Image Credit: Getty Images
Were you struggling to attend Transform 2022? Have a look at all the summit sessions inside our on-demand library now! Watch here.
Consolidating their organizations tech stacks, defending budgets and reducing risk are three of the very best challenges facing CISOs entering 2023. Identifying which security technologies deliver probably the most value and defining spending guardrails is imperative.
Forresters 2023 security and risk planning guide provides CISOs prescriptive help with which technologies to improve and defend their investments and which to take into account paring back spending and investment.
Forrester recommends that CISOs fund proof concepts in four emerging technology areas: software supply chain security, extended detection and response (XDR) and managed detection and response (MDR), attack surface management (ASM) and breach and attack simulation (BAS), and privacy-preserving technologies (PPTs).
Begin by benchmarking security budgets
Forrester grouped enterprises into two categories: the ones that spent around 20% of these IT budget on security versus the ones that spent 20% or even more. In comparison to data from Forresters 2021 security survey, they discovered that cloud security spending grew probably the most in organizations that had security spending accounting for 20% or less of overall IT budgets.
MetaBeat provides together thought leaders to provide help with how metaverse technology will transform just how all industries communicate and conduct business on October 4 in SAN FRANCISCO BAY AREA, CA.
Security portfolios arent migrating to the cloud fast enough
Infrastructure leaders at U.S. enterprises have migrated 45% of these total application portfolio to a public cloud and anticipate 58% could have moved within the next two years. Furthermore, consensus estimates from several market surveys show that a lot of enterprise security workloads already are on public cloud platforms. However, Forresters survey demonstrates security and risk management professionals surveyed are running behind on moving more security workloads to public clouds.
On-premises security software continues to be the biggest expense in a security budget
Forresters analysis combined maintenance, licensing and upgrade expenses with new investments for on-premises software to track spending in this category. In organizations that spend significantly less than 20% of these IT budgets on security, 41% spend money on on-premises security software. Organizations spending over 20% of these IT budget on security spend 38% on on-premises systems.
Services are nearly 25% of most security spending
Given the complexity of integrating and getting value from internal security controls, shelling out for security services keeps growing today. Forrester finds that enterprises are embracing managed security services providers (MSSPs) to lessen costs, close the abilities gap and supplement short-staffed security teams. As security cloud adoption increases, the necessity for specialized expertise will observe, continuing to fuel services security spending.
Security technologies to purchase during 2023
The global threat landscape can be an always-on, real-time way to obtain risk for each organization. Therefore, buying cybersecurity can be an investment in ongoing business operations and controlling risk. Both factors are compelling CISOs to trim technologies from their tech stacks that cant match real-time threats.
For instance, CrowdStrikes research finds that, typically, it takes just one single hour and 58 minutes for a cyberattacker to jump from the endpoint or machine thats been compromised and move laterally during your network. Because of this, be prepared to see inventories of legacy security software being consolidated in to the current wave of new technologies Forrester recommends CISOs spend money on, which are summarized below.
CISOs have to pursue a least-privileged access method of API security that limits sprawl and is in keeping with their zero-trust framework.
When contemplating API strategy, use the dev team to comprehend the entire API strategy first. Get API discovery set up. Know how existing app sec tools are or aren’t supporting API use cases. You’ll likely find overlaps and gaps. But its vital that you assess your environment for everything you already have set up before running out to get a lot of new tools, said Sandy Carielli, principal analyst at Forrester, throughout a recent interview with VentureBeat.
API security, like application security overall, should be addressed at every stage of the SDLC. As organizations develop and deploy APIs, they need to define and build APIs securely, put proper authentication and authorization controls set up (a standard issue in API-related breaches) and analyze API traffic and then allow calls based on the API definitions, said Carielli.
Furthermore, a standard issue with organizations is inventory. Due to the sheer amount of APIs set up and the tendency to deploy rogue APIs (or deploy and forget) many security teams aren’t fully alert to what APIs may be allowing external calls to their environment. API discovery is becoming table stakes for most API security offerings because of this.
Bot management solutions
Bot management solutions depend on advanced analytics and machine learning (ML) algorithms to investigate traffic instantly to find out intent.
Bot management solutions actively profile traffic to find out intent and perform protection techniques such as for example delaying, blocking or misdirecting traffic from bad bots, Carielli said. Types of vendors in the bot management market are Akamai, Imperva and Human.
ICS/OT threat intelligence
Industrial control systems (ICS) and operations technology (OT) stacks are among capital-intensive industries most vulnerable threats. Security isnt designed in to the core platform, making them a frequent target of cyberattackers. Forrester highlights that CISOs at manufacturing, utilities, energy and transportation organizations must consider adding ICS threat intelligence capabilities to safeguard physical and digital systems and assets.
Cloud workload security (CWS), container security and serverless security
Securing cloud workloads and providing container and serverless security takes a cross-functional team been trained in these technologies and ideally certified in advanced security ways to protect them. Hybrid cloud configurations that depend on CWS are specially vulnerable and will leave compute, storage and network configurations of cloud workloads at an increased risk. Container and serverless security certainly are a work happening for most security vendors today, with several saying that is on the product roadmap.
Multifactor authentication (MFA)
Table stakes for just about any zero-trust network access (ZTNA) initiative and frequently among the first areas CISOs implement to obtain a quick win within their zero-trust initiatives, MFA is really a must-have in virtually any cybersecurity strategy. Forrester notes that enterprises have to aim high with regards to MFA implementations. They recommend adding a what-you-are (biometric), what-you-do (behavioral biometric), or what-you-have (token) factor to what-you-know (password or PIN code) legacy single-factor authentication implementations.
Zero-trust network access (ZTNA)
Virtual teams, the exponential upsurge in endpoints theyre creating and the infrastructure to aid them are catalysts driving ZTNA adoption. Forrester observes that the convergence of networking and security capabilities continues to operate a vehicle ZTNA adoption to satisfy the tenets of zero trust and zero-trust edge (ZTE) models.
Security analytics platforms
Legacy rules-based security information and event management(SIEM) platforms arent maintaining the scale and speed of real-time threats today. Consequently, SIEM platform providers are integrating security analytics (SA) to their platforms that combine big data infrastructure, security user behavior analytics (SUBA), and security orchestration, automation and response (SOAR). Combining these technologies can help you identify insider threats using behavioral analytics, while SOAR provides improved visibility and control over orchestrated processes and automation.
Crisis response simulations and purple team exercises
Forrester recommends that IT and security leaders regularly take part in cybersecurity crisis simulations, like the executive leadership associates and the board of directors. These exercises run executives through breach, ransomware and cyberattack scenarios and help identify communication and information gaps before a meeting.
Avoid shelling out for standalone controls and legacy tech
Forrester recommends that CISOs reduce their investments in standalone and legacy, on-premises security controls. For instance, the more isolated a data loss prevention or security user behavioral analytics system is, the much more likely it will decelerate response times and invite cyberattackers to go laterally across a network.
Standalone data-loss prevention (DLP)
Forrester notes that DLP is currently integrated as an attribute capability in email security and cloud security gateways, cybersecurity suites and platforms like O365. Having DLP integration at the platform level helps it be easier for organizations to obtain and enable DLP as an attribute of a broader treatment for address compliance needs.
Standalone security user behavior analytics (SUBA)
Since being introduced, SUBA is becoming more built-into SA platforms, as noted above. Furthermore, Forrester notes that standalone SUBA systems are increasingly being sold alongside DLP to supply additional user contextual intelligence. Due to these factors, SUBAs viability as a standalone technology is bound.
Managed security services providers (MSSPs)
Managed detection and response (MDR) providers are better equipped to safeguard organizations contrary to the onslaught of real-time attacks today than MSSPs are. In accordance with Forrester, MSSPs have devolved into alert factories sending templated emails about alerts to clients that didn’t provide context or accelerate decision-making. Redirecting shelling out for MSSPs to MDRs and security-operations-center-as-a-service (SOCaaS) providers is really a better decision predicated on Forresters planning guide recommendations.
Indicators of compromise (IOC) feeds
IOC feeds are another feature thats being integrated as an element of enterprise firewalls, endpoint detection and response and SA platforms. Forrester recommends that CISOs reduce or eliminate shelling out for IOC feeds. Instead, turn to security platform vendors to supply IOC feeds as a value-added service in existing contracts.
Legacy, on-premises network security technologies
In accordance with Forrester, CISOs should avoid investment in on-premises network access control (NAC) aside from specific IoT/ICS/OT use cases. Instead, CISOs have to consider how ZTNA, coupled with software-defined perimeters, can offer far better enterprise-wide security and risk reduction.
New security technologies worth evaluating
Four emerging security technologies are worth pursuing through the proof concept phase. The four technologies include:
1. Software supply chain security
A software supply chain attack occurs whenever a customer installs or downloads compromised software from the vendor, and an attacker leverages the compromised software to breach the clients organization. Adopting zero-trust principles with all software, including third-party software, can help mitigate the chance of a supply chain attack, Janet Worthington, senior analyst at Forrester, told VentureBeat.
For instance, a business might purchase antivirus software which requires elevated privileges to be installed or operate. If an attacker gains usage of the compromised software, the elevated privileges can be employed to gain access to the organizations sensitive data and critical systems, she said.
Its advisable through the procurement process to utilize vendors to make sure that their software adheres to the zero-trust least-privilege principle and runs on the secure software development framework (SSDF).
Having a zero-trust architecture to create software supply chain security is vital. To be able to prevent lateral movement, in case of a compromise, implement a zero-trust architecture where all users, applications, services and devices are continuously monitored and their identity validated. Also, consider microsegmentation to generate distinct security zones and isolate applications and workloads in data centers and cloud environments, Worthington said.
2. Extended detection and response (XDR) and managed detection and response (MDR)
XDR tools provide behavioral detections across security tooling to provide high-efficacy alerts and extra context within alerts. XDR enables security teams to detect, investigate and respond from the single platform. MDR providers are recognized for providing older detection and response support than XDR suites, and will help augment security teams facing ongoing labor shortages. MDR providers may also be evaluating adopting XDR technologies to check their threat-hunting and threat-intelligence services.
3. Attack surface management (ASM) and breach and attack simulation (BAS)
ASM solutions certainly are a new technology that allows organizations to recognize, attribute and measure the exposures of endpoint assets for risks which range from external vulnerabilities to misconfigurations. BAS has emerged to supply an attackers view of the enterprise with deeper insights into vulnerabilities, attack paths and weak/failed controls. Both solutions assist security also it ops teams in prioritizing remediation efforts in line with the assets value and severity of the exposure.
4. Privacy-preserving technologies (PPTs)
PPTs include homomorphic encryption, multiparty computation and federated privacy. They enable organizations to safeguard customers and employees data while creating and iterating machine learning models or with them for anonymized predictive analytics projects. PPTs show prospect of enabling high-performance artificial intelligence (AI) models while satisfying privacy, ethics along with other regulatory requirements.
Real-time threats require constant investment
Residing at competitive parity with cyberattackers and becoming more adept at real-time attacks may be the challenge every CISO will face in 2023 and beyond. Knowing which technologies to prioritize is invaluable for protecting an enterprises IT infrastructure.
Scaling back shelling out for standalone and legacy on-premises network security technologies frees up the cover newer technologies that may meet up with the challenge of real-time threats. Forresters recommendation of four emerging technologies for proof-of-concept investing reflects how quickly attack strategies are progressing to capitalize on enterprise security stacks weaknesses.
VentureBeat’s mission is usually to be an electronic town square for technical decision-makers to get understanding of transformative enterprise technology and transact. Find out more about membership.