We’ve seen the best-of-breed or single-vendor platform debate unfold for many years. On one hand, you have niche solutions providing a focused approach to cybersecurity. On the other, you have one platform that provides interoperability.
Most recently this debate has been focused on XDR. Despite being a new acronym and everyone’s new favorite buzzword, XDR is not an entirely new concept. As we discussed in this blog, the premise of XDR is essentially a layered security approach. The difference is that the interconnectedness of all your layers is much more seamless. The question for security practitioners is whether to construct an XDR from best-of-breed solutions (Open XDR) or go with a single-vendor XDR framework.
There are three basic promises that a single vendor approach promotes: complete security from a single vendor, simplified training, and cost savings. The utopia of a single platform, however, is far from reality, and the single platform promises are often broken.
Let’s look at the three ways single platform solutions fail to live up to their promises.
Single vendor solutions don’t offer complete security
As it turns out, the promise of a high level of security from a single vendor is pretty tricky to achieve. It’s a challenging feat because creating a layered security tool is very time-consuming and complicated. For a single vendor to provide multiple layers, the product needs to be wide and deep. It must be wide enough to secure everything from edge to core to cloud—endpoints, email, servers, networks, applications, etc. It also needs to be deep enough to provide security analytics, event correlation, threat detection, remediation, etc.
From a pure engineer standpoint, a single platform is a massive undertaking that most companies cannot execute at this point in time. As a result, the broad platform is typically not composed of leading-edge technologies, and they rely on the promise of integration of ho-hum products to create a compelling story for buyers. This does not, in the end, give the purchaser better security.
One way large vendors like Cisco, Mandiant, and Pale Alto try to enhance their offerings is by acquiring several smaller, more niche players to avoid engineering everything from scratch. These large vendors can only build their single platform solution through acquisitions. Even still, these vendors have gaps in their solutions, which negates the whole idea of a single platform. You may purchase a “single platform,” but it still requires you to have other vendors in your security stack.
Okay, you might say, you may have a few ancillary vendors, but you still get the benefit of having fewer programs overall to train your team to use. But do you?
Single vendor solutions don’t offer simplified training
Remember that part about large vendors acquiring companies to build their single platform? Well, they may now own the company and its products, but it still takes a lot of time to integrate the new solutions into one platform. More often than not, the UI for the acquired program stays the same but is reskinned with the new branding. Acquired solutions may take several years to integrate fully into a single platform.
As you can see, a multi-product platform with separate UIs doesn’t really simplify training, even if it all has the same company logo. It’s the same as having multiple tools from multiple vendors.
Let’s say that the tool does fully integrate, and you have a single UI for all the solutions you need. The big vendor may not have the resources or capacity to keep innovating on every single solution in their platform. So, you may see great results from the SIEM aspect of the platform, but detection tools are too noisy and cannot be customized. In this case, the training may be slightly more simplified, but the platform does not provide team efficiency overall.
Single-vendor solutions are not more cost-effective
As mentioned above, a single security solution must be very wide and deep to provide maximum protection. For that reason, single-vendor platforms are costly and resource-heavy to build and maintain. As such, they are constructed primarily for large enterprises with a considerable security budget.
For most, it is more cost-effective to build your security stack from best-of-bread technologies. This approach prevents you from paying for products you may not actually need—a byproduct of buying an all-in-one platform—and it also allows you to be more economical in your decision-making. The lump sum of a single vendor may be appealing because the cost is immediately known, but in the end, you are likely to end up saving by picking separate vendors for each security layer.
There may be a future where a large cybersecurity vendor has been able to acquire enough companies to create the width and depth necessary to provide a single, fully integrated security platform. By the time that happens, it may not even be called XDR anymore. But even at that point, do you want to trust one company to protect your business? A broad platform approach relies on a common set of vendors that provided threat research to feed these products. What if the underlying threat research is flawed or incomplete? What if the controls of that platform fail? A diverse set of products bring diverse research and perspectives to bear.
The layered approach is often better when it is also multi-vendor. The industry should not be driving at a single platform approach; instead, it should strive for better integrations, more intuitive UI, and better intelligence.
Cisco has been making moves to create its own single-vendor platform, SecureX. This platform is made up of a suite of products that can be purchased separately, for instance, the network security component of SecureX is Secure Network Analytics and Secure Cloud Analytics (fka Stealthwatch). Cisco’s Secure Network Analytics and Secure Cloud Analytics perfectly encapsulate the issues with a single vendor platform, as the individual products do not provide better security, simplified training, or cost savings. Learn more in our whitepaper on Plixer vs Cisco or visit this page that breaks down the differences between our products.