As companies face increasing security challenges, they will need to move to a new platform-based security model, top executives from Cisco and Palo Alto Networks said at this week's 2017 RSA Conference in San Francisco.
This isn't the same platform security model that is being touted by most major security vendors today – it's a next evolution of that model, where the focus is on visibility, analysis and enforcement, Palo Alto Networks CEO Mark McLaughlin said in a keynote address Wednesday.
"We are going to see [the current security model] get turned on its head. I mean that from a business model perspective," McLaughlin said.
McLaughlin said the current state of security is too complex, too expensive, too slow to adapt to changes and has become increasingly difficult for security professionals to show a return on investment. He said companies need to adapt a "platform of the future," which leverages integration and automation, and encourages cross-vendor sharing of threat intelligence.
That "Platform 2.0" will ultimately lead to more innovation, sharing, automation, software capabilities, ease of deployment, flexibility of usage, and new consumption models, McLaughlin said.
Driving that shift are the clear signs that today's security model isn't working, McLaughlin said, evidenced by a continued onslaught of breaches, new threats and growing inconsistencies in security postures. While the threats alone are bad, McLaughlin said a bigger concern is that continued failure to address security risks will lead to distrust of technology and negate the potential benefits of innovation.
"The existing approach apparently is not going to work out. If we keep doing what we have been doing, we will have some serious and significant problems," McLaughlin said. "Or do we fundamentally rethink how security innovation is encouraged, consumed, delivered? ... I think this is the way things have to go and we are moving very quickly in this direction. It is important that these are conscious decisions and we make these conscious decisions very soon," he said.
Meanwhile, David Ulevitch, vice president of the Security Business Group at Cisco, said the only way to improve security posture is to shorten the time from a threat, to detection, to response using automation. The way to do that, he said, is to remove the silos around point solutions and turn on automation. He said the "secret weapon" to accomplishing that is the cloud, which provides unlimited hardware, compute, storage, and analytics.
"The only way we can have an effective security posture is by moving to automated security…This is about making the cloud a tool in our security toolbox to help automate our security posture … To me, the cloud is an incredible security machine that we aren’t capitalizing on today," Ulevitch said Wednesday.