Is a security product company building a true platform or a suite?

Is a security product company building a true platform or a suite? The distinction clarifies where to invest, how to measure progress, and what competitive advantage to pursue. Here's my guidance for deciding which approach is best, including a look at CrowdStrike, Okta, and Palo Alto Networks.

Most Cybersecurity Products Aren't Platforms and It's OK

The test for a genuine platform is whether each new addition makes everything else more valuable, not just whether products share a brand or console. Let's draw a distinction between a platform and a suite.

Lenny Zeltser (zeltser.com)

#cybersecurity #productmanagement #infosec #saas

My new guidance on building security products for SMBs. I first tackled this market about a decade ago at NCR, but much has changed since, especially the role of MSPs and VARs for go-to-market strategies. A few findings as I revisited this space:

1. Channel concentration is a real risk. SentinelOne disclosed one partner accounting for 20% of total revenue, with a second reaching 10%.

2. Cyber insurance and customer compliance are buying triggers. Some SMBs arrive with a controls checklist from their insurer or customers.

3. AI readiness among MSPs dropped from 90% claimed in 2024 to under 50% for actual deployment in 2025.

4. The top three RMM/PSA platforms hold over 60% of the market, and Kaseya is bundling security into the subscription.

Details at https://zeltser.com/smb-security-product-strategy

#cybersecurity #infosec #productmanagement

Security leaders are often trapped in endless assessments and opinion-giving without driving actual change. Staying busy with spreadsheets, dashboards, and emails doesn't move the organization forward.

Here's how we can break out of the "Chief Opinion Officer" mode: https://zeltser.com/chief-opinion-officer-to-action-taker

#CISO #cybersecurity #leadership #infosec