Frankly Speaking 9/27/22 - Data is changing security!

Security products will need to change their value proposition.

Disclaimer: Opinions expressed are solely my own and do not express the views or opinions of my employer or any other entities with which I am affiliated.

Now, I feel pretty adjusted back into my operating role. I want to start reading more about security news and what’s going on. Usually, I go to Blackhat, RSA, etc., but I’m hoping to get my news from other sources than that… If any suggestions for good Substacks/blogs/newsletters are appreciated!

LET’S BE FRANK

In the past decade, security tools have evolved quite a bit. We have gone from firewalls and anti-virus to CSPMs and EDRs. Other than the fact we use acronyms more often it seems, these tools accomplish similar goals to their predecessors but have adapted to more “modern” architectures and technologies. For example, IDSes have largely been replaced by WAFs and SWGs to adapt to a zero-trust world. Although we have created new categories, the purpose has largely remained the same.

However, new products have been able to disrupt legacy products and cause what I call a “category transformation” where there is an existing market and a newcomer is able to disrupt and displace current products in that space through the creation of a better product for the same purpose, e.g. email security, etc. In my opinion, the main differentiator for these successful products is better data analysis. For example, EDRs were able to perform better than anti-virus because they moved away from the signature-based approaches and were able to do analysis in the cloud with data aggregated across all customers to better detect attacks. Another key insight is that he availability of “unlimited” computing and storage from the creation of the public cloud has enabled this change to be successful.

Much has been talked about how the public cloud has created a new category of security products, but what people don’t discuss enough is that the public cloud has enabled a new generation of security products for many existing categories, such as email security, endpoint security, etc. by providing the computing and storage necessary to improve core components of the product.

What’s the next trend? It’s the modern data stack. Working at a company (dbt Labs) that sits at the center of it, I believe the next generation of successful security products will take advantage of this trend.

In this newsletter, I’ll cover the following:

• The modern data stack and what it means for cybersecurity

• Why certain cybersecurity products are going in the wrong direction

• How products can take advantage of this trend

What is the modern data stack?

I’m not going to rehash our CEO, Tristian’s blog post on the modern data stack. I agree with most, if not all of it. (I do work for the company after all.) I encourage you to read it as I believe it’s well-written and provides good context in general about the data market, in which cybersecurity will be an increasingly bigger consumer.