In a recent Interview, ETR Insights hosted the Global Head of Application Security for a large retail/consumer enterprise. Our guest attributes his organization's increasing spend to the current enterprise landscape that is riddled with security breaches and driving a reactionary focus on environmental health and security. Further, he discussed how innovations in technology are having “a tremendous impact, forcing [us] to think from the left where the code is being built, to the tools that use the code, and to patch accordingly, all the way down to the application itself.” Read the highlights from our conversation which covered a wide range of topics including Vulnerability Management, Secure Web Gateway, Observability, and Endpoint Management, with vendor commentary on Tanium, Tenable, Qualys, Rapid7, SentinelOne, CrowdStrike, Splunk, Palo Alto, and more.
Covering Your Assets – Innovation in Vulnerability Management
Our guest discussed evolution in vulnerability management driven by the breaches affecting the industry at large. Datacenter players, like Qualys, Tenable, and Rapid7, increasingly face pressure from cloud-and-container-native alternatives. As scanning shifts to the network edge, he stressed taking a “holistic view” of an environment to “remain current and know what assets you have in the first place.” Easier said than done, he says that achieving that desired level of awareness is still “a significant problem as it exists today.”
As technology evolves from “from monolith applications to microservices,” the definition of assets has also expanded (e.g., “websites but also the APIs within those”). With more moving parts to monitor, he is moving from “standard” scans of operating systems and ports to a system that functions as “little chunks of code talking with each other,” shifting the paradigm from the “physical” application to the components that are within them. He expects further innovation, stating that: “most players you see today touting themselves as vulnerability management, it's actually much bigger than that.”
To explain this, he cited, Secunia, a company in this space that was acquired by Flexera in 2015. He says Secunia was “acquired and stagnated” before it had the chance to fully mature. However, he thinks the fundamentals of their technology were on track, serving as a sort of precursor for today’s solutions, in the way that it scanned code against all applications in an environment (including homegrown tools). ”Did it look at everything? Probably not, but it had a very good concept in mind.” He explained how this is a divergence from Qualys or Tenable and believes that others “will follow a similar approach.”
The Need for Best of Breed – “Cloud is at the Core”
As workloads increasingly shift to the cloud, our guest selected Aqua as a secure web gateway provider despite being a self-proclaimed “big Palo shop.” Explaining why he did not adopt Prisma instead, he said that Palo Alto plays a critical role in his large enterprise but that he is “trying to be selective” when it comes to adopting newer, cloud-based technologies.
He admits that Palo Alto has offered strong products historically (like their firewall) but expressed concern at their rate of expansion in recent years. ”At a point in time they were really good, and then they started acquiring and acquiring. Once you start acquiring, I wonder where the focus is. Some are very good, but others are catching up.” In today’s landscape “you've got to take the best-of-breed” to ensure that the enterprise is secure. He adds further: “ideally, you want to go with public cloud providers like Microsoft, Google, AWS, or Alibaba” because “cloud is at the core” of their offerings. To keep pace with rapid change, our guest says it's particularly important to put a little faith in vendor partners to help navigate and adapt to trends.
Seeking Nimble Startups – “Everything is Code
Remarking on the ongoing technological evolutions, our guest stated how “today, everything is code.” Where you used to “build servers, now you just write a script with Terraform (HashiCorp), and the servers come up and then disappear.” As his organization dips their toes in microservices, he is looking at more startups, where many viable players “are coming up with ideas that are really ahead of the game.” Still, choosing a less established vendor comes with risk. “You just hope they're stable enough, and sometimes you give them a try.” If nothing else, he says it’s important to be at least aware of the emerging vendor landscape to get an idea of where the market could be headed and to see what other people are doing.
This market research becomes even more prudent as existing players, too, expand their portfolios. For example, he described many (formerly) pure play vendors riding the wave as “the big word ‘zero trust’ came into play,” realizing they ”already had certain things in place” and could fill other gaps while encouraging existing customers to consolidate spend. In another example, he spoke on Splunk and the state of monitoring and logging: “Any company that doesn't adapt to the environment in terms of monitoring – at speed now – will eventually get obsolete. You had the big guns before Splunk, logging and SIEMs and all that, but you hardly hear of them anymore.”
He says this is “not to throw Splunk behind” but instead to illustrate how there’s often “a Splunk-like vendor with a big stranglehold” across subsectors. Organizations must continue to support the diverse requirements of IT infrastructures that hang somewhere in the mix between the cloud and on-premises. As a large, global organization, our guest says that spending will continue with these traditional vendors in tandem with the adoption of newer technology.
Bringing it back to startups, he mentioned oak9 as an up-and-coming vendor in infrastructure-as-code (“not there yet, but it can track a lot of things”), as well as with Cider Security as another contender in the space, but he was quick to add that “there are many more” innovative vendors, beyond these two, that provide an opportunity to “look at the old guard” and approach solutions from a new perspective.
All Good Things Must Come to an End(point) – Next-Gen AV and XDR
Supporting a recurring theme with recent guests, this Director of Application Security also discussed the wide-ranging industry refresh cycle disrupting traditional AV and endpoint management. He names CrowdStrike and SentinelOne as two disruptors that approach the space with fundamentally similar solutions, competing against and improving with each other. Of the two, he sees “an advantage” in SentinelOne’s ability to analyze critical behaviors and gather intelligence at the endpoint agent rather than “analyzing at the top” like CrowdStrike.
He cited Tanium as another player in the space, albeit with “a different spin” to its architecture. He called it “mainly a communication engine” that functions by running command lines on endpoints via virtually connected machines. While SentinelOne and CrowdStrike can essentially do the same thing, he said that “Tanium has a huge advantage because they sold themselves as we do ALL of these things.”
Tanium is “best of breed” in his eyes because of the underlying technology that allows users to install and run functions that search and detect specified parameters across all apps in an environment. He says that such implementations of CrowdStrike or SentinelOne are technically possible but would require a more extensive implementation with modifications, compared to out-of-the-box functionality with Tanium. Despite swimming in similar lanes, he asserted that Tanium is a “very different player.” In closing, he mentioned keeping an eye on Microsoft in this XDR space to “see where they will go,” adding that many of his peers “swear by them,” with viable products, like Defender, available on their Azure Sentinel platform.
Log in to ETR to access our Transcript Library of hundreds of exclusive IT executive interviews and panels like this one.
Not yet a member? That's ok, get started with your Free Trial today.