This year’s CrowdStrike meltdown opened conversations about the need for enterprises to move away from having all of their cybersecurity systems running on a single platform, but Arctic Wolf CEO Nick Schneider thinks that rush away from platformization is throwing the baby out with the bath water.

Schneider in an interview with SDxCentral noted that the event did show there can be some concerns when it comes to relying solely on one vendor to provide all of an organization’s security needs, but that the idea of platformization remains the most robust way to stay on top of the ever-increasing cybersecurity threat landscape.

“I still believe that a customer's ability to understand their overall risk landscape is probably best served by having a centralized way to view that risk, so a centralized way to understand what is happening within their environment,” Schneider said. “I think what that incident highlighted is that that doesn't mean that you're only using that vendor for all aspects of your environment.”

This supports the need for an organization to understand what it needs to focus on in terms of highest-level priorities and then make sure that the platform running these systems also has the flexibility to allow for integration of other systems.

“I don't think that a customer wants to put everything regarding cybersecurity with one vendor. I think this incident probably highlighted that it might not be the best idea,” Schneider said. “But there's also a bunch of technologies, or certain technologies, that a customer might say, ‘hey, for these four or five things, I'm going to use the same vendor that I use for my core platform, but for these two or three things I'm going to leverage a different vendor,’ and the ability for the customer to have that choice, I think, is what's really important.”

This mindset can then allow for an organization to lean on that larger platform provider, but still have a way to future-proof against new technologies that might come down the platform road.

The CrowdStrike event, which was triggered by a single CrowdStrike update, caused more than 8 million devices running on Microsoft’s Azure cloud platform to crash. That event caused some to question to intelligence of relying so heavily on a single platform provider.

“CrowdStrike just created the best argument against consolidation and platformization: widespread outages,” Jeff Pollard, VP and principal analyst at Forrester, told SDxCentral at that time, adding that this was due to the concentrated nature of how organization’s relied on CrowdStrike.

“One of the challenges that comes as a result of that is concentration risk, and that’s what that platform and consolidation story can lead to when you put a lot of your security controls into one vendor’s basket, so to speak,” Pollard added. “To some extent, I think that CrowdStrike has sort of introduced potentially the best evidence against platformization or consolidation in the form of this widespread outage, because this is what happens when you do overly concentrate your security controls.”

CrowdStrike showed need for open options The current challenge for organizations that want to buffer themselves from such catastrophes is in finding a core platform that also allows for outside integration. Schneider explained that this challenge is further exacerbated by how some vendors interpret the word “open.”

“I think you're seeing a lot of the larger cybersecurity players – Arctic Wolf included –understanding that customers are looking for a more consolidated platform to provide their security operations,” Schneider said. “I also think you're seeing that a lot of those vendors view that as an opportunity to solve for those different aspects of cybersecurity, leveraging primarily their tools. So they all say that they're open, but the reality is that they're pretty closed to the manner in which the tools work on their platform and the efficacy of those tools within their platform.”

This requires organizations to be thorough when deciding on a single core platform in which to house a majority of their cybersecurity needs. This also requires those cybersecurity platform providers to understand and embrace that need for flexibility.

“If you have a really solid foundation, you have really strong native tools on some of the core attack surfaces, but you're also willing to acknowledge that customers may have already made an investment in or want to ensure that they can make future investments in third party tools, that you're able to leverage those tools and make sense of those tools for the customer, because otherwise you actually stand in the way of their progress.”

However, this all needs to be done through a simple interface that can allow that organization to monitor and manage those different components as needed.

“I think when done right that gives the customers a less complex environment and they're probably saving some money,” Schneider said. “It requires less human resources, or the human resources can be deployed to more strategic initiatives. And all of those things are initiatives or ways of working that I think are particularly interesting to customers in a macroeconomic climate that is still somewhat up and down.”