Over the past few years, cyber security has evolved from a technology concern to a serious shareholder and board-level discussion -- not to mention a critical national security issue. With more noise and broader alarmism, it has never been more critical for organizations across industries to become “Security EnlightenedTM.” At ProtectWise, we constantly think about how to help customers better address their cyber security challenges. As 2017 gets going, here are a few of the business-level trends we think will have an impact on InfoSec professionals.
- Security will become a utility, thanks to the cloud
There is a growing call for security to be treated as a fundamentally basic utility, where safety is ensured and baked into the service offering. In 2017, more organizations will look to the cloud to enable better visibility with longer retention and continuous analytics. Delivering enterprise security via the cloud will ultimately lower the TCO and complexity of security infrastructure as those legacy appliance systems are replaced with agile, distributed models. We will start to see a fundamental shift in how security is provided, towards simplicity and ubiquity and it will become foundational to enterprise security.. The days of treating security as a separate layer to be added “after the fact” to your network and infrastructure are long gone. Security must be foundational and part of the DNA of every organization. The cloud is the key to enabling this, with benefits like elasticity, availability, scalability and ease of deployment.
- An immersive security experience will help address the shortage of security talent
The emerging generation of potential analysts and threat hunters come from the “gamer generation”, who have grown up being immersed in modern rich computing interfaces such as virtual reality (VR), augmented reality and gaming. They are accustomed to navigating simulated signal-rich 3-dimensional worlds which are designed to make full use of the innate human ability to reason spatially. Starting in 2017, security companies will leveraging these technologies in their solutions to create the best, most intuitive user experience possible when dealing with exponential and ever growing amounts of big data. Solutions will provide a totally reimagined approach to how security analysts and threat hunters interact with and explore data. This is much more than a surface level change, although an immersive presentation layer will transform the arduous work of a security analyst or threat hunter into an engaging experience, one way for organizations to incentivize gamers to fill the staggering number of unfilled security jobs. These technologies are optimized for processing massive amounts of data, which is very relevant in the world of security, and efficiently rendering it in simulated 3-dimensional worlds. The gamer generation comes pre-trained for effective threat hunting and patrolling in these virtual worlds and, by using their spatial reasoning capabilities, can rapidly discern what is amiss (i.e., determine security events with real time situational awareness). Enhancing the way security professionals interact with data, will enable businesses to tap into unconventional talent pools - like gamers - to fill the security jobs of tomorrow.
- Businesses will increasingly want real-time advanced attack detection, broader coverage and wider interoperability
It’s vital to get a 360 degree view of the organization’s environment in order detect and mitigate advanced attacks and vulnerabilities. Getting that visibility - and in a timely fashion - is very challenging because of a complex security infrastructure involving many point products, not all of which have technical features needed for advanced threat detection. Plus business workloads are no longer confined within traditional enterprise boundaries. Workloads in cloud and hybrid environments are becoming the norm and, for many organizations, industrial control systems (ICS) must also be considered. In 2016 we saw the birth of response orchestration and security tooling automation. In 2017, there will be more orchestration across the entire lifecycle of security that today’s point products don't address, as demand for broader interoperability grows. More enterprises will adopt investigative platforms that provide a single place for visibility into workloads wherever they run - within the enterprise, in the cloud, in hybrid environments or industrial control environments. There will be increased demand for real-time detection of advanced attacks. Businesses will expect security solutions to holistically evaluate the state of the enterprise, both in the present and the past, using advanced technologies such as machine learning, automated retrospection and correlating intelligence across massive data sets (think post-“Big Data”)
Security must continue to evolve to keep pace with ever changing pace of digital disruption and continuously changing threatscape. 2016 was a year of immense growth for the industry, and things won’t slow down in the new year.