This week, at the Gartner 2020 Security and Risk Management Summit held from September 14 to September 17 local time in the United States, Gartner analyst Peter Firstbrook introduced the Top 8 trends in security and risk management.
1. In the mainstream market, XDR (Extended Detection and Response) becomes an alternative to SIEM and SOAR
In the mainstream market, XDR is gradually replacing tools such as SIEM and SOAR, allowing enterprises to integrate more security tools, thereby improving security operation and maintenance efficiency. In terms of detection, XDR can integrate multiple independent security products in a unified data format and data unit, and associate the data together, so as to improve the detection efficiency of security products and detect the undetectable features of a single security product. security incident. In terms of incident response, XDR integrates multiple security tools, and security personnel will get an event alert instead of multiple security tools. In addition, after XDR integrates different devices, it will be analyzed on the basis of SOAR. For example, searching for phishing emails in the email database, automated operations can greatly improve the work efficiency of the SOC.
When enterprises choose security products, they must make strategic planning and decide whether to buy multiple products from one manufacturer, or buy different security products from multiple different manufacturers, and then integrate them together. Also, determine which products to focus on, some enterprises will focus on the data layer, while others may focus more on the application layer. Alternatively, businesses can choose to outsource XDR services.
2. Security process automation is gradually improving security operation and maintenance efficiency
Another reason why enterprises are gradually adopting XDR solutions is the automation of security processes, which is a trend in almost all security products today. Many security companies are investing in automating security processes to fill the skills gap. In the fields of data management, intrusion and attack simulation (BAS), XDR, etc., the use of automated tools can save a lot of time and improve work efficiency.
3. Heads of security and risk management will take responsibility for securing artificial intelligence (AI)
Many large organizations are doing machine learning and artificial intelligence, but rarely notice that artificial intelligence will become the target of malicious attackers. Many attackers compromise the training data in machine learning, so this is also the responsibility of the security team. For example, for an online network service provider, during data training, the website traffic suddenly surges, and malicious attackers will take the opportunity to conduct DDoS attacks.
4. The impact of the network on the entity has resulted in changes to the organizational structure, such as adding a CSO position
The development of the Internet has affected the development of brick-and-mortar stores. With the development of the Internet of Things (IoT) and the digitization of manufacturing plants, security is no longer just about ensuring physical security and information security as in the past. Enterprises need to be reorganized, and a leader needs to be appointed to manage information technology security, operation and maintenance technology security, product/service management security, supply chain security, etc., through a central console to achieve centralized management and control of all aspects.
5. Trust and security teams start protecting consumers’ digital boundaries
Another development is that trust and safety teams are now emerging, built to protect consumers’ digital boundaries. Digital boundaries refer to all boundaries where consumers interact with the corporate environment, including websites, call centers, social media, and more.
6. Privacy is increasingly becoming an influential independent discipline affecting every aspect of an organization
Organizations that used to be less focused on privacy issues are now stepping up their privacy protections, investing four times as much in privacy because they fear financial loss, customer churn, and reputation damage, etc.
7. SASE integrates traditional LAN network security functions with WAN comprehensive capabilities, bringing major changes to network security
In the past, all users and all applications used the LAN, therefore, the use of firewalls, intrusion detection systems (IDS) in their own network environment can control network access. But now, many applications are no longer within the scope of the LAN, such as infrastructure as a service (IaaS), software as a service (SaaS), application as a service (APaaS), users and applications are no longer under the control of the data center . So, how can businesses achieve data visibility? SASE brings together Network as a Service (SD-WAN, CDN, Firewall) and Network Security as a Service (Cloud Security Proxy, Cloud SWG, DNS) into a unified platform. Enterprises are advised to rethink WAN design and integrate network security services, including web gateways, cloud access security proxies, firewalls, sandboxes, ZTNA, and more.
8. Cloud workload protection is moving in a new, comprehensive direction
Another important area of development is cloud workload protection, which is rapidly moving in a new comprehensive direction, from cloud workload development to production. Building an application in the cloud is very different from building a model locally. The cloud is usually built in an agile way, using containers, and supports building custom applications. All of this happens over the internet. This requires understanding the networking of applications and the storage of credentials, which is very complex to effectively manage cloud workloads.
In this regard, enterprises need to reconsider server security solutions, not just use existing security solutions to meet new security challenges. Be aware that the security challenges faced by cloud workloads are different and require the adoption of new security services. In this regard, the first consideration is visibility and security controls. For example, it is necessary to clearly know where the application is and where the dependencies are, so that security controls can be strengthened in a targeted manner. Additionally, risk configurations need to be fixed and a DevSecOps approach taken to secure applications throughout the development pipeline. At the same time, live testing is performed, where the application is tested in real time before it goes into production.
The Links: NL3224AC35-20 LB104S01-TL05 6MBI25J-120