Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
In planning for 2021, information security teams should consider the largely unprecedented environment we are all currently in. The COVID-19 pandemic and its ramifications have had widespread impact on how security teams approach their jobs, so it becomes
yet another variable in the mix. With that in mind, the example in this piece highlights six key information security trends to consider when planning budgets and projects for the coming year.
1. Zero Trust
An emerging technology dramatically punctuated by the remote workforces is the concept of zero trust. Zero trust centers around developing security controls that evaluate every single network connection and use all the known security intel you have about
the devices and data involved to determine whether it should be allowed or not. This term, like many others, has been abused by the industry, and many vendors figured out a way to claim its products are “zero trust” in some way. However,
it remains to be seen how many products provide a complete zero trust solution, although many have integrated zero trust concepts into their solutions.
The most popular use case for zero trust-like solutions is for remote access and replacing virtual private networks (VPNs). The unexpected onset of remote work has caused the zero trust remote access market to skyrocket in popularity, and many organizations
are using it as a way to improve security on remote access, reduce unnecessary internal network exposure from VPNs, and make user access faster and easier.
A technology that pairs quite nicely with zero trust and is still gaining adoption is security orchestration, automation and response (SOAR). SOAR’s ultimate goal is to automate the neutralization of threats by interfacing with the multitude of
APIs other security tools provide. Many organizations struggle to gain true automation and enforcement out of SOAR tools, but that is where zero trust solutions come in. They are a natural enforcement arm of SOAR. A true zero trust tool should be
the most comprehensive way to make rapid security responses in your environment. It’s the perfect complement to make SOAR fly.
3. Tool Consolidation via Purple Teaming
Due to economic uncertainties stemming from the pandemic, many security teams are confronted with shrinking budgets and need to do more with less. In years where money is tight, it is wise to focus on re-evaluating all your existing tools to ensure you’re
getting the most value out of each one, and to identify opportunities where consolidation may be available. Vendor products are constantly evolving, and vendors should be pushed to continually justify why they should remain in your budget.
A technique that is becoming more popular each year is to perform purple team testing in your environment, not only to identify gaps in blue team attack coverage, but to tune your tools and see which perform best. Such tests often lead to organizations
finding certain tools failing to perform as well as they once did and identifying opportunities for consolidation or performance improvement.
4. Migrating from Hygiene to Success Defense Metrics
Purple teaming dovetails with another emerging trend, that of migrating from “hygiene” metrics (how well you are patched, etc.) toward “success defense” metrics, which tell the story of your overall resiliency against actual attack
techniques, as outlined by MITRE. MITRE provides the capability to do this by mapping attack techniques to known threat actor groups, which can be sorted by industry and
motive, so you can outline the most likely attack tactics your most relevant attackers will use.
Tracking your ability to defend against known and relevant attack techniques and reporting on those capabilities provides far better metrics for information security teams to present during executive team or board-level discussions and can even answer the dreaded “are we protected against insert news story
threat here” type of inquiries executives so commonly like to ask.
5. Right-of-Boom and New Backup Capabilities
Many organizations are considering dedicating efforts toward improving right-of-boom capabilities. This means more focus on activities such as increasing cyber insurance coverage, running tabletop exercises and expanding coverage of business impact analyses
(BIA), but it also means considering more advanced backup and restoration capabilities.
Due to the increasing aggressiveness and prevalence of ransomware attacks in the current work-from-home environment, new backup and restoration tooling has continued to emerge to provide contextual analysis capabilities for data and user activity, instead
of simply file-level analysis. Vendors are also taking steps to make immutable and air-gapped backups with fast recovery time objective (RTO) capabilities that can help satisfy the needs of organizations critically dependent on uptime.
Finally, a new trend that is emerging and still being defined is extended detection and response (XDR). XDR attempts to extend the machine learning (ML) and activity analysis techniques that made EDR successful on endpoints to a holistic view of the environment,
including network activity, application activity, cloud, etc.
It remains to be seen how the emergence of XDR will impact traditional SIEM solutions, because there is a natural overlap. However, the SIEM marketplace has seen little innovation in recent years and is commoditizing quickly. Vendors that provide services
across the stack, such as Microsoft, are well poised to be successful in this emerging space. For example, it recently launched Azure Sentinel as a SIEM platform and has been tightly integrating it with its EDR tools, as well as building integrations
with Jupyter Notebook and GitHub to allow communities to build and share content, threat hunts and rules. In addition, other vendors such as CrowdStrike have been integrating in the opposite direction, through acquisition(s) of security products elsewhere
in the stack, such as zero trust provider Preempt.
In the first six months of 2020, organizations faced more cyberattacks than in all of 2019. There is no reason to expect 2021 will slow that trajectory as information security teams for the coming year's trends. It’s likely to be a year that will continue to emphasize remote work, flat budgets and increasing
brashness of attackers.
To prepare, it’s a good idea to monitor and track emerging technologies, but you should also be sure to test extensively before making long-term commitments to any solution that is not yet battle proven.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.
February 29, 2024
By IANS Research
Access key data sets from the 2023 -2024 IANS and Artico Search’s Cybersecurity Staff Compensation Benchmark Report. Gain valuable insights on cybersecurity staff roles to hire and retain top security talent.
Access key data from IANS and Artico Search’s Compensation, Budget and Satisfaction for CISOs in Financial Services, 2023-2024 report. Find valuable insights around the Financial Services CISO role to help better understand your situation, improve job satisfaction and drive organizational change.
February 21, 2024
Learn why cloud IR is critical to security and not just another box to check. Find guidance to get started building a strong cloud IR program.