I wonder if the root cause of this is the notion that one can tack "security" onto a system or inject it into a system, instead of it being a holistic perspective, with appropriate use of sub-components and rules.
The proximate cause is companies handing over total control of their systems to opaque security racketeering quacks. And the root cause of why a company would do that gets right to the heart of the reason why "security to check the boxes" is the phrase that's been going around in the past few days.
Any security that isn't done layer by layer in depth must be "tacked on" and try to know everything about a system at once and adapt in situ. Which is of course impossible on any given machine, you say. "But what if we leverage the power of the crowd?" said someone.
Many compliance frameworks require tools like crowdstrike. If you don't have endpoint detection, no SOC2. No SOC2, and you'll be excluded as a vendor from many places
Any security that isn't done layer by layer in depth must be "tacked on" and try to know everything about a system at once and adapt in situ. Which is of course impossible on any given machine, you say. "But what if we leverage the power of the crowd?" said someone.