InfoSec-Specific Executive Development for CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive labs to build you and your team's InfoSec skills
In planning for 2021, information security teams should consider the largely unprecedented environment we are all currently in. The COVID-19 pandemic and its ramifications have had widespread impact on how security teams approach their jobs, so it becomes
yet another variable in the mix. With that in mind, the example in this piece highlights six key information security trends to consider when planning budgets and projects for the coming year.
1. Zero Trust
An emerging technology dramatically punctuated by the remote workforces is the concept of zero trust. Zero trust centers around developing security controls that evaluate every single network connection and use all the known security intel you have about
the devices and data involved to determine whether it should be allowed or not. This term, like many others, has been abused by the industry, and many vendors figured out a way to claim its products are “zero trust” in some way. However,
it remains to be seen how many products provide a complete zero trust solution, although many have integrated zero trust concepts into their solutions.
The most popular use case for zero trust-like solutions is for remote access and replacing virtual private networks (VPNs). The unexpected onset of remote work has caused the zero trust remote access market to skyrocket in popularity, and many organizations
are using it as a way to improve security on remote access, reduce unnecessary internal network exposure from VPNs, and make user access faster and easier.
A technology that pairs quite nicely with zero trust and is still gaining adoption is security orchestration, automation and response (SOAR). SOAR’s ultimate goal is to automate the neutralization of threats by interfacing with the multitude of
APIs other security tools provide. Many organizations struggle to gain true automation and enforcement out of SOAR tools, but that is where zero trust solutions come in. They are a natural enforcement arm of SOAR. A true zero trust tool should be
the most comprehensive way to make rapid security responses in your environment. It’s the perfect complement to make SOAR fly.
3. Tool Consolidation via Purple Teaming
Due to economic uncertainties stemming from the pandemic, many security teams are confronted with shrinking budgets and need to do more with less. In years where money is tight, it is wise to focus on re-evaluating all your existing tools to ensure you’re
getting the most value out of each one, and to identify opportunities where consolidation may be available. Vendor products are constantly evolving, and vendors should be pushed to continually justify why they should remain in your budget.
A technique that is becoming more popular each year is to perform purple team testing in your environment, not only to identify gaps in blue team attack coverage, but to tune your tools and see which perform best. Such tests often lead to organizations
finding certain tools failing to perform as well as they once did and identifying opportunities for consolidation or performance improvement.
4. Migrating from Hygiene to Success Defense Metrics
Purple teaming dovetails with another emerging trend, that of migrating from “hygiene” metrics (how well you are patched, etc.) toward “success defense” metrics, which tell the story of your overall resiliency against actual attack
techniques, as outlined by MITRE. MITRE provides the capability to do this by mapping attack techniques to known threat actor groups, which can be sorted by industry and
motive, so you can outline the most likely attack tactics your most relevant attackers will use.
Tracking your ability to defend against known and relevant attack techniques and reporting on those capabilities provides far better metrics for information security teams to present during executive team or board-level discussions and can even answer the dreaded “are we protected against insert news story
threat here” type of inquiries executives so commonly like to ask.
5. Right-of-Boom and New Backup Capabilities
Many organizations are considering dedicating efforts toward improving right-of-boom capabilities. This means more focus on activities such as increasing cyber insurance coverage, running tabletop exercises and expanding coverage of business impact analyses
(BIA), but it also means considering more advanced backup and restoration capabilities.
Due to the increasing aggressiveness and prevalence of ransomware attacks in the current work-from-home environment, new backup and restoration tooling has continued to emerge to provide contextual analysis capabilities for data and user activity, instead
of simply file-level analysis. Vendors are also taking steps to make immutable and air-gapped backups with fast recovery time objective (RTO) capabilities that can help satisfy the needs of organizations critically dependent on uptime.
Finally, a new trend that is emerging and still being defined is extended detection and response (XDR). XDR attempts to extend the machine learning (ML) and activity analysis techniques that made EDR successful on endpoints to a holistic view of the environment,
including network activity, application activity, cloud, etc.
It remains to be seen how the emergence of XDR will impact traditional SIEM solutions, because there is a natural overlap. However, the SIEM marketplace has seen little innovation in recent years and is commoditizing quickly. Vendors that provide services
across the stack, such as Microsoft, are well poised to be successful in this emerging space. For example, it recently launched Azure Sentinel as a SIEM platform and has been tightly integrating it with its EDR tools, as well as building integrations
with Jupyter Notebook and GitHub to allow communities to build and share content, threat hunts and rules. In addition, other vendors such as CrowdStrike have been integrating in the opposite direction, through acquisition(s) of security products elsewhere
in the stack, such as zero trust provider Preempt.
In the first six months of 2020, organizations faced more cyberattacks than in all of 2019. There is no reason to expect 2021 will slow that trajectory as information security teams for the coming year's trends. It’s likely to be a year that will continue to emphasize remote work, flat budgets and increasing
brashness of attackers.
To prepare, it’s a good idea to monitor and track emerging technologies, but you should also be sure to test extensively before making long-term commitments to any solution that is not yet battle proven.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.
October 19, 2021
By IANS Faculty
Continuous compliance requires continuous monitoring and validation of controls in the environment, as well as integration with governance, risk management and compliance tools and platforms. Understand the processes, tools, stakeholders and focus required for a best practice continuous compliance program.
October 14, 2021
Learn how the DDoS threat is evolving and get a step-by-step playbook to ensure your organization is protected against DDoS attacks and has a response plan in place.
October 12, 2021
Uncertain how to secure your M365 environment? Our Faculty identify and explain the five primary areas of M365 that will provide the best security return-on-investment with the least user experience impacts.