All security innovation comes from startups
By Martin Roesch
Back in person at RSA Conference earlier this month, I was reminded of a great addition introduced a few years ago to shine a spotlight on startups: the Early Stage Expo. Conference organizers refer to it as an “innovation space” and this year 35 companies were featured.
The Early Stage Expo underscores the fact that in the security industry, innovation comes from startups—with good reason. In startup life, the focus is on building products and innovating to the exclusion of all else, and if the product ends up being world-class, you’ll get acquired or go public. The people are passionate about technology and how it can change the world and they want to be a part of that change over and over again.
Trading innovation for business efficiency
In contrast, large, decades-old companies are locked into a model focused on optimizing for business efficiency, and they have lots of smart businesspeople driving to that mission. Their portfolios of solutions consist of products from all the startups they’ve acquired, and they focus their resources on trying to glue these teams and products together. As a result, their security offerings are typically something like “20 startups in a trench coat”. They aren’t driven to innovate unless there is a forcing function to make that happen, like competitive pressures or new customer requirements. In which case, they usually find it more efficient to buy another startup.
Eventually, they end up with a collection of different products in their security group all with different user interfaces and management platforms built by the startup teams that they acquired, different backend architectures and front-end architectures, and few, if any, synergies between them . Although interoperability and integration have become somewhat easier now that we’re in the age of the API, it is not without challenges. And once they’re over that hump, there’s still the issue of creating a seamless user experience. The day-to-day experience for a security operator is the management platform, not the security appliance or sensor infrastructure, and management platform interoperability is notoriously tough. Creating a high-scale, integrated, and extensible platform to provide visibility and control across interrelated, disparate solutions remains a huge problem, and the acquisition-driven business model doesn’t lend itself to cracking that nut.
Very rarely is deep, disruptive innovation possible from these large, integrated organizations because even as they acquire companies and modern technologies, they continue to put most of their resources behind their aging approaches, like appliance-based architectures and relying on deep packet inspection (DPI ), because they are still generating revenue. This makes it hard to get more resources shifted to new projects for continued innovation. As time marches on they find themselves in a maintenance cycle and concepts around driving innovative product enhancements that don’t necessarily drive immediate and tangible business efficiencies drop off. Primarily focused on how the world has operated for years, large companies inevitably wind up chasing markets.
Where bold thinking happens
For these reasons, the bold thinking and the innovations that are going to change the face of the industry will continue to come from startups. We embrace that at Netography, and it’s reflected in what we are doing in recognizing the global transition of enterprises to the Atomized Network and devoting ourselves to securing this environment where applications and data are scattered across a complex environment consisting of multi-cloud, on- premises, and legacy infrastructure, being accessed by increasingly mobile and remote workers. It’s a dramatic departure from traditional enterprise networks that have exposed deficiencies in security architectures and offerings and added layers of complexity.
When you have a highly distributed network with no defined perimeter, appliance-based architectures are a dead end. Zero Trust and the pervasive utilization of encryption increasingly blind DPI approaches. And securing multi-cloud environments with a patchwork of tools that provide disparate levels of visibility and control into specific cloud environments introduces scalability, cost, and manageability challenges.
Because we aren’t constrained by old thinking, we architected a SaaS-based, universal platform that gets ahead of all these challenges to provide complete network visibility across your entire network infrastructure at cloud-scale. Through a single portal and using a flow-based system that is unaffected by encryption, you get a unified view of your data, normalized, aggregated, and enriched with business and threat intelligence. Everything we build is API-driven, so you can complement existing tools with real-time and retrospective attack detection capabilities you’ve never had before and manage everything through one platform. And we do this with no hardware, no software, nothing to install, which leads to an incredibly fast time to value.
At Netography, we recognize the world for what it is, not for what we have known it to be, and we build for that world. It’s startup life and where innovation is happening.