Nowadays, enterprises keep improving their business through digitalization by adopting a cloud-first approach, which significantly increases their risk profiles and attack surface. In order to better protect the business, many enterprises are adding multiple layers of defense, and as a result, are increasing the complexity of defending against advanced attacks, as well as analysis on the threats information.
Gartner has noticed this problem well exists in many organizations. As such, the topic of this year’s Gartner Summit is “Reframe and Simplify”, which help organizations accelerate the evolution of security. What would help strengthen an organization’s security, while simplifying the defense process? A few necessary cyber security investments in the future would be as follows:
- Deploy AI-based defenses
- Agile technology adoption
- Join an Incident Cooperative
Convergence increases security efficacy, and AI-integration produces more insight and capability to address the security challenges.
Consolidating Network Security
With the current market offerings, it is easy for organizations to start transforming their traditional network security products into agile Cloud-based solutions. One such example is the Secure Access Service Edge (SASE), which is the concept of providing security as an integrated set of services. Services could reduce the workload for originations, together with process automation and workflows simplification. SASE converges comprehensive networking and security functions to support the dynamic secure access needs of organizations. It is also a perfect place for implementing AI-based technologies that could provide automated and simplified data security. SASE adoption could be viewed as a significant reduction of complexity through vendor, policy and console consolidation.
There are many vendors who focus mainly on the security service part of SASE, which was originally introduced as Security Service Edge (SSE) by Gartner. SSE was the concept of consolidating controls across web, cloud services, and private applications from one primarily cloud-based platform. According to Gartner’s survey, by 2024, 46% of organizations plan to consolidate security services within 2 vendors for SASE, and only 19% of organizations would consolidate security services within a single vendor for SASE. And by 2025, 80% of enterprises will have adopted a strategy to unify web, cloud services and private application access from a single vendor’s security service edge (SSE) platform.
Consolidating Incident Response
Organizations collect a huge amount of information every day through security tools. However, about 80% of organizations cannot trace attackers across systems in a single pane view, and are thus becoming frustrated by how complex the best-of-breed security stack is. Lack of visibility into consolidated risk posture raises concerns from CISOs. Now, we have Extended Detection and Response (XDR) to help address the aforementioned problem.
XDR is defined as a consolidated tool that provides detection, alert management, and incident response capability across multiple security products, fusing multiple alerts into single incidents. The goal of XDRs is to enable better visibility across multiple security tools and faster, more-accurate incident response.
According to “2022 Gartner CISO: Security Vendor Consolidation XDR and SASE Trends Survey”, XDR is mostly adopted to improve
- Speed and accuracy of detection.
- Visibility into attacks across the entire security infrastructure.
- Security operations center (SOC) productivity.
What’s Next?
- Cloud Native Application Protection Platforms
As more and more organizations are adopting a cloud-first approach, developers have embraced cloud-native application development. Securing those cloud-native applications is an essential goal for these organizations.
Cloud-native security needs to be addressed from the following aspects:
- Runtime Protection
- Cloud Configuration
- Artifact Scanning
- DevSecOps Enablement
- Data Security Platforms
Data security is quite fragmented in the current cybersecurity market, and a unified product or service is needed to integrate the unique protection requirements of data across data types, storage silos and ecosystems. This is where Data Security Platforms (DSPs) come into play, and help with providing meaningful data risk analytics, orchestration of data security policies and reduction of operational complexities.
Gartner predicts that by 2025, 30% of enterprises will have adopted a data security platform (DSP), due to the surging demand for higher levels of data security and the rapid increase in product capabilities.
- Cybersecurity Mesh Architecture
Cybersecurity Mesh Architecture (CSMA) is an emerging concept for building up composable, distributed security controls to improve overall security effectiveness. It focuses on the collaboration of individual security tools. The benefits from leveraging CSMA include but are not limited to:
- Faster incident response
- Centralized policy management
- Centralized threat database
- Centralized playbooks and automation
- ML/AI to help with threat hunting
A plethora of technology is now available to help ease enterprises toward SASE – enabling security as a service, rather than the DIY mold. This transition will allow for easier management and, making it easier to see results. Start consolidating your security today and prepare for tomorrow’s challenges with network security products!