on Platformization – ReliaQuest

6 minutes, 5 seconds Read

In the Office of the CISO, my colleagues and I regularly help ReliaQuest customers maximize their investments and provide advisory services. Through these interactions, we reflect on common challenges and concerns shared across the landscape of security operations.

In this blog, we’ll dive into those challenges and explore the concept of “platformization” from the perspective of a CISO. We’ll delve into how platformization influences these challenges and its role in the cybersecurity landscape.

Current Challenges of Security Operations

Security operations teams today are navigating through significant challenges that disrupt workflows and delay critical tasks, such as detecting and mitigating threats. The idea of platformization is emerging as a solution to these issues, aiming to enhance an organization’s security posture. Before we explore how it does this, let’s examine the common challenges it’s designed to overcome.

Disparate Tools

Customers are overwhelmed with disparate tools that complicate rather than aid threat detection, investigation, and response (TDIR). While the intention behind using these multiple agents and consoles is to enhance security, it can lead to gaps in threat management due to the difficulty of coordinating across disparate systems.

Interestingly, this is even a challenge within some vendors’ own ecosystems. In a previous role, I about “Expense in Depth,” which I defined as a multi-layered technology investment strategy that ensures minimal return on investment. There’s a growing concern among security leaders about the effectiveness of continuously adding new tools to their security stack without the promised improvements in security posture. CISOs expect more from their security investments.

Resource Constraints

CISOs face ongoing resource constraints that manifest in several ways. First are the finite resources available to security teams. Despite these limitations, their responsibilities continue to expand. With consistent projects and urgent operational “fires” to address, security teams are expected to do more with less.

Secondly, CISOs also want to unencumber their teams from ever-growing lists of tasks to focus instead on high-value initiatives that improve security posture, like security engineering, threat hunting, and purple teaming.

Lastly, employee retention can be a concern for many CISOs. Each employee has a specific skillset, and, speaking from personal experience, losing a high-performing staff member to another opportunity can be a significant setback.

Delayed Responses

CISOs and their teams are adapting to the accelerated pace of threat response, particularly with rapid threats like ransomware. The urgency of these threats requires that automation play a much more substantial role in defense. After observing one of ALPHV/BlackHat’s recent campaigns, a customer told me, “I do not have time to crawl or walk; I need to start running immediately.”

Given this fast pace of these threats, the threshold for locking out an account or isolating a host is lower than the risk of paying a $20 million ransom. However, this desire to automate more can also be limited by resources.

Understanding the Role of Platformization

All these pain points contribute to the recent conversations around “platformization,” which involves consolidating security functions onto unified platform. These conversations aren’t new—many years ago, giants like McAfee and Symantec vied to offer comprehensive, one-stop security solutions. However, the essence of today’s conversations on platformization remains similar, focusing on delivering key benefits, including:

1. Unified operations: Platformization centralizes security tools and data, simplifying and enhancing the efficiency of operational processes.

2. Enhanced visibility: By unifying security functions onto a single platform, organizations can increase the visibility across their security tools and data needed for investigations.

3. Improved response times: By spending less time pivoting between tools, security teams can accelerate their response to threats more efficiently.

However, as the “fool me once” adage goes, I’m skeptical of the single-vendor platformization proposition. While it can still offer the various benefits as we listed, , some of which I’ll go into below.


CISOs need a flexible platform that can ingest data from disparate third-party sources. Even when efforts are made to consolidate technologies to the same vendor, there’s still a need to pull telemetry from a broader ecosystem. Operating without this broad view is like trying to defend a modern enterprise with blinders on—it’s not feasible.

On top of that, CISOs need to ensure enrichment from a diverse set of security data. Siloed data prevents analysts from getting a complete picture of an incident. CISOs also need a provider that can accommodate custom internal business application data sources and telemetry.

Vendor Lock-In

CISOs are concerned about vendor lock-in and being dependent on one provider. If you put all your eggs in the single-vendor platform basket, you could lose negotiation power over time, leading to unwanted price hikes upon renewal. Also, being tied to a “closed ecosystem” limits your ability to incorporate innovative solutions from other vendors.

This concern extends to mergers and acquisitions (M&A). When you acquire or merge with other businesses, you inherit their diverse security tools and systems. If your security operations were previously anchored to a single vendor, integrating these tools becomes a complicated task that can result in reduced visibility across your ecosystem.

Another concern with single-vendor ecosystems is that they tend to rely on M&A for innovation rather than developing new technologies organically within their existing frameworks. While this allows them to expand quickly, it may not provide the most effective response to emerging threats. A CISO recently told me that, just like their IT and development teams are concerned with infrastructure-as-a-service (IaaS) vendor lock-in, he’s concerned about getting locked into a closed cybersecurity ecosystem.


Lastly, CISOs need a platform that can grow with them as their security program matures. Recently, a customer emphasized not wanting to replace a partner in two years due to scalability issues. This CISO plans to mature cyber threat intelligence, threat hunting, and control validation, and wants to do this from one platform. Swapping vendors requires considerable effort, costs, and resources that could be better spent on higher-value initiatives.

Technology-Agnostic Security Operations Platform

While single-vendor platformization offers significant benefits like unified operations, enhanced visibility, and improved response times, it’s important to approach it with caution. I support open platforms that provide optionality and modularity. A technology-agnostic security operations platform provides the flexibility to choose the best-in-breed tools CISOs need to build a tailored security infrastructure.

The ability to integrate across a diverse set of tools, both current and future, enhances visibility and operational efficiency to manage and quickly respond to emerging threats more effectively. This approach helps eliminate resource constraints by optimizing the use of existing tools and technologies, ensuring that security teams can focus their efforts and resources on strategic tasks rather than on managing compatibility and integration issues.

Key Takeaways

Working closely with ReliaQuest customers has highlighted the need for security solutions that address current challenges and enhance their security operations. While this concept of single vendor platformization offers notable advantages, it’s crucial to consider its limitations. By adopting a technology-agnostic security platform, organizations can adapt to the evolving threat landscape and select the best tools for their unique needs.

This post was originally published on 3rd party site mentioned in the title of this site

Similar Posts