Partner POV | Is the Cybersecurity Industry Finally Ready to Step into the Platform Era?
In this article
Article written by John Maddison and provided by Fortinet
It seems the platform conversation is a hot topic right now. But really, it's nothing new. There has always been a debate across all industries about best-of-breed products versus platforms. When implementing a cybersecurity platform in your organization, it's important to think of "platform" as a journey. So, let's cut through all the noise and confusion and explore the different levels of the platform concept to help you determine what's right for you.
Step into the Platform Era
The great platform debate should start with a different question: Why do we still have point products? The answer lies in the dynamic nature of cybersecurity and infrastructure. Because the threat landscape constantly changes, the industry will always need to innovate new defenses, which means new point products. And as infrastructure continually evolves to meet the needs of dynamic operations, such as the hybrid workforce, operational technology connectivity, and continued application journeys across clouds, new point products will necessarily be invented to address new risks and opportunities.
The Shift to a Functional Platform
However, as certain point products become stable or commoditized over time, they can become components of a functional platform. It makes complete sense to combine multiple commonly used components into a single platform to simplify operations and integrate critical functions. But getting it right requires deep interoperability between these elements. At a minimum, that involves everything running on a common OS, which is a far cry from trying to bundle technologies designed to operate as standalone solutions. Without a common operational foundation, any interoperability will always be superficial.
This leads to another, far worse scenario that is much too common, and customers are starting to see right through it: In the rush to push a platform to market, larger companies acquire point products from other vendors. Rather than taking the time to fully integrate their functions and operations into a unified solution, they merely slap their name on it and add a "platform" label on the resulting bundle and abandon roadmap commitments.
Examples of a Functional Platform:
- Integrating firewall, sandboxing, and IPS into a next-generation firewall (NGFW)
- Integrating antivirus, detection, and response into an endpoint protection platform (EPP)
- Integrating proxy, antivirus, cloud access security broker (CASB), and data loss prevention (DLP) into security service edge (SSE)
- Integrating Wi-Fi, switching, firewall, and network access control (NAC) into secure connectivity
- Integrating antispam, antivirus, and anti-phishing into a secure email gateway (SEG)
The More Sophisticated the Platform, the More Compute Is Required
The challenge created when you add more networking and security applications to a platform is that it places an increased load on its off-the-shelf compute that hasn't been optimized for these applications. What's needed is a custom processor designed to run specialized security functions. A good analogy is a GPU that can run graphical rendering and AI large language models much faster than a general-purpose CPU. Likewise, a security processing unit (SPU) can run secure networking and cybersecurity functions many times faster than a general-purpose CPU.
Progressing to a Platform Suite
Once the issue of performance is addressed, the next step in platform development is to start integrating functional technologies. This is a big step for most organizations because they may replace best-of-breed functional solutions in exchange for an integrated platform suite. However, the operational savings can be substantial.
Examples of a Platform Suite:
- Integrating NGFW and cloud-native firewalls into hybrid mesh firewall (Fortinet HMF)
- Integrating EPP and next-generation SoC capabilities into extended detection and response (FortiXDR)
- Integrating SD-WAN and SSE into single-vendor Secure Access Service Edge (SASE)
- Integrating secure connectivity and SD-WAN/5G into SD-Branch
- Integrating SEG and cloud API security into an integrated cloud email security solution
Dual Sourcing: A Spoke in the Platform Wheel
Some larger enterprises, especially those with regulatory requirements, are now taking an additional approach to the platform suite. They are looking to dual-source functional platforms and even point products. This is driven by the need to reduce overhead and management through platform conversion while mitigating risk by adopting a layered platform approach.
Embark on Your Platform Journey
All companies would like to reduce operational costs while increasing the effectiveness of their security posture. A cybersecurity platform approach can achieve this by integrating point products, reducing overhead, and enabling native automation across multiple products. Some companies will opt to exclusively deploy functional platforms, while others will progress all the way to platform suites or even choose dual sourcing. The goal is to embark on the platform journey that's right for your needs and move away from exclusively using point products.
However, not all platforms are created equal, and not all vendors claiming "platform" can support you on your journey. Many vendor solutions, which they are now labeling as platforms, are actually composed of very distinct products with different operating systems, programming languages, data structures, APIs, and management consoles. Rather than providing a truly integrated system, they are simply disparate solutions bolted together into a superficial platform.
Fortinet was founded over two decades ago on the principle of converging networking and security. Today, our Security Fabric platform is composed of the most integrated, most open portfolio of products in the industry, backed by one operating system (FortiOS), one unified agent (FortiClient), one management console (FortiManager), one data lake (FortiAnalyzer), open APIs, and integration with over 500 third-party products—including those of our competitors. What's more, FortiOS can support over 30 different secure networking and cybersecurity applications, 14 of which are accelerated by our custom-made FortiASIC SPUs.
The best part for our customers: You can go all-in on the Fortinet Security Fabric platform or use its elements as a rock-solid foundation to start incorporating functional platforms or platform suites into your existing infrastructure.
As part of our commitment to platform, we're thrilled to be recognized in the five Gartner® Magic Quadrants™ listed below. The Fortinet products included in these Magic Quadrants all run on the FortiOS operating system as part of a platform:
- Network Firewall: A Leader
- SD-WAN: A Leader
- Enterprise Wired and Wireless Infrastructure: A Leader
- Single-Vendor SASE: A Challenger
- Security Service Edge: A Challenger
Look Under the Platform Hood
When speaking with vendors about a platform solution, it's vital to look under the hood. Is there truly one operating system, one management console, one analytics engine, one data lake, and uniform APIs underpinning the platform you are considering? Or will you simply be moving the complexity of your existing point product approach to a different form factor? Choose your vendors wisely as you step into the platform era. Your choice could have a significant impact on your overall security and operations.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
References and Disclaimers
GARTNER is a registered trademark and service mark, Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.
Magic Quadrant for Network Firewalls - Published 19 December 2022 - ID G00761497 – Rajpreet Kaur, Adam Hils, Thomas Lintemuth
Magic Quadrant for SD-WAN - Published 27 September 2023 – ID G00778908 – Jonathan Forest, Naresh Singh, Andrew Lerner, Karen Brown
Magic Quadrant for Enterprise Wired and Wireless LAN Infrastructure – Published 06 March 2024 – ID G00785075 – Tim Zimmerman, Christian Canales, Nauman Raja, Mike Leibovitz
Magic Quadrant for Single-Vendor SASE - Published 16 August 2023 - ID G00785023 – Andrew Lerner, Jonathan Forest, Neil MacDonald, Nat Smith, Charlie Winckless
To view the original article, please visit fortinet.com