Last week I attended the Gartner Security and Risk Summit in London. The theme of the summit was Accelerating the Evolution of Security: Reframe and Simplify. From the very first keynote, Gartner laid down the gauntlet. "Change is needed and we must stop doing what we have always done and start learning from our mistakes.” It is this very sentiment that set the tone for the show.
As I read my notes and reflect on the event, what I conclude is that for security to accelerate its evolution and reframe and simplify, we must acknowledge three brutal truths and the challenges we as a vendor must address head-on:
- There will always be more – how do we help security teams be more resilient?
- Doing more of the same is not working - how do we help security teams be more efficient?
- Do less to deliver more – how do we help security teams be more effective?
There will always be more: how do we help security teams be more resilient?
I talked about this in our session titled “Erase the cloud unknowns with Attack Signal Intelligence.” We started the session with one simple question: “what is the one word that sums up what we face in security today?”
The one constant in security is “more.” More attack surface to cover, more evasive and sophisticated attackers, more tools and more datasets to synthesize and analyze, more rules, more noise, more tuning, and worst of all - more analyst burnout. Historically, the security industry’s answer to more has been more, but all that has led to more complexity, cost and time wasted, hence the need to reframe and simplify.
Despite more, the core problem remains the same: we don’t know where we are compromised right now. At Vectra, we call this the unknown. Attackers will always find more ways in. In a session on the evolving threat landscape, Gartner acknowledged this highlighting 3 types of threats:
- Known and frequent threats
- High momentum threats
- Unpredictable emerging, niche threats
Gartner pointed out that the most difficult threats to detect are the ones that are unpredictable, emerging, niche and the fact of the matter is we have more of them. Our first challenge is building our resilience to them. How we do it is the question, because doing more the same is not the answer.
Doing more of the same is not working: how do we help security teams be more efficient?
There was another common thread discussed throughout the event and that was unification. Gartner predicts that “by 2025, 80% of security leaders will adopt a unification strategy to increase operational effectiveness.” Operational effectiveness that is rooted in a seamless security user experience and the convergence of applications and cloud, and a commitment to simplifying the complex. We contend unification is all about making security analysts’ job easier.
Automation plays a big role, but automation focused on one thing: alleviating security teams of the manual, mundane tasks, highlighting our second challenge: how do we help drive efficiency – how do we help security do less to deliver more.
Do less to deliver more: how do we help security teams be more effective?
The adage – less is more is easier said than done in security when the one constant is more. But Gartner argues that where there is a will, there is a way, and the way is to take a risk-based approach to everything. Security strategy and value outcomes i.e., metrics rooted in qualifying and quantifying business risk is critical to how security leaders communicate and collaborate across the business, with the C-suite and up to the board. A risk-based approach is key to determining where security invests, what gets built, how it operates and why it matters to the business. We contend a risk-based approach is about holding technology and services vendors accountable for efficacy – our third challenge – how do we help security teams be more effective at reducing risk?
- Unifying visibility across a hybrid cloud attack surface - endpoint, network, public cloud, SaaS and identity
- Unifying context to prioritize the threats that matter most to the business
- Unifying technology and services to get ahead and stay ahead of attacks
As I reflect on my 3 days at the Gartner Security and Risk Summit, I walked away knowing that we are on the right path to truly helping our customers:
- Build resilience to more unpredictable, emerging and niche attacks
- Be more efficient at detecting and responding to the threats that matter
- Deliver and prove the efficacy of their risk-based strategy to the business
This is a journey and there is work to do, but the good news is that it’s not more work, it’s simply the right work for our customers.