Presenters:
Transcript:
Doing after lunch. Good. Not asleep. So we've got this next discussion here with alchemy with Mark and Susan. They're going to be talking about achieving better cybersecurity outcomes through smart consolidation and AI. So give them a few minutes here and we'll get going. Thanks. Yeah. Thank you. Thank you. All right. I want to make sure everybody can hear me.
We're lit up good enough. That's perfect. I think everybody should be able to hear anyways. So. Welcome. We're excited to talk about this topic. We know there's maybe going to be some strong opinions. So, I think with the size crowd, we'll also be able to solicit some questions. You know, somewhat through the presentation, if there's some, you know, very specific things you want some additional, you know, detail or dialing around.
But, we're going to specifically talk about kind of the who what where around this topic. And then going to dive deeper into what we see as a potential approach for building out a cybersecurity, you know, platform, service, career architecture platform. We'll kind of talk about that. And what we've seen, our customers and prospects doing all over the country.
But, quick introduction. Mark Grassman, director of cybersecurity, here at alchemy. Alchemy as national reseller. Work with hundreds of organizations a year all over the country. And support them where they're at in their their cyber journey. Been doing this for 20 years, did it operations for a long time, and helping organizations with cyber operations about the last ten years, like most of you, typically come from working with highly regulated companies.
But now everybody is starting to get cyber smart. So happy to share my experiences and anecdotes. Susan, hi. Susan Crowe, I am a failed CSO supporting alchemy. I've been around for a few months, so I'm kind of new to the organization, but I've been in health care, actually, for the better part of a decade. For that, I did a lot of some government work, and I actually was also in the Navy.
So Navy veteran and I started my career in cyber all the way back in active duty days. So it's been close to 25 years now. Thank you for your service. All right. Let's get into it. So where we find ourselves today on the topic, I think, you know, there's partially a reason why you came to a session like this.
It's not uncommon that an organization has an incredible amount of tools trying to fulfill their cyber efforts. And, you know, some analysts estimate now that the average enterprise has north of 45 tools, in their repertoire that they're using to try to deliver and secure the organization. That sprawl, unfortunately hasn't really delivered on better security outcomes, for, most organizations.
So there is a lot of interest in simplifying, you know, that complexity and sprawl of, you know, tools and vendors. You think about what you negotiate, all your contract terms, all the individual nuances, doing that over and over again across X amount of vendors. There's potentially a better way. Specific benefits. A lot of times, what we're seeing as we work with customers that are potentially looking at a platform approach and, you know, there some more recent sales data, that platform based selling is now contributing to more than half of the decision, matrices that customers are using when they're looking in evaluating new tools.
That value that's provided, potentially in adding or providing capabilities is not already within your, portfolio is another, you know, particular benefit rather than, again, having to go outside of, you know, your particular, choice of vendors. And this is really being driven by, really a trend over the last ten years that we see more and more vendors building platforms and ecosystems themselves.
If everybody kind of goes back ten, 15 years, there was a tool for firewalls. There was a tool for antivirus. There was a tool for identity. None of these, you know, vendors cross streams. And that's kind of what really got us to the place we are today, especially a larger enterprise with a sophisticated it, in security operations.
That, has significantly changed. Yes. There's a lot of new startups, typically in the newer spaces, like data and AI, but you've seen a significant consolidation in the market as vendors try to be more than one thing to their customer base in themselves, kind of build on this platform based strategy, maybe not specifically originally trying to drive better outcomes.
They're just trying to be more of a one stop shop for organizations. However, starting in a and I would say, especially with Microsoft's entry into this space back in 2017, where you saw a vendor purposely put a solution together that was meant to bring disparate areas like identity security, endpoint security, workload security together. You started seeing a lot of the other major vendors start to change their acquisitions and, and, merger strategies.
So that also leads to another thing. You've seen a lot of specialty vendors pulled off the board, specifically. So in some cases, these are only going to be available, and they're individual best to breed capabilities within certain vendor portfolios. So this historically wasn't, the case. And this is also what is potentially, leading organizations to look at more of these platform strategies.
So why now what is additionally kind of driving, this approach? Because, again, lots of tools we thought were covered. They're providing the outcome. Yes. We got to use a lot of people to manage it. Yeah. We don't you know, our procurement team takes care of all the contracts. Not a big deal. Technology is also changing and changing.
This is the only slide that has AI in it. So don't worry about, that. And as you can tell, AI will solve everything, so don't worry. But AI is changing. The, approach, that customers are using to secure themselves because I can be both, a very competent adversary. You know, everybody in the room here is probably seeing an increase amount of phishing with emails that look, you know, like they're written by humans.
No longer do you see any misspelled words or extra spaces and these other, you know, anecdotes that, were telltale signs of, you know, threat actors before now, this stuff is, they're using the same techniques and technology that sales organizations and maybe your own organization is doing to increase revenue. So we're seeing an adversary, using AI on the defense side.
AI does provide some practical benefits. Some of you may have, depending on the platforms and technology you have, start using AI assistance in better triaging and incident, investigation and management. But again, that platform needs to support those capabilities. Some of you may have better threat detection and analytics capabilities, but again, that typically relies upon you having a modern platform where I can truly add value.
And we'll talk a little bit about that legacy stacks versus modern stacks. And at the end of the day, what we're trying to do is provide a better outcome. If you're not fighting a robot with a robot, you're more than likely going to lose. Machine speed needs to be dealt with at machine speed. So that also is what's driving a lot of this idea of platform ization, because your solutions need to be able to work together for consistent outcome at that, at that machine speed.
Susan is going to speak to a little bit of some of her, experiences, also addressing another, you know, primary topic of what is driving, you know, the need for a different approach of tooling, for business use cases. Thank you. So I'm going to start off with a little bit of a story. So several years ago, I was brought in to a project.
And this is this is a health care situation. So I was brought into a cloud integration project. And lo and behold, they didn't include security in the forefront of this planning stage. Right? So in the design phase, they did things very quickly. They did things too quickly. So as I walked in the room and I'm looking at what we're dealing with, what are the things that I saw initially I'm seeing we've got public IP addresses everywhere.
We have no segmentation. We have the Wild West of access controls. There is none. There's no policy structure. This was a sprint. It's a game of speed. Right. So as we're looking at this, we're looking at all the challenges that we're facing. And one of the other components of this build was that the strategy was that this was the cloud, which was to be an extension of the on prem environment.
So in this environment, we had VPN tunnels everywhere, dozens and dozens of them, that were connected to dozens and dozens of vendors on just as many firewalls. This is a very complex legacy type environment, and they're expecting to take this and adopt that in a cloud infrastructure. Not only am I screaming about this, but the cloud integrators are screaming about this, saying, this is not the way that the cloud works.
We need a more modernized solution. So in order to keep on the pace, they wanted to actually move to modernize solution for a cloud environment. But let's maintain what we have in our legacy environment, in our on prem environment. So now we have we're starting to layer our approaches. We can't change our environment overnight on prem right. We can't do it.
So we have to start adopting these more modernized technologies and try and figure out how we're going to to go backwards. Once we get to the destination we're trying to reach, let's get to that hybrid stage. So we start layering on this approach, and one day I get a phone call from a Google sales rep and there's a Google sales rep, says, Susan, it's time for you to make an investment.
You need a cloud native vulnerability management solution. So now we're talking tools. And my response is, well, I have a vulnerability management solution. Why would I need to get yours? Well in his strategy he's telling me, well with the solution you have, it works great for an on prem environment. SaaS based or not. It works great for that.
But it's not going to work for the cloud because it's built into the very fabric of our cloud, our vulnerability management solution. So we're going to be getting you're going to get better analytical data. You're going to get better scan results. And this is going to give you and better overall security, visibility and control over that cloud environment.
He's not wrong. But is the approach right. This is where I reached that pivot point. This is where I said, okay, this is where we stop because now I'm going to be going through tool sprawl. Now I'm going to be adding on tools that deal with that same capability that I already have. It's just not able to reach my ecosystem the way that it needs to.
So that's where I had to take a scale back. And I start recognizing that problem. And that's where we started to pivot. This isn't about adding on extra tools to accommodate what we've built. It's about to restrategize the entire platform. And that's where we started getting into the scalability, the flexibility, building out security solutions that weren't just going to work for one piece of my environment is going to work holistically.
So yeah. Thank you. Slide. All right. So, what's driving the adoption from a business perspective? Before I get into kind of the more technical and, you know, potentially some of the things you really want to kind of hear about, we thought it would be also beneficial of talking about this, but how you can sell it to the business.
And again, why this potentially would be relevant to the business. So let's take that same example. Looking at our cost challenges. So as we adopt these new strategies people are pushing tools on us. One of the big factors is obviously going to be cost you got licensing costs right. You've got maintenance costs. Well, it's not just about those things.
Now we also have staffing costs because if we start adding on these unique tool sets now you have unique skill sets. And also you have a burnout situation. If you don't accommodate those special skill sets, now you're overburdening your current staff and they can't manage that many tools. They can't manage that many interfaces. And now we've got gaps that are like you can drive semi trucks through, right.
So these are this where you get into these, these costs are compounding and getting harder and harder to maintain. And it gets harder to sustain. It's not sustainable. So one of the the I have another situation that I've run across as we're going down this hybrid environment. One of the things that we were working to integrate was a new Dicom solution.
And those of you aren't familiar with Dicom, Dicom is think of it as a way to package an image file like X-rays, MRI's, these sorts of things. So this X-ray machine will scan a patient and it'll generate a Dicom image. Okay. So typically the physician would be at the hospital and they're going to be there to see the scan happen.
They're going to be there to review the scan and diagnose the patient. This happened maybe five years ago. Let's fast forward to today. Physicians aren't always at the facilities anymore because the vendors have woken up the vendors have said it's more cost effective and I'm going to build more revenue. If I take that one physician out of the hospital and I'm going to make the remote.
So now they don't they're not only stuck to that one hospital, they can service multiple hospitals and diagnose multiple patients quicker. So now they're capitalizing on that opportunity. But what they've done to us is they've taken that situation where the physician is with the scan. Now we have to get the scan to the physician. So now we have an it problem.
And we've got to get this giant image file all the way to the physician securely and quickly, because we're talking milliseconds. This thing has to get out there. You think you got a stroke victim on the table? They got their scan, and now we have to remotely get this physician to diagnose this patient and get that diagnosis back to the hospital to treat them before that patient's condition changes.
So this is now a speed game. This is an efficiency game for it. So we have to look at this. And if we have this complex environment where we have generated this layered approach with all these toolsets, what we've done is we generated hops. Every hop generates latency. That latency slows down the transmission. So now it's it's problem that that Dicom image to treat that patient is taking too long to get to the end destination.
So you're they're going to get fragment and packets or drop packets. And the files aren't even going to make it to the physician. So now we are causing an issue where we can't get that patient cared for in a timely manner. So when you start thinking about how do I create an environment that enables the business better? It's remove that complexity, remove that risk altogether.
And let's look at a platform concept when you do that. We're now starting to take out those hops. We're removing the latency and we're delivering a better end result. And at the end of the day that turns into a new ROI concept. So ROI isn't always just about the invoices, right? Yeah. We've got the licenses now. We're reducing licenses.
We're we're reducing cost. We're reducing maintenance fees. We're doing all those things. But then you look at it from a business enablement perspective. If we are making the process more efficient to get that Dicom image to the physician so he can diagnose that patient, we are enabling the business to operate better, more efficiently and provide better care. So all those things factor in.
And at the end of the day, now we've become a business enabler and it can start focusing on being more resilient and being more innovative instead of trying to stop and troubleshoot and figure out where did that package stop? What failed, what system do I have to troubleshoot now? So at the end of the day, we actually see a lot more value once we start to integrate a more simplistic approach.
So and then we have such a fun topic of compliance and regulatory pressures. These are not ever going to get easier. Even as we go down this path of AI innovation. We're moving our we're moving forward. All of these are going to get more complex. Let's look at HIPAA, HIPAA. I'll give you credit. It hasn't not been updated probably since 2013 with the omnibus.
That that whole update that came along with that, with that final poll on that one. Now there's been some incremental updates, but not sent until last year. Last year they actually submitted a new act, which is a supplemental act. It doesn't replace HIPAA, but it's a supplemental act and it's called Essayé. And this one is the Health Care Information Security Accountability Act.
If this gets passed, which they're expecting it possibly to be this year, this is going to put more stringent requirements on us, more stringent MFA controls, more stringent risk management controls. It's even going to have worse penalties for us. And those are things that we have to comply with from a health care organization. High trust is no different.
It's actually in the last two years has gotten a whole lot more complex, where it takes three times as long for an environment that doesn't have a consolidated approach to be able to pull evidence for their audits. I recently went through one this year, and it took three times longer than I had two years ago, just two years ago, to be able to pull that evidence.
So as we get into these platforms, we start to centralize our data. We start to centralize how we're actually, pulling everything together. We make it a lot easier for us to pull that evidence for those audits. We make it actually more valid because you don't have now you have to you can look at deduplication. You don't have all these different versions of data out there.
You don't know what you're delivering. But now you can start to get control of that. Now you're starting to approach that ugly little thing in the corner of the room. Nobody ever wants to talk about data governance. Everybody knows it's necessary. Everybody knows it's critical, but nobody knows how to approach it. Once you start to centralize and once you start to consolidate, that becomes a whole lot more realistic and simpler to achieve.
So coming into some of these, these, these talent shortages, shortages, I've touched on this a little bit already. So cybersecurity talent shortage, the more complex your environment is, the harder it is to staff, the harder it is. A lot of us are lean. Most cybersecurity organizations, our departments are lean, and they're not going to ever be fully staffed.
It's just not the nature of their business. So when we start looking at our talent issues, when we have all this, this tool sprawl, we got all these tools we have to manage. And they're all using different interfaces, different dashboards. Nothing is consolidated or aggregated. It makes it a whole lot more complex. And now we're facing burnout. But we also have specialized skill sets.
If we have all these individual tools now you have a specialized skill set. You have to maintain that cost money and then you also have an issue where, well, that resource specializes in that. But I only need it for a quarter of the time. Now you've got a problem with your staffing. All right. Strategic shift. So CISOs really one of the things that we prioritize very heavily is resilience.
Resilience actually enables trust. Our goal is to make sure that we are business enablers. And we are building trust not just for our departments, but for our business. The more we build trust, the more revenue is going to come in for the business because we're building that foundation. These unified security platforms, they're enabling us to do more with what we have, so we can have an entire lifecycle of a process built into it.
Not even just I mean, you look at it from a threat detection response and recovery method, but look at it from an identity perspective. You have your accounts that you are, if somebody puts their password in wrong. Too many times we have automated processes. We have a unified approach to be able to take that solution, and we can lock the account out.
We can generate alerts, we can take action, and then we can notify our IT department. And really it's just a it's a one swoop to come back in. And we haven't changed our password. We investigate. But all that can happen. And one unified platform. And it makes it a lot easier to manage. So thank you Susan. All right.
So let's talk a little bit more in detail what this potentially would look like from a platform strategy. So, a couple of attributes. Unified architecture. This is, you know, at at the end of the day, you should have one, you know, driver, one kind of, overarching, you know, control plane, I guess is probably the best way to explain it driving these security outcomes.
And we'll talk more about what that specifically looks like. Your various disparate technology solutions across the, various technology silos in the organization need to be working together. Networking needs to share telemetry and information, with other systems like endpoint and identity, for example, because those things can orchestrate with each other. Rich information from one, you know, can drive outcomes and capabilities and controls, you know, for another.
Not everybody is architecting that. And that's part of, towards that strategy, towards this kind of platform in a centralized control vehicle, you know, helping, to generate certain types of activities across these various technology silos. And we've talked about how this should hopefully drive some operational efficiency. And, you know, a lot of times this is driving broader strategy.
Some of your organizations may have also been aligning to certain software contracts with certain key vendors. And, this also, for, you know, your cloud initiatives or other productivity initiatives, especially more recently, some AI initiatives. This is going to be potentially one of the best approaches to Susan's example. To potentially align better with those because you potentially have more tools and capabilities.
So let's talk about kind of the elephant in the room, single vendor platform that, that I mean, I'm maybe assuming is what everybody was thinking when they came in here. You know, one to rule them all or is a best of breed approach. And you may ask, how do you have best of breed solutions working in an orchestrated and integrated way that doesn't exist, right?
So quick little summary, single vendor simplicity, speed. You know, a lot of attributes there. It has a built in centralized control, however, best of breed, we need advanced capabilities. Good enough isn't good enough for our organization. So we're going to choose to go with the best of breed approach, but that we're also going to do it in a holistic way.
So we're going to buy best of breed tools that actually work with other best of breed tools. You know, an amazing concept, and we'll talk more about that. So, high level advantages to the single vendor model. And I've, you know, a number of manufacturers here that have been building more towards that single model, especially in the market here in marketing.
Towards that, I already kind of mentioned Microsoft. They really started down this path and everybody's kind of been chasing them ever since. You know, the largest cybersecurity vendor on earth, they're going to do nearly $100 billion in revenue this year related to that E5, you know, sales motion that they go through as well as additional capabilities that they sell on a consumption basis in Azure.
And we see a significant number of organizations taking that approach because of potentially the value that they can get out of that platform. But it's far from one of the only options that exist in the marketplace. You have other vendors historically in the network space, as well as newer vendors coming from endpoint space. Also working towards this strategy, if you look at this significant number of acquisitions.
So more recently with, you know, Palo Alto acquiring Cyber Ark to really fulfill a gap in their portfolio in the identity security realm, you know, other vendors acquiring in the cloud security space, in the SAS security space, like, say, CrowdStrike acquiring adaptive shield here a little, less than a year ago. Lots of advantages. Again, they're the ones selling that vision of an integrated out, control plane.
That and now in that, theoretical single pane of glass that everybody's been speaking, you know, about, over the years, cost is a lot of driver. Most of these things are sold under an enterprise agreement that was maybe negotiated well above, you know, your place in the organization. And there is a business reason, typically why from a cost standpoint, that may be the way that the organization chooses to go.
Support, again, we've talked about it. If you had even 15 or 20 different vendors, those are different support levels, different contracts, different people. Your reach out to, you know, there is a lot of attributes of potentially having one throw to choke. But again, none of these vendors truly address every, control need. You know, Microsoft is in historically in the network space, whereas some of these other vendors aren't historically in the productivity or email security space, you know, for example, so, or again, have been lacking identity and other capabilities.
So that's, that's something typically that lack of death, depth is one of the greater concerns versus, you know, best of breed vendors. Vendor lock in is a real concern, with a lot of organizations that go all in from a single vendor, approach. You hear this from customers? All the time. However, you know, I do really believe it's the responsibility of those vendors to continue to innovate, add value to the portfolio, to continue to drive value.
What about a best of breed approach? You know, so we talk about, potentially going with solutions that have a lot of depth and capabilities in their respective areas. Octave, for example, in the identity realm, CrowdStrike, arguably again, the largest player in the endpoint space, or even, you know, some pure play, modern network security vendors in, you know, their particular cloud network security space.
These, vendors have purposely built integrations with each other to have a disaggregated central control plane. Yes. You have different consoles for each of the vendors, but you have, integrated outcomes, telemetry being shared, signals being shared, automation built into the, individual control planes that are meant to work collectively together, for example. So again, attributes of this, you get those, superior capabilities.
You do have, you know, the ability to swap out, certain, you know, technologies and vendors. Maybe you have a different preference on networking or a different preference on identity or endpoint, as long as you, again, are working towards a model where these tools are meant to work with each other rather than work in their respective, silos, that's what we're talking about, that that platform, power that you get bringing these tools together, trade offs.
Some people are concerned because, again, these are best in class tools of the complexity of getting them to work in integrating with each other. This is improved over time as APIs and, you know, deployment guides and other types of things exist, you know, with vendors as well as, you know, other solution providers that are used to working with these tools, and also just familiarity from a customer base standpoint, cost and licensing doesn't unfortunately go away because again, you are negotiating with different multiple vendors, but again, you're getting that kind of depth and capability.
So wanted to talk about that. Specifically, you get a lot deeper and happy to share, you know, any of this other attributes and kind of, compare and contrast between the two platforms. And this is kind of really, in my opinion, where the evaluation process, most comes in. I know you wanted to speak maybe a little bit, you know, two evaluation processes that you've gone through, you know, when evaluating individual vendors, kind of you know, in addition to this holistic approach, I'll let you kind of add some examples there.
Yeah. I think, so when we're looking at our vendor solutions, it's easy for it. Like you've said, we've got a best of breed. We go to the the thing that is a top of the Gartner chart. And some of those things are great to look at. But when you have to evaluate your vendors, you need to evaluate it against your needs.
It's not industry specific. It's your organization's need. It's your maturity levels. It's your capabilities. And it's at the end of the day, your business needs. So when you look at these different platforms, you want to come up with ways that you can evaluate a non-biased methodology, if you will, looking at all the components. It's not just, well, is it going to do one of these three things for us, it's how is it, how easy is it to integrate, how complex is it going to be for me to transition from my current technology to this technology?
What are those different roadblocks I have to face? Does it does it actually address all of the risk management components that I need to answer to that my organization cares about? There's all these different slew of things that we have to consider from a non bi standpoint and say, this is how we evaluate what's important to us. And we've we've weight that against what those capabilities are.
And you look at what those capabilities are and you determine what's important to my organization. And how well does that tool perform against my needs. And at the end of the day, you're going to see a completely different picture half the time, and you compare that with 3 to 5 different vendor solutions, and you're going to see it's going to be eye opening, because it's going to show you a whole different aspect of things you didn't consider before.
And thank you. All right. So let's talk about this in a little bit more tactical detail. So how do you build you know, a platform cybersecurity platform. Some people may be familiar with this. Gartner has this concept of, cybersecurity mesh architecture, again, loosely coupled together, you know, vendors with best in class capabilities or, again, a single vendor platform building those capabilities, you know, into their control plane.
But you need to be holistic. So we need to take in consideration identity. We need to take in consideration, endpoint. We need to take in consideration data. We need to take in consideration, networking, cloud apps and cloud infrastructure. Everything either needs to exist already in some type of centralized, analytics repository or needs to use a modern data analytics repository, because all of that telemetry from the respective areas is important.
But on their own. In siloed, they're not as effective as if that can be looked at, holistically and in aggregate. That's also where other outside services like, threat intelligence and outside telemetry to what's going on in your organization can also make sure that you're finding very specific threat that that exists in your environment.
And you've already spoke to a lot easier to report and provide compliance and attestation. But lastly, when these things are holistically viewed, you can start driving automated outcomes. This is really where the AI element comes in. Security orchestration, automated, automation responding to, detected threats using, the technology to build better threat detection capabilities.
All of this is aligned to what these modern architectures should consist of. So unified management console, at the end of the day, rather than having a bunch of disparate control planes, different user identities logging into that, the idea is some type of centralized approach here where you can have different stakeholders with different levels of rights, different levels of visibility.
This is what organizations need to get to and again, it doesn't need to be single vendor. This might be something that's more of an orchestrator, an aggregator. At the end of the day, there's a lot of interest of where the cyber asset and attack surface management vendors are going because they plug into all of these tools.
From a reporting and visibility standpoint, that's only because API they're not taking advantage of APIs to actually start doing control, activities. If you really start thinking about where that might go in the in the future. And again, having something plugged in to all of your tools also provides, centralized reporting and visibility that again, not everybody has because reports out of this tool aren't great.
We pull different reports out of this tool. You know, it's very difficult for cyber leaders and IT leaders to get a true understanding of the current state, of your, your cyber, digital estate. I mentioned this one, and this is probably one of the biggest things. And you guys will see out in the expo. Security is a data analytics problem.
I don't know if anybody has ever brought it up in that approach for you. If you truly think about it and your businesses are all redefining what data and data analytics means to them today, you know, your sales data, you know, if you're manufacturing all your manufacturing data, how that could be crunched to make better business decisions, more efficient, operations or, you know, better pricing, all those kind of things.
The exact same thing is true for cyber. Your input sources are all of your pieces of telemetry. It's what you have on your endpoints, what you have on your network, and streaming all of that data, which historically went into a very legacy data platform called a SIM. It was just somewhere that stored logs. And then somebody decided, hey, why don't we run some compute on that data coming in or after the fact?
And that's how we're going to detect threats. Fast forward to the pace and speed that telemetry. You know, now, you know, you think about your large fleets of end users, everything you're doing, how much data that you're collecting than you were even 5 or 10 years ago. It's also needed to use a modern platform that can keep up with that.
So, you know, not that we're all data scientists here, but there are new and more modern platforms that ingest data in real time, can process, and make intelligent decisions in real time. That's why you see companies like snowflake and these modern data lake vendors, you know, getting crazy evaluations, and, and significant growth in the stock market.
Because this is where inevitably everything will be going. But because of that, this allows you to drive a whole bunch of new capabilities. You know, today you can have the AI crawl that more modern data, whereas before you had to rehydrate data, move data around just to do some intelligent process to it. One of the attributes of these modern data lakes is you can run a computational layer, on top of them, either that you bring or a vendor brings, to the party.
A lot of these more modern solutions in endpoint, in networking, in identity, have these data lakes already built into them, but again, aligned to their respective silos. If you're able to, you know, potentially merge all of that together or use some other type of aggregate data lake, again, you can holistically, do analysis, threat detection and investigation automation all across that platform, and again provides, you know, a much better breadcrumb trail at the end of the day, because of the ability to use more advanced computation.
We've already kind of spoke to this, but it really does help drive entirely new ways of analyzing the data. Some of you may have started playing around with Copilot or other AI type assistants built into individual products, and that's great. Again, you're bringing this additional capability on top of these data lakes, on top of these modern platforms.
Think about doing that in a holistic way as well, across that entire digital estate, across all the telemetry, for the organization. So there is some modern next gen sims that support these models, but are still working on, specific integrations across the large amount of vendors that you may have, but are already purpose built to work with their solutions and their preferred ecosystem, partnerships, you know, for driving, you know, that kind of, capability.
So, again, one of the biggest things we'd like to convey is just because you have certain tools and you are a certain way today maybe doesn't mean that's how it should continue to be in the future. As you more modernize in this streamlined, platform based approach, maybe some of those legacy solutions don't make the cut. You know, into the new platform kind of thing, your old platform versus new, endpoint.
This is probably, you know, the most commoditized area because every organization has endpoints. It's the primary attack surface for an organization. It's also where there's the least amount of vendors and options that exist. There's only a handful of management, solutions in the space enterprise class solutions to mid-market, solutions. And that's super important because properly managing, this infrastructure, making sure it's hard and making sure it's resilient from vulnerability, things like that are important pieces.
But also what is going on that endpoint and how that information could be shared with other detection and response, other silos of technology. This is what's different. So just protecting the endpoint and moving on to the next thing isn't good enough is how is that endpoint and how are the vendors. And I'm using to manage the endpoint and secure the endpoint.
Are they sharing telemetry with my identity solution or are they sharing telemetry and signals with my network solutions? Because if we're trying to align to larger initiatives like Zero Trust, that additional context is super important for automated outcomes at the end of the day. So again, picking a very specific set of vendors that are intended to work with each other rather than, oh, I really like how this endpoint solution worked.
And you know, my network guys over there making their own decisions, like it doesn't matter if we check if they actually can even talk to each other, that that's what we're talking about. If you're, adopting a platform based strategy, we're talking about a holistic architecture here that spans multiple silos, starting with the endpoint and working across the entire, threat, and, digital estate, network security, again, probably one of the areas that has been least innovated in a lot of organizations.
This becomes, a critical part of the platform. You also saw there's quite a bit of these platform, vendors coming from a network security space, but more recently leaning in on the endpoint and identity space or even cloud infrastructure space. Networking is typically your last line of control in a managed environment. There's unique challenges with be wired and remote.
Work. Some of these vendors have adopted that, those additional use cases better than some. And again, anybody, wherever they may be, work are going through these centralized platforms. So there is centralized telemetry which then can be actioned upon. And again this more centralized platform based approach. That's something that again, network teams that are primarily focused on speeds and feeds and availability aren't always taken consideration.
What do you mean I need to worry about network security and also availability. You know, we're really seeing a massive convergence going on of those two, areas, in the networking space. Cloud security, both from a cloud app and a cloud infrastructure standpoint as well as modern application development, because most organizations that are going through modern application development are intending those workloads to be cloud hosted, because, again, you're building for containers and other platforms, using serverless, techniques.
These are public cloud constructs, for the most part. So again, this isn't something separate to, Susan's point before, decision made in just this particular area. First of all, we see a lot of organizations still not having controls in this space. Looking at their first set of tooling. But to her point, how is this going to truly be a hybrid approach?
How is that telemetry shared with what we're already doing on premises? And again, how can a drive that kind of centralized, an integrated approach for response, or detection and response, and then most importantly, at the end and we're seeing a lot of, innovation in the identity space, specifically identity is no longer just username and password, SSL and MFA, it's a big part of a zero trust architecture.
It's a big part of just automation in general, because most of your cyber incidents wouldn't be successful if there wasn't a compromise of identity. So this is one of the most important places to focus on the right tooling, how that information could be shared, you know, across your, your cyber, platform, as well as how it can be actioned on to stop a threat actor abusing an identity, you know, midstream, in their attack chain.
So lots of value there. I know we're coming up on time here. Some 1 or 2 more slides, talk about it. Threat Intel, same type of thing. We know what threat and adversaries are doing. You know, there's lots of organizations that are out there, you know, responding to that, recording those tactics and techniques. What I still haven't yet seen is a lot of organizations that are specifically using that real world data and applying it to their situation and helping them understand threat and also test their controls of the most common threat tactics that potentially their organization is going to be exposed to.
These modern platforms have the ability to run these scenarios, live in production environments from endpoints into the data repositories. Based off of, you know, the telemetry and previous logging, running the computational processes, to, you know, potentially simulate these activities and see how things would respond to it. This is an integral part of a new and modern platform.
Some vendors build it in. There's also opportunities of bringing in other agencies, threat telemetry, be it from government organizations or other Ice acts and things like that. But again, it's all part of kind of this holistic view, because again, that that information at Threat Intel isn't just intended for endpoints, it's not just intended for identity, it's intended to help you understand the entire attack chain.
That a threat actor, is executing. And then lastly, and I talked about it, you need to be moving at machine speed. So organizations that aren't already taking advantage of integrated response capabilities within their platforms are going to start adopting that, because it's going to be the only way to respond to threat in an effective way.
Historically separate, disjointed source solutions that needed to be plugged into a large set of, again, sprawl, separate tools, took a lot of work, had a lot of costs associated with it, and were very, very complex to maintain on an ongoing basis. Because of changes and also some siloing, we've started to see manufacturers potentially, rather than continue to be openly integrate, able to potentially close off their ecosystems as they build their own platforms and their own capabilities for security.
RPA orchestration and automation. So, you know, really incredible and important point of having some type of automated response strategy. And that should be central to what your platform is capable of doing across the entire digital estate. And then, yeah, we need to show our homework. It's a lot easier if something is all in one platform to potentially generate compliances, attestations, things like that.
Again, you know, we have separate GRC teams, but we can make it a lot easier for them to do evidence collection, by using modern platforms that hopefully, in a lot of cases, can maybe pull that data via API rather than having to generate reports. So last slide, what's the right approach for you Sarah. Just a couple quick points on there.
So drivers of platform adoption. Some of the simplest takeaways from this is simplicity scalability and making sure security works for the business. The business doesn't need to yield to security. Security has to work for the business. So make sure you keep that in mind as you're evaluating your platform options, is that you want to make sure that it actually aligns to your business needs.
And the other component of that is your vendor evaluation. Vendor evaluations should be taken very seriously. Because look at when you look at this from a AI perspective, everybody's using AI. Now. All the vendors are using it. But how are they using it? Where are they getting their data from? Is it data? Good data. Can we validate that data.
You want to make sure that the integrity is there, the authenticity is there. But also you want to challenge them and make sure that what they are doing also aligns to your business needs. It's not your job to conform to the way that their system is structured. It's their job to align to your business needs. So as you evaluate these options, just keep that in mind.
Thank you. Thank you for your time. I know we're up. I don't think we're getting pushed into, but there are some questions and stuff we'll be around or happy to throw them in front of the audience here. I know it's there's opinions here. Hopefully just, you know, it's meant to be thought provoking. At the end of the day, you know, we have to start working in kind of more holistically.
That's not always, an option, not always possible, but better outcomes can be driven if we do. So thank you all for your time.
Thank you.
