Since the 1950s, the Cavendish banana has dominated the world market. Its thick skin makes it easy and stable to transport, and its flavor and seedlessness give it broad appeal. But the Cavendish banana’s lack of seeds is fast becoming its downfall. Without seeds, the Cavendish banana cannot reproduce naturally. It must be cloned. This lack of genetic diversity in the world banana crop has resulted in a monoculture that leaves the Cavendish incredibly vulnerable to disease. Indeed, banana plantations are rapidly succumbing to a fungus known as Tropical Race 4 – a new strain of the Fusarium fungus that wiped out the Gros Michel, the banana that dominated the world before 1950.
While the woes of the Cavendish and the Gros Michel before it bear obvious lessons for global agriculture, they also carrying a warning for the cybersecurity industry: lack of diversity can make everyone more vulnerable to threats.
An industry ripe for consolidation?
Ask any analyst, reporter, or financial observer, and they’ll tell you that the security market is ripe for consolidation. For years, security vendors have proliferated, buoyed by high valuations and ever-expanding enterprise security budgets. While this rush to innovate has resulted in better and more sophisticated threat defenses, it has also created a complex web of tools which already overworked, overwhelmed, and understaffed security teams must manage.
This tool sprawl is one reason that so many in and around the security industry believe that an era of consolidation is coming. According to ESG Research, 66 percent of businesses are actively working to consolidate their security portfolio.
But it’s not the only indicator. A recent spate of acquisitions have amplified the M&A hype. Splunk acquired Phantom, BlackBerry acquired Cylance, Cisco acquired Duo and more recently, Verizon and Comcast made forays into the market with the purchase of ProtectWise and BluVector, respectively.
An Appealing Proposition
For many in the security industry consolidation holds a lot of appeal, and they cite the cloud industry as a perfect example of what consolidation can offer.
A decade ago, cloud was the newest, hottest market. Definitions were loose and valuations were high. But as the market has consolidated, it has stabilized around three major players — AWS, Azure, and Google Cloud Platform (GCP) — each of which has its own constellation of associated vendors. It has created continuity and consistency, and made it easier for organizations to plan an intelligent migration strategy.
So the thinking goes: consolidation worked in the cloud, why not in security? After all, security vendors today claim they do just about everything. Why not leverage a security platform that encompasses everything, offering a one-stop-shop, silver-bullet solution for enterprise security?
Why Not? Because that’s bananas
Let’s go back to the Cavendish for a moment here. Monoculture might have made it incredibly easy and cheap to grow billions of bananas to feed global demand, but it also proved to be the banana’s Achilles heel. Rather than having to adapt itself to a variety of banana genes, the Tropical Race 4 fungus only had to figure out one.
Now apply that logic to cybersecurity. If every organization uses an identical or nearly identical set of security tools, breaking into one means breaking into them all. And once threat actors figure out how to break in once, they’ll have the keys to every organization. Just like Tropical Race 4 is burning through the Cavendish banana population, a single cyber threat could take down a vast number of organizations.
In the case of cybersecurity, heterogeneity of defense systems is itself a defense.
Have your bananas and eat them too
At this point, you might be starting to think this is a zero-sum game. Either suffer an endless proliferation of security tools, or adopt a homogenous security framework that potentially exposes the organization to greater risk. The good news is that, with some organizational collaboration, you can have your bananas and eat them too.
For security teams, collaborating with other parts of the IT organization can actually improve security posture and reduce tool sprawl. Increasingly, we’re seeing customers take a cross-functional approach to tool consolidation, looking at how various IT operations tools can be leveraged by security, and how security tools can be used by IT operations. In this case, consolidation can mean reducing the number of tools used across the entire organization, rather than relying on the security industry to merge into a one-size-fits-all solution.
This collaborative approach also creates opportunity to leverage other parts of the organization to improve security posture through smarter processes and practices. While DevOps and IT Ops may never be threat hunters, their domain expertise may well provide insight and understanding that can improve overall security operations.
Some Final Food for Thought
Consolidation is positioned as the inevitable route in security — but it doesn’t mean it’s the right route. In security in particular, diversity and innovation are themselves some of the strongest defenses we have. We should continue to foster and encourage the upcoming generation of healthy cyber start-ups, and look for cross-functional ways to integrate next-generation technologies.
There are too many strong vendors. There’s too much market need. And there’s too much progress to be made. We need more bright, forward-looking minds working to solve today’s cybersecurity challenges – not fewer. Just ask the bananas.
Jeff Costlow, Deputy CISO, ExtraHop
