ETR Insights presents an interview with the Vice President of IT and CISO for a business services organization, which is moving back to a physical data center from the public cloud based on cost and security concerns. While this organization is frustrated by Microsoft’s add-on security services, has had mixed experiences with Palo Alto and Zscaler, and remains wary of Cisco following their Firepower firewall issues, Cloudflare solutions are being increasingly adopted at scale. Additionally, read on to hear a first-hand perspective on Zscaler's limited protocol support, why this company chose Qualys over Tenable and Rapid7, and why Datadog is so successful at “sneaking in” new services.
Information Security Platform Plays - Cloudflare, Microsoft, Palo Alto, Zscaler & more
Web Application Firewalls (WAF). Our guest praises Cloudflare, which they already use for web application firewalls and are moving towards for their zero-trust solutions. Cloudflare’s WAF includes DDoS and bot protection, and the company offers different service levels, making it easy to add extra features when needed. This executive sees them as a Palo Alto-in-the-making, and ETR would note that the company’s prowess in networking, security, and its foray into cloud computing, could eventually make them even more impactful across the enterprise. “These days, I think they’re even more of a full-fledged cybersecurity company, looking at what they’re dipping their toes into.” Cloudflare has acquired Area 1 Email Security, which our guest is exploring as an additional layer of defense for their current email security provider.
Palo Alto Zero Trust is Powerful but Expensive. Our guest appreciates Palo Alto’s Prisma and was an early adopter of the Zero Trust service. “With cloud-managed firewall endpoints, I don’t have to think about giving us a single pane of glass to effectively put my network boundary wherever my laptops go.” That said, they are frustrated by the vendor’s deteriorating support quality and increasing costs over the years, continuously productizing their support, making it harder for smaller customers to access. “Palo is a victim of their own success. Their support, in particular across their line, has deteriorated year-over-year, especially on their core product, the next-gen firewall solution. It’s very frustrating to me, for the amount of money that we pay, for Palo to continuously productize their support levels. Premium used to be the one to get, and now they added Platinum level support. You’ve got to be one of the big multimillion-dollar customers just to afford their support. It is very hard to continue to love their product and continue to invest in it, with the support being as poor as what it is.”
Meanwhile, our guest feels that Cloudflare's zero trust service provides enough functionality to consider switching. “As we look forward, I’m paying those Prisma Access renewals. I’m looking at what Cloudflare is doing, especially with zero trust, and they start to look a lot more affordable. I get everything that Palo offers, but I’m not using 100% of it anyway. If I can get close enough to cut my costs in half, we’ll certainly move to it and deal with that migration, or we’ll move privileged users over to it. We will do something because the costs [for Cloudflare] are so much less. It’s a no-brainer. We’re working through it, but the problem is that we’ve integrated Prisma Access very tightly across the organization, so it’s going to be hard to unearth it. Vendor lock-in it’s the tale old as time. Once they crawl in, it’s hard to get them out.”
ETR Data: According to ETR’s proprietary shared accounts analysis, customers that are spending flat or positively on Cloudflare have sequentially decreased spending on Palo Alto, indicating that Cloudflare may be stealing wallet share over time. As citation overlap has grown, Palo Alto’s shared Net Score has declined sharply from historical levels above 50% to 33% currently. Please note that this graph is derived from preliminary OCT23 TSIS survey data, which is currently live in the field (N=1200+) and will be concluded on October 5th.
Cisco. While the company uses Cisco for networking and their Umbrella product, our guest remains cautious due to the vulnerabilities exposed with the company’s firewall product, Firepower. As an organization, they haven’t been particularly interested in SecureX, which is Cisco's offering that is most closely aligned with Palo Alto’s Prisma, mainly because Cloudflare is making it so easy to expand its current platform. Cloud-native companies like Cloudflare and Datadog offer self-serve models that allow users to start working quickly, as opposed to traditional companies like Cisco, which often require multiple calls and interactions with reps and system integrators just to get an estimate. That said, “It’s very easy to run up that self-serve [cloud] bill if you’re not paying attention to what you’re doing.”
Zscaler. This director has some concerns about Zscaler’s capabilities; while their Web content filtering is stronger, their protocol support is limited, and this organization already passed on using them once based on Zscaler’s limited SSL inspection. “If I’m a malicious actor and I want to get something out, I might wrap that in UPD 53, send it out DNS, or what looks like a DNS call. And if I’m on Zscaler, Zscaler is not going to see that.” However, this CISO did note improvements in Zscaler’s offerings since his organization’s last appraisal.
Microsoft in Security. Lastly, our guest criticizes Microsoft's decision to offer many of its best security features only as “add-ons.” “I still believe that around email security, you want to be part of the herd. Microsoft is a good place to be, but there are other good vendors that do very well on detection – like Proofpoint and Mimecast – where their whole business is detecting malicious email.”
Additional Information Security Commentary – Observability + Vulnerability Management
Observability – “Sneaky” Datadog Add-ons are Expensive but Worth the Price. “We looked at Splunk hard. The problem with Splunk is that the managed security providers that will sit on top of Splunk are expensive and pass through that Splunk cost. So, we ended up going with one that sits on top of Elastic, and it’s been fantastic.” Additionally, our guest adopted Datadog for monitoring, initially to replace SolarWinds, but has found themselves increasingly opting into additional services due to Datadog's quality. This organization doesn't have a large group of developers to build in-house tools, and Datadog's offerings met their needs without having to augment or backfill, though one must be cautious of their more expensive configurations: “Datadog has been very sneaky as far as what they can give us, and we keep finding ourselves opting into more and more services and more and more observability features because it’s so good. Then the problem becomes, do we need this full stack of observability across our development, our stage, and our test platforms, or do we just need it on staging and production? That’s harder to figure out at times.”
Vulnerability Management – Qualys, Tenable + Rapid7. This director has already replaced Tenable with Qualys, primarily because of Qualys's all-in-one agent that enables users to tailor services to their needs. Our guest feels Tenable doesn't offer as broad a range of services compared to Qualys. “[With Qualys] you can get patching, FIM, your VMDR stuff, whereas with Tenable – and especially Rapid7 – they don’t quite have that portfolio. It’s not to say one is better than the other, it’s just one throat to choke versus having stuff spread out across multiple vendors.” They praise Qualys's file integrity monitoring, though it can get expensive.
SentinelOne for XDR, but no Threat to Qualys. For XDR, this director chose SentinelOne based on the vendor’s managed detection response, which eliminated the need for a SOC to manage tier-one alerts. Although they are satisfied with SentinelOne, they remain skeptical about the platform's ability to replace Qualys, particularly for scanning and automated patching. For context, multiple ETR community members have mentioned XDR vendors beginning to market vulnerability management services to their existing clients, but to date, the feedback is that there is no appetite to replace the critical security hygiene of scanning and patching.
If you like candid vendor evaluation and commentary from the industry's top IT executives, then you HAVE to check out the ETR Insights library with hundreds of interviews just like this one, covering all aspects of enterprise technology trends and solutions. Gain access with a free trial right now.
Enterprise Technology Research (ETR) is a technology market research firm that leverages proprietary data from our targeted IT decision maker (ITDM) community to provide actionable insights about spending intentions and industry trends. Since 2010, we have worked diligently at achieving one goal: eliminating the need for opinions in enterprise research, which are often formed from incomplete, biased, and statistically insignificant data. Our community of ITDMs represents $1+ trillion in annual IT spend and is positioned to provide best-in-class customer/evaluator perspectives. ETR’s proprietary data and insights from this community empower institutional investors, technology companies, and ITDMs to navigate the complex enterprise technology landscape amid an expanding marketplace. Discover what ETR can do for you at www.etr.ai