During this timeframe, security technology vendors have responded to these issues with numerous technology solutions like next-generation SIEM systems, SOAR, XDR, and UEBA, yet these issues continue, resulting in shifting market dynamics and upheaval.

Just recently, Cisco acquired Splunk, Exabeam merged with LogRhythm, and IBM and Palo Alto Networks partnered to migrate QRadar cloud customers to XSIAM. Other vendors are in deep trouble, looking for an exit, and likely not far from the end of the line.

All of this foretells massive changes in security operations. To be clear, I’m not talking about incremental product tweaks or functionality gaps addressed by generative AI. I’m talking about fundamental architectural changes.

Big organizations must shift to an architectural security approach

Over the next few years, large organizations must transition from a product-centric to an architectural approach to security operations. To be clear, no vendor will deliver the whole enchilada. Therefore, CISOs must focus their teams on architectural components, such as those listed below:

Cloud scale

Unless you are Amazon, Google, or Microsoft, you won’t have the compute, network, or storage capacity to address security operations requirements. This means that organizations with on-premises systems must plan for cloud migrations as soon as possible. Note that I’m not talking about “lift and shift.’ Rather security operations systems must be built on top of modern cloud-native technologies like containers, serverless functions, infrastructure as code, and APIs, capable of scaling capacity exponentially over the next few years.

All things data

There’s lots to unpack here. First, the notion of moving all the data to one repository is completely outdated due to data volume and constant change. Future security operations must adhere to a federated data model.