First, we as an industry should move away from celebrating a security vendor for being first to market with a feature that only directly affects five or even ten percent of the market. This type of marketing ploy may allow that vendor to capture more market share and gain more customers, but it is unlikely to improve the base security for the vast number of organizations who need solid security measures. Second, we should ask: does the vendor’s new feature, or the application itself, aid in the sharing of information, or in the cross platform usage of security data? Does this update, tool, or application make other security tools more capable in defending your network? In Truss terminology, only by decoupling the security intelligence from the security tool can we improve security as an industry. We believe we can make the same security data more capable and effective across more than one security tool. Finally, how can we as a security industry make collaboration and self-empowered security choices more mainstream and sustainable. As an industry we should make our organizations more resilient to attack, ultimately making us more capable and successful in defending ourselves.
The Chief Information Security Officer (CISO) of JP Morgan Chase, Patrick Opet, published a letter directed to the cybersecurity vendor industry on April 25, 2025. In the letter, Mr. Opet outlined his views on how Software as a Service (SaaS) security providers are creating security risks within their customer base by choosing to focus on security product features which inherently weaken the security architecture of their customers.
Mr. Opet presented three supporting points to illustrate his argument and subsequently provide solutions. Within this article, I will lay out my agreement with Mr. Opet’s point of view and present how Truss inherently protects its users with our unique security first methodology.
Attackers have to be right once.
Defenders have to be right 100% of the time.
Within the cyber security industry, competition is woven into the fundamental fabric of the industry. If you attended RSAC recently, you could not have walked through the Expo floor without experiencing a sensory overload of competitive agendas. Each security vendor gives away door prizes, auctions elaborate gifts, and booth attendees yell and give demos. There was even a trumpet blaring from more than one booth this year! The common storyline that is nearly universal across nearly every vendor is how their company or product is the industry leader in security for XYZ market angle.
What does this hyper-fixation with being the industry leader for a niche part of the security pie mean? In order to truthfully claim they are a market leader within their security segment, that segment has to be clearly defined, tested and proven. With the cybersecurity industry market touting an impressive $193.73 Billion USD in 2024, any company stating they are a market leader must be willing to invest multiple millions of dollars into a given feature to have it stand on top. How many best in class security vendors will the typical customer be required to subscribe to in order to obtain comprehensive security? More to the point, how much will that cost and who will be able to afford 10 or 15 security providers?
Not every piece of security information will be relevant to every user. Individual users of security data only need to take action on threats that directly affect them. Additionally, the consumers of this data need to inherently trust the source of that data. Should the consumer trust the source of the data, receive it in near real-time, and find it formatted so their security tools can use it, then they will willingly ingest and use that data to protect themselves.
Mr. Opet made an excellent point regarding the heavy usage of identity protocols such as OAuth to allow their security tools to “better communicate.” This places the burden of securing the identity protocols to the customer. Consumers of security tools need to begin asking themselves: Is the OAuth identity used by the security tool an administrator account? How many applications or services within the environment will use this same identity account? Ultimately culminating in the key question, “If that account were compromised, how much of the environment could become compromised?”
Furthermore, as an industry we need to move beyond relying on a single intelligence source for our security tools. No matter how great, cutting edge, or performance ready the security tool may be, no tool can block a threat it can't see. Additionally, security vendor research teams can only witness a narrow window of threats, meaning the security intelligence delivered to your security tool also has a narrow focus in terms of threat detection. Accurate, useful, and timely security intelligence is more powerful than security processing or strength alone. We should not rely solely upon the security data or intelligence from a single source to ensure we have the detection capabilities to protect us from all of the threats we care about.
Given the competitive nature of the industry, it is far-fetched to think that all of your security vendors will willingly share timely, actionable and effective security information with each other. It is time to stop relying upon the cooperation of these vendors to provide data to each other before delivering it to you.
If you are fortunate enough to have a security vendor that is leading the industry in every category, or you have pockets deep enough to hire the top best security providers across the 10 categories that matter to you, you might be able to prevent most of the threats that directly affect you. But for the rest of us, we simply can’t trust our one, two or five security providers to deliver all of the latest protection intelligence we need to protect ourselves.
Truss doesn’t rely on a small handful of cyber security vendors to have their customers best security interests at heart. Instead, we provide an avenue for consumers to identify and collect the security data they care about across a growing community of security experts.
Truss is the gateway to the security data ecosystem, allowing organizations to find and access user-specific data that will allow them to identify, alert, and prevent security events on a near real-time basis.
Truss contributors are an ever growing collection of trusted security data feeds from known and trusted authors. Timely and actionable security data is categorized, tagged, and validated for accuracy. Additionally, Truss enables organizations to sever the psychological bond between security hardware and security intelligence by allowing organizations to augment their security intelligence without having to rip out, shift or alter their security applications.
By decoupling the security hardware from the security intelligence, Truss empowers the consumer to use the best security data and intelligence regardless of source, so users can find ways to make their security hardware smarter and protect their critical infrastructure more effectively.
It is time to rethink security by shifting our attention away from hardware, security features and products and instead focus on sourcing the best data and intelligence to protect ourselves from a given threat. Then we need to make the tools we already have detect threats that are relevant to us. We have to ask ourselves: Does the data that our security providers give to us actually protect us from the threats we care about?
Truss believes that optimal security isn't simply about having the fastest best in class hardware agent, or the largest number of global clients, or the latest AI powered analytic detection engine. Rather we believe in maintaining and providing the right security knowledge. Security knowledge that can be delivered to each of your security tools in a timely, actionable, and useful format. Security knowledge that comes from sources you trust. We believe it is beyond time to have an exchange of security information that incentives the sharing and usage of security data. Security knowledge that empowers individuals, supports collaboration, and promotes the ideals of modern security architectures.
Create a free Truss account and explore what Truss has to offer!
Learn more on our home page.
Follow us on BlueSky, Mastodon, LinkedIn.
Join our growing community on Discord and wor k with us to make the security ecosystem stronger and more robust!