This is interesting, and it supports my view of where things are going:
Companies will have their own internal data lake
Instead of selling their own data import and data lake and capture tools, (or even GUI’s after some point), security vendors will just be selling the secret sauce algorithms that produce better results
As I wrote about here after RSA 2015, the security analysis vendors and the business intelligence vendors have already started merging, and that is only going to accelerate.
We’re moving towards one data lake per company, with granular event type spigots each having their own authz and authn capabilities. And of course we’re already trying to bring the UI’s into unified dashboards.
So the data lake is consolidated and internal, the dashboards are unified, so that just leaves algorithms. That’s what the vendors will be–providers of data analysis algorithms that produce slightly better results that come from a standardized data lake and go into a standardized UI.