At the Gartner Security and Risk Management Summit that ended last weekend, Gartner released the top ten popular cybersecurity projects for 2020-2021, eight security technology trend forecasts, and judged the key drivers of cybersecurity industry change in the next decade. .
Gartner vice president Toby Bussa noted that enterprise cybersecurity leaders need to prepare for a new decade. Over the past decade, cloud computing, the explosion of the Internet of Things, organized cybercrime such as ransomware, and privacy and data protection concerns have caused major changes in the cybersecurity landscape. In the decade of 2020-2030, network security will usher in a new round of earth-shaking and major changes.
The three drivers of change in the cybersecurity industry in the new decade are the “Balkanization” of the digital world, regulatory complexity, and corporate security resilience in response to high levels of uncertainty (disasters, war).
Bussa emphasizes that anticipating trends and planning ahead is critical to building an edge. Bussa also highlighted a redefinition of the concept of “cybersecurity”, which over the next decade will focus more broadly on “events that could endanger the lives, turmoil and high-risk events of an organization or its customers” rather than just traditional IT security .
Top 10 Popular Cybersecurity Projects for 2020-2021
Gartner analyst Brian Reed said that due to the impact of the new crown epidemic, Gartner has revised its forecast for popular cybersecurity projects for 2020-2021. Five of the top 10 hot items released by Gartner in 2019 are new projects, and eight of the top 10 hot items published this year are new projects, from a market perspective and annual growth rate, there is clearly growth in certain areas this year. Significantly, “risk management and understanding process failures” is the focus of the enterprise.
Reed noted that companies still need to do “groundwork” before they can consider launching the top ten projects, some of which “may require a lot of effort, some may require cultural changes, and some may require a large budget”. But from a commercial point of view, these are necessary costs.
Here are Gartner’s top ten cybersecurity projects for 2020-2021:
Ensuring the safety of the telecommuting workforce
The COVID-19 pandemic has made telecommuting-related cybersecurity programs such as security awareness training, endpoint security, and identity and access management (IAM) solutions a priority. Reed said the above solutions have become imperatives for all businesses, “which must be focused on business needs” and enable users to handle their job responsibilities.
For issues where cybersecurity awareness is a high priority but is underrepresented in IT security spending, Reed said getting investment and support for a security awareness program “depends on compelling reasons and negotiating skills.
“Most of the cost of security awareness will come from people and capital, and capital expenditures will need to be spent not only on security awareness tools, but delivering those,” Reed noted. “Many organizational negotiations may revolve around how much training an organization needs, or you may need How much time participants invest in doing it. What also needs to be considered is what the rewards and consequences will be.” Reed believes that the key to security awareness programs attracting users and getting more budget is to “set expectations accurately” and “use security and management personnel” speak in a language that both understand.”
David Mahdi, senior research director at Gartner, highlighted the urgency of successful identity and access management (IAM) initiatives in 2020 and the growing importance of privileged access management and other related scenarios.
Mahdi recommends that businesses prioritize enabling secure remote access, federated SSO and multi-factor authentication (MFA), and fast and “good enough” IAM and CIAM. To maintain accuracy, businesses should focus on account takeover protection, fraud detection, privileged access management, and the relatively low-cost IAM delivered by SaaS.
Risk-Based Vulnerability Management
Vulnerability management is a cliché, Reed said, but systems are never 100% patched and are designed to patch those vulnerabilities that pose the greatest risk to an organization. This should include exploitable vulnerabilities, or ones that have been proven effective in the wild. “This work goes beyond the vast amount of telemetry that most businesses are using today,” he explained. “It’s also worth noting that, especially in the last mile, it takes a lot of effort to patch, and these security efforts Responsibilities will fall more on the application or IT infrastructure operations team, with the cybersecurity team recommending patches, and the patching work performed by other teams.”
Extended Detection and Response (XDR)
Reed explained that XDR differs from SOAR and SIEM because it is a unified incident detection and response platform that automatically collects and correlates data from multiple proprietary components. It’s about improving detection accuracy and threat containment, as well as improving the overall incident management process.
Cloud Security Posture Management
As part of cloud and cloud application security tools, Reed said cloud security posture management is about providing management capabilities, including the ability to take action on policy violations, as these capabilities identify risks by reviewing cloud audits and operational events and can Provides a mapping of frames and controls for better compliance.
Simplify cloud access control projects
Simplified cloud access control projects are often implemented through a CASB tool that provides real-time security controls through inline proxies that can enforce policies or actively block, with great flexibility to launch via API or monitor mode.
Reed said DMARC is by no means the only answer to email security, but provides a higher level of trust and verification. This is because email can be easily spoofed and we rely so much on email that DMARC can provide verification. DMARC can be a good tactical project and can be won quickly on many fronts to improve email security.
Reed cited a statistic that found that 70% of users reuse passwords between work and personal life, and there are many options that can be used as a “second factor” to replace passwords, such as known assets, mobile phones, tablets, Keychain or smart watch. Additionally, there are other examples of using zero-factor or multi-factor authentication. He said: “Completely eliminating passwords is still far away, and we may never get rid of passwords, but there are many innovative ways we can take static passwords from a liability to an asset.”
Data classification and protection
This is a key way to improve the efficiency of data protection because not all users and data have the same value, and there may be problems of over- or under-classification. “When it comes to data classification and policy, we need the right level of automation and manual approaches, and the right approach is to use both.” Reed advises clarifying processes and definitions before doing technical classifications.
Planning a digital business plan
The skills of your employees should be considered and the right people in the right roles should be placed. Reed said: “The importance of digital competitiveness cannot be overemphasized, but too many companies are pursuing so-called unicorn talent, and companies need to realize that such ideal candidates do not exist. In the face of new digital business and For security projects, it is a more realistic choice to tap the potential internally and make the best use of people.”
Risk Assessment Automation
The last popular item is related to risk management, which helps security teams understand the risks associated with security operations. Reed cites a statistic that shows that 58% of security leaders consistently conduct risk assessments on all significant new projects. “Obviously, there’s a lot of work to be done here, and there’s clearly an opportunity to automate some of the risk and make the business more aware of some of the blind spots in risk assessments.”
In addition to the projects above, other popular cybersecurity projects reviewed by Gartner include:
·Employee monitoring technology
· Threat attribution service
· Automatic threat hunting
· Network range and network simulation system
· Chatbot-based security awareness and education
Biometric credential detection/protection
Secure Access Service Edge (SASE)
·Cyber physical security
Eight cybersecurity technology trends
According to Peter Firstbrook, research vice president at Gartner, “megatrends beyond your control” include: skills gaps, regulations and privacy, application size and complexity, endpoint diversity, attackers, and the impact of COVID-19. COVID-19 has accelerated many of the trends that Gartner has been predicting over the past decade. Here are Gartner’s top eight cybersecurity technology trends:
Extended Detection and Response (XDR) – Firstbrook says this tool is replacing SIEM and SOAR tools, giving organizations “more operational security than investing in and trying to integrate the best product lines.”
XDR combines security tools into a common data format, correlates incidents, and provides users with an integrated incident response experience that brings products together. “Enterprises need to start prioritizing products that need attention, focusing on key needs, which is integrating information and responding to incidents,” Firstbrook noted.
Automation of Security Processes – This is a trend across the cybersecurity product market as security vendors invest in this to address skills gaps and make it “easier to complete repetitive tasks”. Firstbrook recommends researching ways to automate lengthy manual processes and developing playbooks to understand the steps to take. Also, start looking for products with built-in APIs and automation technology.
Keeping AI safe – Firstbrook says this has become the responsibility of security and risk managers. “Many organizations have invested in AI and machine learning, but few have studied how malicious attackers can hack AI,” he said. He suggested that the security industry look into machine learning algorithms and what attacks can be done against them.
The impact of the network on the physical world – one of the major disruptive trends in network security is the penetration from the virtual world to the physical world. The attack surface of network security is far beyond the scope of traditional network security defense, which is the “zero era of security bulls, big security”. “. The role of security and risk managers has gone beyond traditional information security to include IoT and machine security. This includes under-protected factory machinery, as well as building security, where “siegeware” attackers can lock you out of buildings or mess with HVAC systems. “These are problems that cyber and information security can’t solve, so we’re seeing companies restructure and have people in information security or cybersecurity work across disciplines, including operational security, supply chain security and product management security,” Firstbrook said. “
Assemble trust and security teams – These security teams form new “digital boundaries” that include the various points of access where customers interact with your environment: such as call centers, websites, social media, and some entities. Firstbrook recommends forming at least a part-time cross-departmental trust and security team, including those from marketing, branding, legal, privacy, and other departments, to take a comprehensive and three-dimensional look at the company’s cybersecurity environment and inventory control.
Privacy – Privacy has become an influential discipline that used to be a “part-time job” for businesses, but now privacy has become a full-time role, according to Firstbrook. “The reason is that businesses are concerned about financial loss, losing customers or damage to their reputation.”
To do this effectively, businesses should focus on assessing data and business risk in the corporate environment. Three areas to focus on are: consent and ensuring that customers choose to share data with you; transparency so they know what you’re storing; why you’re storing it; and self-governance to manage and delete data.
Secure Access Service Edge (SASE) – This makes your WAN architecture look more like a local area network (LAN) architecture, says Firstbrook. “So, how do you regain visibility and control over these applications and services outside of the environment with users outside of the environment?” He suggested using SASE as an approach, as it is a fusion of network security controls with remote access technologies and CASB, etc. The new technologies are integrated and combined into a single platform, “to provide all these connections across the Internet, allowing the Internet to carry the WAN.”
Cloud workload protection – a space that has seen many disruptive vendors, security businesses cover the entire lifecycle of cloud applications from development to production as more and more custom applications are in containers, and across SaaS developed in the service. “So you need to take an inventory of what the application is for, where it’s used, what protocol it’s using and where the credentials are stored,” he said. “Security management of cloud workloads is becoming very complex.”