Six Information Security Trends for 2021

In planning for 2021, information security teams should consider the largely unprecedented environment we are all currently in. The COVID-19 pandemic and its ramifications have had widespread impact on how security teams approach their jobs, so it becomes yet another variable in the mix. With that in mind, the example in this piece highlights six key information security trends to consider when planning budgets and projects for the coming year.

Considerations for InfoSec Teams in 2021

• What are some emerging cloud security technologies and/or developments in old technologies to consider?
• What are evolving threats and tactics to for InfoSec teams consider in 2021 planning?
• How can they be addressed in strategy?
• What projects are others doing that are innovative, incredibly impactful or high value?

Six Information Security Trends for 2021

1. Zero Trust

An emerging technology dramatically punctuated by the remote workforces is the concept of zero trust. Zero trust centers around developing security controls that evaluate every single network connection and use all the known security intel you have about the devices and data involved to determine whether it should be allowed or not. This term, like many others, has been abused by the industry, and many vendors figured out a way to claim its products are “zero trust” in some way. However, it remains to be seen how many products provide a complete zero trust solution, although many have integrated zero trust concepts into their solutions.

The most popular use case for zero trust-like solutions is for remote access and replacing virtual private networks (VPNs). The unexpected onset of remote work has caused the zero trust remote access market to skyrocket in popularity, and many organizations are using it as a way to improve security on remote access, reduce unnecessary internal network exposure from VPNs, and make user access faster and easier.

2. SOAR

A technology that pairs quite nicely with zero trust and is still gaining adoption is security orchestration, automation and response (SOAR). SOAR’s ultimate goal is to automate the neutralization of threats by interfacing with the multitude of APIs other security tools provide. Many organizations struggle to gain true automation and enforcement out of SOAR tools, but that is where zero trust solutions come in. They are a natural enforcement arm of SOAR. A true zero trust tool should be the most comprehensive way to make rapid security responses in your environment. It’s the perfect complement to make SOAR fly.

3. Tool Consolidation via Purple Teaming

Due to economic uncertainties stemming from the pandemic, many security teams are confronted with shrinking budgets and need to do more with less. In years where money is tight, it is wise to focus on re-evaluating all your existing tools to ensure you’re getting the most value out of each one, and to identify opportunities where consolidation may be available. Vendor products are constantly evolving, and vendors should be pushed to continually justify why they should remain in your budget.

A technique that is becoming more popular each year is to perform purple team testing in your environment, not only to identify gaps in blue team attack coverage, but to tune your tools and see which perform best. Such tests often lead to organizations finding certain tools failing to perform as well as they once did and identifying opportunities for consolidation or performance improvement.

4. Migrating from Hygiene to Success Defense Metrics

Purple teaming dovetails with another emerging trend, that of migrating from “hygiene” metrics (how well you are patched, etc.) toward “success defense” metrics, which tell the story of your overall resiliency against actual attack techniques, as outlined by MITRE. MITRE provides the capability to do this by mapping attack techniques to known threat actor groups, which can be sorted by industry and motive, so you can outline the most likely attack tactics your most relevant attackers will use.

Tracking your ability to defend against known and relevant attack techniques and reporting on those capabilities provides far better metrics for information security teams to present during executive team or board-level discussions and can even answer the dreaded “are we protected against insert news story threat here” type of inquiries executives so commonly like to ask.

5. Right-of-Boom and New Backup Capabilities

Many organizations are considering dedicating efforts toward improving right-of-boom capabilities. This means more focus on activities such as increasing cyber insurance coverage, running tabletop exercises and expanding coverage of business impact analyses (BIA), but it also means considering more advanced backup and restoration capabilities.

Due to the increasing aggressiveness and prevalence of ransomware attacks in the current work-from-home environment, new backup and restoration tooling has continued to emerge to provide contextual analysis capabilities for data and user activity, instead of simply file-level analysis. Vendors are also taking steps to make immutable and air-gapped backups with fast recovery time objective (RTO) capabilities that can help satisfy the needs of organizations critically dependent on uptime.

6. XDR

Finally, a new trend that is emerging and still being defined is extended detection and response (XDR). XDR attempts to extend the machine learning (ML) and activity analysis techniques that made EDR successful on endpoints to a holistic view of the environment, including network activity, application activity, cloud, etc.

It remains to be seen how the emergence of XDR will impact traditional SIEM solutions, because there is a natural overlap. However, the SIEM marketplace has seen little innovation in recent years and is commoditizing quickly. Vendors that provide services across the stack, such as Microsoft, are well poised to be successful in this emerging space. For example, it recently launched Azure Sentinel as a SIEM platform and has been tightly integrating it with its EDR tools, as well as building integrations with Jupyter Notebook and GitHub to allow communities to build and share content, threat hunts and rules. In addition, other vendors such as CrowdStrike have been integrating in the opposite direction, through acquisition(s) of security products elsewhere in the stack, such as zero trust provider Preempt.

Information Security Planning for 2021

In the first six months of 2020, organizations faced more cyberattacks than in all of 2019. There is no reason to expect 2021 will slow that trajectory as information security teams for the coming year's trends. It’s likely to be a year that will continue to emphasize remote work, flat budgets and increasing brashness of attackers.

To prepare, it’s a good idea to monitor and track emerging technologies, but you should also be sure to test extensively before making long-term commitments to any solution that is not yet battle proven.

Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.