Attacks

The Downsides of Platformization Show the Need for an Open SecOps Platform

Table of Contents

Platformization refers to the strategic shift towards creating unified ecosystems that integrate various services and functionalities into a single, cohesive platform. The initial appeal of platformization lies in its promise of convenience, streamlined services, and integrated solutions. Now more than ever, we see vendors consolidating their products and coming together in a way that gives customers the illusion that they are getting a more seamless and efficient user experience. 

However, consolidation can lead to over-reliance on a single provider, potentially creating single points of failure and reducing flexibility. The dominance of a few platform providers might ultimately limit choices and the consolidation of these solutions ends up becoming more like patchwork instead of real solutions to problems organizations are facing.

The Movement Towards Platformization

It seems every week there is a new announcement of an acquisition by a big-name vendor. In recent months there have been many examples of consolidation with large vendors including Cisco/Splunk, Exabeam/LogRhythm, and most recently Palo Alto/QRadar.

In the example of Palo Alto and QRadar, the acquisition aims to strengthen Palo Alto’s market position while posing uncertainties for current QRadar users. This leads to major challenges for organizations that are forced to operate cybersecurity such as: 

  • Forced Adoption of a New Tool: The lack of long-term support for QRadar SaaS suggests that customers will be forced to adopt Cortex XSIAM or seek alternative vendors once contractual obligations end, creating uncertainty and potential instability in their security operations.
  • Loss of Innovation: IBM has struggled to innovate QRadar in recent years, which leads to concerns about the long-term viability and competitiveness of the technology under Palo Alto’s management.
  • Integration Challenges: Merging different technologies and transitioning customers will inevitably lead to integration issues going directly against the “Stronger Together” concept we embraced just a year ago at RSAC. With the vast differences between IBM’s legacy systems and Palo Alto Networks’ newer offerings, there is no doubt, open platforms will be disregarded in pursuit of the platform-first approach. Platformization creates silos around dominant vendors, undermining the collaborative spirit of the industry. This trend risks pricing small and medium-sized businesses out of the best cybersecurity technology. The true strength of cybersecurity lies in open, interoperable platforms that foster collaboration and innovation. If platformization jeopardizes this cooperative approach, we must prioritize maintaining an open and inclusive ecosystem.
  • Losing Focus: The acquisition highlights ongoing consolidation we are seeing in the SIEM/XDR market, potentially reducing competition and innovation as a few large players dominate. In the long term, this takes away from the core purpose and original functionality of these solutions.

Platform or Patchwork?

As we continue to see big-name vendors acquire new technology, it raises the question of whether this is truly a platform of innovative technologies coming together or if it’s simply a business transaction that results in a patchwork solution. In most cases, it is the latter.

Instead of seeing continuous innovation and improvement in the acquired products, customers often face integration into a larger suite where the original product’s development may stagnate. This patchwork approach disrupts the continuity and reliability of SecOps teams, forcing them to adapt to new, often imperfectly integrated systems. 

The focus shifts from addressing critical security needs to managing the complexities and inconsistencies of merged platforms. This derails SecOps teams as they spend more time navigating transitional challenges and less on proactive threat detection and response. The result is a diluted and less effective cybersecurity posture, where the true potential of the tools at hand is never fully realized, compromising overall effectiveness.

The Challenge for Cybersecurity Operators

Ultimately, takeovers by big-name vendors create instability for SecOps teams and their ability to effectively protect what’s most valuable. There is no doubt that cybersecurity must be operated, threats are evolving and technology must follow. These acquisitions will derail cybersecurity teams with the focus shifting from cybersecurity operations to a product migration that will require much of their time. 

Transitioning from one solution to another as part of a strategic acquisition is a major challenge that requires time and resources. Cybersecurity teams need to be ready to handle transitioning to new tools, re-training staff, and being ok with limited or different functionality than what they need. 

This should prompt SecOps teams to think ahead proactively and ask the following questions:

  • Is this solution, in its new form, going to address my unique security challenges?
  • Will this product become roped into a mono-vendor platform that ends up limiting my integration capabilities with other technologies?
  • Do I have the time and resources to dedicate to a migration project?
  • Will the migration project be worth it in the long term?
  • Is the product going to continue to evolve and adapt to threats we are seeing?
  • Is pricing going to increase significantly over time? How can we be sure?

Lumu Was Built for Cybersecurity Operations from Day One

Lumu was built with a clear purpose—to help organizations run their cybersecurity operations effectively. Unlike the trend of platformization, Lumu offers a focused, integrated approach that meets organizations where they are and gives them the visibility they need 24/7. 

Our solution seamlessly fits into existing security stacks with hundreds of integrations to take real-time actions so SecOps teams can focus on other tasks. Our product team is dedicated to providing continuous innovation with a focused approach that enables organizations to know if they’re being targeted by threat actors or not. Through visibility and integrability, Lumu adjusts to each organization’s unique needs, providing real-time responses to threats. 

Lumu is the open SecOps platform, helping customers build the platform they need, on their terms, and within their budget—unlike rigid, vendor-driven platforms. Platformization is really just a way for larger organizations to expand market reach without delivering real value or technological improvement. With Lumu, you’re not just buying a product; you’re investing in a partner committed to your unique cybersecurity needs.

Recent Posts

  • Blog

Lumu & the MSP Community: 2024 in Review

Reading Time: 4 minsLumu has worked hand-in-hand with MSPs throughout a year that consolidated the…

2 weeks ago
  • Blog

Reflecting on 2024: Lumu’s Innovations in SecOps

Reading Time: 5 minsLumu’s 2024 SecOps advancements focus on automation and smarter threat detection, with…

2 weeks ago
  • Attacks

Lumu’s Detection & Response to a Real-World DNS Tunneling Attack

Reading Time: 7 minsThis is the story of a serious DNS tunneling attack on a…

3 weeks ago
  • Events

Cybersecurity Insights for MSPs: Lessons from IT Nation Connect 2024

Reading Time: 4 minsDiscover the top insights from Lumu’s pre-conference workshop at IT Nation Connect,…

1 month ago
  • Stories

Cybersecurity Trends 2025 and Beyond: Navigating AI-Driven Evasion Techniques and Autonomous Threats for Resilient Defense

Reading Time: 2 minsAs we move into 2025, AI-driven evasion and autonomous threats will redefine…

1 month ago
  • Trends

CISA Reveals How 12 Ransomware Gangs are Bypassing EDRs

Reading Time: 7 minsEndpoint Detection and Response (EDR) has a critical role in most companies’…

2 months ago