The Changing Landscape of Cybersecurity and Security Infrastructure
Written on
The Changing Landscape of Cybersecurity and Security Infrastructure
Musings about the past, present, and future of cybersecurity, why the current approach won’t scale, and what we can do next.
Evolution of Cybersecurity
As highlighted in my previous writing, the year 2021 saw a staggering 1,862 data breaches, eclipsing the 1,108 incidents of 2020 and the previous record of 1,506 from 2017.
In response, security entrepreneurs are taking notice, leading to the daily emergence of new startups. A straightforward representation of this trend can be found in the increasingly common cybersecurity technology map:
This graphic, while simple, effectively encapsulates the overwhelming amount of information available when searching for a "cybersecurity technology map."
This naturally raises the question: How did we reach this point?
Answering this question is complex due to the multitude of factors involved. A simple explanation might be: “Every market goes through various stages of evolution. What we observe in security today is a natural progression, marked by milestones that seem inevitable in retrospect.”
Please note: As of January 1, 2023, I have transitioned away from Medium. To keep up with my latest articles and updates, please follow me at https://ventureinsecurity.net/. Thank you for your continued support.
Vendor Specialization
The security landscape is multifaceted, with numerous attack vectors and few individuals who truly grasp the fundamentals. This complexity has driven companies to specialize, creating monolithic products that address a singular, narrow use case in depth.
From a basic standpoint, specialization makes sense: the more you focus on task A, the better you become at it. For businesses, this allows for economies of scale and the potential to carve out profitable niches. For consumers, it simplifies the vendor evaluation process by narrowing the options to defined sectors.
However, as the industry grows more intricate, two verticals can quickly expand into four, and then eight. Before long, you find yourself looking at a chart overflowing with logos and categories. This is how we arrived at designations like AV, EDR, XDR, NDR, SIEM, SOAR, XSOAR, among others.
At some point, specialization can become counterproductive. When vendors lack a broad understanding of industry fundamentals, they end up creating products that excel in isolated functions but struggle to integrate into a broader system. Customers then face the challenge of evaluating too many vendors and products, leading to confusion and reliance on heuristics and “expert recommendations,” further fueling the market analyst and consultancy industry.
Vendor Integration
Eventually, users will find themselves overwhelmed, struggling to navigate the multitude of options available on the market. This frustration is compounded by the necessity to purchase numerous tools and attempt to integrate them, given that specialized products often only address limited issues. This scenario presents several challenges:
- Increased vendors lead to increased expenditures.
- More spending and contract negotiations mean heightened overhead for finance, supply chain, and security teams.
- The presence of numerous tools necessitates integration into a cohesive experience.
This integration is particularly challenging because each tool is designed for a specific purpose and often lacks the capability to communicate with others.
At this juncture, two outcomes commonly arise:
- A new market category emerges, offering products designed to connect disparate tools that were never intended to work together; this leads to the birth of a SOAR/XSOAR vertical.
- Larger firms recognize the demand for all-in-one solutions, leading them to acquire smaller vendors and integrate their offerings into existing platforms.
In the short term, this may seem like a beneficial shift for the industry, but it is not a sustainable long-term strategy. An average Fortune 500 company currently manages over 100 cybersecurity vendors, and that number continues to rise.
If this is our current stage, what steps should we take next?
Security Infrastructure as a Service
At LimaCharlie, we contend that cybersecurity is undergoing a transformation akin to that of IT in recent years. This evolution has seen traditional monolithic enterprise technology give way to an infrastructure-as-a-service model, similar to what Amazon AWS offers.
When AWS emerged, many companies recognized that assembling tools from major vendors was often unnecessary. Instead, a comprehensive ecosystem of solutions that allow for self-service, scalability, and efficiency through API-first products is far more practical.
Today, LimaCharlie is at the forefront of this market shift, defining security infrastructure as a service. We empower organizations to detect and respond to threats, automate processes, reduce vendor proliferation, and future-proof their security operations.
Our approach is both innovative and robust, technically and commercially.
From a technical standpoint, LimaCharlie aims to address security challenges without being confined to traditional industry verticals. Most importantly, our solutions are designed to scale. Below are examples illustrating how Security Infrastructure as a Service contrasts with traditional market segments, providing a glimpse into what modern security infrastructure entails:
As security professionals, we recognize that security is a process, not merely a feature. The optimal way to establish a security posture is to build it upon controls and infrastructure that can be monitored, tested, and improved. It is not reliant on vendor promises that must be accepted at face value.
This approach ensures that the specific types of malicious activity and behaviors you are safeguarded against are known and verifiable. Additionally, if you can articulate a security requirement, it should be possible to implement it unilaterally without vendor involvement.
To achieve this, security must be approached in the same manner as other IT systems. Fortunately, the security sector has a strong precedent to follow: IT and DevOps.
Not all layers of the security stack are equal. Some elements are fundamentally similar across environments or can be abstracted to serve various purposes. LimaCharlie operates within these layers, where your value as a security professional is maximized. While you need these layers, any effort required to provision and maintain them is essentially wasted time, resources, and energy. We handle these tasks for you, allowing you to concentrate on the higher-level layers where you excel.
From a business perspective, our goal is to democratize access to security, making it simpler, more transparent, and cost-effective. Notable features include:
This vision means organizations can access virtually unlimited capabilities as needed, without the burden of capacity planning or lengthy contracts.
Please note: As of January 1, 2023, I have transitioned away from Medium. To keep up with my latest articles and updates, please follow me at https://ventureinsecurity.net/. Thank you for your continued support.
Why LimaCharlie Exists
LimaCharlie was founded by security experts to address four essential, yet often unmet, needs.
Need for Transparency
Traditionally, the security industry has lacked transparency for both consumers and professionals.
“How do I know what I am protected against?” This is one of the most fundamental questions a security expert asks when evaluating a vendor. Yet, many EDR, AV, and SIEM vendors promote “magic box” solutions that lack clarity and claim to “protect you from everything.” This assurance is often misleading to those who understand the complexities of security.
The transparency issue extends beyond this. “What will my costs be?” is another seemingly simple question that is often complicated to answer. Prospective customers frequently endure numerous meetings and sales presentations before even getting a sense of pricing or seeing the product.
LimaCharlie champions full transparency, believing this is essential for the future of the security market.
Need for Control
Learning a skill often begins with following straightforward instructions: “Do X to achieve Y.” This simplicity benefits newcomers by allowing them to grasp basic concepts before diving into the fundamentals that govern the field. The same applies to security. A simple guideline, like “If a red light flashes on your dashboard, gather your team—you're under attack,” is easy to convey and comprehend.
However, this changes as expertise grows. To maintain a comprehensive security posture, one must understand their organization’s operations and develop a deep familiarity with their environment. At this advanced level, a mere alert is insufficient; professionals desire control over their security processes.
“How can I steer my own course and determine our security strategy?”
“How do I select which services to implement and which capabilities to invest in?”
These and other inquiries cannot be adequately answered by vendors that focus narrowly on verticals, as their offerings lack the flexibility to allow users to choose how they implement their security measures. There is a pressing need for a new approach—one that grants complete control over a neutral infrastructure without imposing limitations or directions.
Need for Scale
Customizing a product to align with a security team’s workflow is one thing; effectively monitoring multiple organizations at scale is an entirely different challenge. Managing a single company is akin to changing a tire, while overseeing a garage with 200 cars weekly demands broader capabilities and finesse.
The key question that arises for security professionals is, “How can I scale our security practices across thousands of endpoints and potentially hundreds of organizations?”
Vendors that have constructed monolithic systems cannot adequately answer this. While some large firms claim to offer “all-in-one solutions” after acquiring numerous startups, simply bundling together disparate tools that weren’t designed for integration is impractical.
To fulfill the need for scalability, it is critical to build with scalability in mind from the outset—considering integration and latency in every feature design. This is precisely what LimaCharlie does. We adopt an API-first approach and promote infrastructure as code, allowing us to deliver a consistent experience whether serving one tenant or thousands.
Need for Innovation
Innovation is essential in security. As cybercriminals become increasingly sophisticated, it is vital that defenders continually innovate. We believe that three components are necessary for fostering innovation: people, funding, and infrastructure.
People
Over the last decade, there has been a significant shift in cybersecurity education. Universities, colleges, bootcamps, and online platforms are stepping up to fill the talent gap. Students, professionals, and industry leaders are organizing meetups, CTFs, and hands-on competitions to hone their skills and prepare the next generation of security talent.
Funding
A significant transformation is also occurring in funding. Numerous venture capital firms, startup incubators, and angel investors are concentrating exclusively on security. Governments are offering grants and non-dilutive funding, and both private and institutional investors are incorporating cybersecurity companies into their portfolios.
Infrastructure
The last crucial element required for innovation is cost-effective access to infrastructure. The rise of cloud computing has enabled small teams to harness computing power once reserved for large corporations. This has subsequently facilitated the growth of machine learning, artificial intelligence, and other emerging technologies.
The cybersecurity sector has been slow to adapt to the changes that have transformed IT.
“How can I get started instantly without having to meet minimum requirements or engage a sales team just to access the product?”
Currently, this is a challenging question to answer. EDR and SIEM vendors typically require a minimum number of endpoints and multi-year contracts before you can begin. For startup founders or small innovative DFIR/MSSP firms, such stipulations can hinder growth and even stifle ideas.
LimaCharlie is democratizing access to security infrastructure by allowing users to start using powerful tools and resources for free, without needing to conduct capacity planning or provide credit card information. We believe that increasing accessibility to security infrastructure will drive innovation within the industry and ultimately benefit everyone.
What’s Next?
Discussions surrounding new technology and predictions for the future of entire industries often age poorly, as illustrated by a nine-year-old article about Google Glass.
As Peter Drucker wisely noted:
> “The only thing we know about the future is that it will be different.”
While we cannot predict the future with certainty, we can observe that:
- Security complexity is growing, and traditional “point-and-click” antivirus/EDR solutions no longer provide the same level of assurance as they did five to ten years ago.
- The number of attack vectors continues to rise annually, with new mediums (VR, AR, metaverse, social media, etc.) adding layers of complexity.
- Data volumes are escalating, and as global connectivity increases, so too does the frequency of breaches.
- The number of security vendors focusing on narrow use cases is expanding, making the integration of numerous tools into a cohesive solution a considerable challenge.
- Few products on the market are designed as API-first, developer-centric solutions.
The list can continue indefinitely. It is unrealistic to claim that any new approach will resolve all existing issues. At LimaCharlie, we believe that security infrastructure as a service will equip security professionals with the robust tools they need, allowing them to concentrate on their core competencies. The future of security, at least for the next decade, is human.
This article is part of a broader cybersecurity series, which includes:
- Product-led growth in cybersecurity: past, present & future
- Cybersecurity is not about technology
- Evolution of cybersecurity and Security Infrastructure as a Service
- Psychology of marketing and selling cybersecurity
- Cyber insurance: state of the space, trends & the emergence of fully-integrated cyber solutions
- How British Columbia became a vital part of the global cybersecurity ecosystem
- Top corporate venture capital firms investing in cybersecurity
Please note: As of January 1, 2023, I have transitioned away from Medium. To keep up with my latest articles and updates, please follow me at https://ventureinsecurity.net/. Thank you for your continued support.