Thapana -

What’s on the security radar?

A selection of vendors share their thoughts about which technologies will be in demand this year

This article can also be found in the Premium Editorial Download: MicroScope: MicroScope: Spotting the hidden security dangers

There can’t be a customer that is not concerned about security. For resellers looking to pitch products and services, that means there is a wide variety of options to pitch. Some of the great and the good in the industry have shared their expectations for the year ahead.

Andrew Clarke, global head of channel and alliances, One Identity

Cyber incidents are a regular occurrence, in part due to organisations having to manage more identities within the business than ever before. In fact, according to recent research, the number of identities that organisations have to contend with has more than doubled, including internal, third-party and customer identities.

This is because of several notable trends in the industry, including: a reliance on contractors and external partners to scale and expand value; the rise of cloud-first computing with the distribution of cloud services to different physical locations; increased IT complexity due to adapting to compliance regulations; automation or robotic process automation (RPA) to streamline formerly time-consuming processes; and, of course, the push to adopt new platforms and technologies to accommodate remote access and non-traditional work environments.

These, combined with the fragmented way that many organisations manage access rights, can create inconsistencies, gaps and, worst of all, expand the attack surface for cyber criminals looking to steal credentials to gain a foothold within the organisation.

These trends are creating new channel opportunities for IAM [identity and access management] solutions which are embracing efficiency and increased cyber security resilience. Therefore, tackling “identity sprawl” is likely to be a focus for 2022, with companies looking to unify their identity security practices to attain a 360-degree view of all their identities, to plug these significant gaps and to increase their overall cyber resilience.

Brendan Hannigan, CEO, Sonrai Security

In 2022, we will see some nasty public cloud breaches as criminals exploit risk and complexity that companies leave unaddressed. While Amazon Simple Storage Service (S3) bucket exposures are easily preventable, they keep happening and these problems are the tip of the iceberg. Cloud identity and data access misconfigurations represent more vast and insidious risk and criminals are wising up to this.

Mike Sentonas, chief technology officer, CrowdStrike

As recent high-profile attacks have shown this past year, supply chains are very much on adversaries’ radar as a low-hanging attack vector. According to the 2021 CrowdStrike global security attitudes survey, more than three out of four respondents (77%) have suffered a supply chain attack to date, and 84% of respondents are fearful of the supply chain becoming one of the biggest cyber security threats in the next three years.

While supply chain attacks are not necessarily new themselves, the recent rise in this type of attack has essentially brought the genie out of the bottle. Frankly put, supply chains are vulnerable, and adversaries are actively researching ways to take advantage of this. In 2022, we probably haven’t yet seen the end of these attacks, and the implications for each one are significant for not only the victims, but the victims’ customers and partners up and down the chain.

Tony Pepper, CEO, Egress

After the major supply chain hacks of 2021, the supply chain will become the least trusted channel and this will drive adoption of zero-trust methodologies. However, buyers should beware of vendors that claim to single-handedly solve zero trust – instead, organisations will need to layer combinations of technologies to truly achieve it.

In 2022, we will see a rise in multi-vector attacks. We have already seen hackers combining phishing, smishing and vishing, and the next step will include collaboration platforms. Hybrid work has created huge demand for collaboration tools, and they can be a treasure trove of company data that is often unsecured. Hackers will always follow current trends, and they know to take advantage of changes in the way that organisations store their data, so I expect we’ll see a rise in attacks targeting these platforms.

Jordan Redd, senior sales director, MSSP, AT&T Cybersecurity

Complexities are mounting as architectures evolve to support a hybrid workforce. Added to this, securing new business initiatives in edge computing continues to drive new security requirements. And while attack surfaces are growing, cyber criminals have turned to highly evasive, more lucrative strategies to exploit and profit from network vulnerabilities. Against this backdrop, using a legacy approach to threat detection and response will no longer suffice.

Security teams struggle with too many alerts from various point solutions, too much data and not enough context. This is even more challenging with limited staff and expertise. A new approach to threat detection and response – extended detection and response (XDR) – has emerged to deeply integrate best-in-class technologies as well as existing investments made by customers.

“Security teams struggle with too many alerts from various point solutions, too much data and not enough context”
Jordan Redd, AT&T Cybersecurity

An XDR approach takes combined data from the entire security stack to help give security analysts more context into threats and enable them to make better remediation decisions more quickly.

For MSSPs [managed security service providers], this streamlined approach incorporates automation, orchestration, machine learning and threat intelligence to provide early-stage, more predictive identification of current and evolving threats.

Andres Rodriguez, chief technology officer, Nasuni

Ransomware will finally push backup to breaking point. In response to attacks like ransomware, security vendors and their customers have focused primarily on prevention. History has shown that it is a fool’s errand to place an entire strategy in prevention. Backup files are the last line of defence.

The way ransomware works, by quietly encrypting servers and files at a steady pace, is exposing backup’s shortcomings and warts. The model is broken and, in 2022, the industry will finally accept this as a whole, and begin placing more eggs into the rapid recovery basket, versus prevention.

Jamison Utter, senior director, products and solutions evangelist, Ordr

Traditional endpoints and IoT/IoMT/OT [internet of things/internet of medical things/operational technology] have converged in the enterprise network, and the security strategy needs to be viewed holistically. Recent attacks such as the Colonial Pipeline show us that we are failing to think about cyber resilience. In the case of thousands of industrial and healthcare breaches, we see losses of service, patients diverted, pipelines shut down and so on, while the IoT/OT infrastructure was not attacked or compromised.

What we need to do is embrace a whole-of-enterprise approach that encompasses cloud-to-ground visibility, analysis and control of all connected assets, from traditional IT to vulnerable IoT, IoMT or OT, enabling true cyber resilience.

Jelle Wieringa, security awareness advocate, KnowBe4

To secure their customers, resellers, integrators and MSSPs will have to look beyond the boundaries of how employees use the data and services of their organisations. The “new normal” forces organisations to now support a variety of technologies in different places, from remote work to legacy hardware. This opens up users and organisations to all sorts of new threat vectors, forcing suppliers to go beyond their usual scope and focus. This includes more in-depth detection technologies that involve edge networks and user devices to broader security awareness training that focuses on threats that emerge from home networks.

Too long have the three domains of cyber security – people, processes and technology – been the domain of separate suppliers, with the claim of expertise in one of the areas often being the excuse for not offering a full scope portfolio. But cyber criminals do not differentiate and often combine all three domains to successfully attack organisations.

“Cyber security serves the business and the approach that cyber security vendors take needs to reflect this”
Jelle Wieringa, KnowBe4

This increases the complexity of cyber attacks and forces organisations to ramp up their efforts, which often leads to outsourcing their cyber security. Suppliers of cyber security services need to extend their services to cover all aspects to better protect their customers. Whether they develop capabilities on their own or seek to combine forces with other suppliers, it is no longer an option to claim expertise in just a single domain.

Gartner states that by 2025, 60% of organisations will use cyber security risk as a primary determinant in conducting third-party transactions and business engagements. This will drive a change in the approach cyber security vendors currently have in their security services. The focus is often from a technology perspective, with technical metrics leading the decision-making process.

This needs to shift to a focus where the impact of cyber security on the business is the leading decision-making factor. And while this is often a very difficult change, given the technical background and legacy of most vendors, it is an unstoppable (r)evolution that is at the core of survivability for cyber security vendors going forward. Cyber security serves the business and the approach that cyber security vendors take needs to reflect this.

Sam Soares, chief growth officer, CyberSmart

The accelerated digital transformation is not going to slow down. This means the channel will continue developing digital-first experiences to deliver their services and products. This will see the rise of more digital marketplaces, and more digital support/self-serve from a trusted partner that can provide what a business needs in one place. More and more businesses will want this low-touch relationship with their channel partners, less complexity and more efficiency.

The channel will focus on products that are proven to work within specific environments, easy to deploy and maintain. This will put pressure on vendors to standardise systems, and think of their tools more as of a part of an ecosystem, rather than standalone solutions.

Focusing on recurring revenue streams is going to become critical for the channel. With SaaS [software-as-a-service] models becoming the norm, the channel must adapt its own business models to focus on recurring revenue, which, in turn, will drive scalability and agility that adapts to different business sizes, needs and requirements – a contrast to the more traditional, more rigid revenue models that focus on the specific size and needs of a business.

Sundaram Lakshmanan, CTO of SASE products, Lookout

DLP [data loss prevention] has traditionally been deployed as a standalone tool tethered to an enterprise’s perimeter data exchange points. This isn’t how things work any more – where data flows freely between clouds, endpoints and other entities – not just enterprise managed, but also with partners and contractors. To regain control, organisations need full visibility into how their data is handled, regardless of where the users are and what device and network they are using.

In 2022, I predict that organisations will accelerate the move to cloud-delivered solutions where data protection, inclusive of DLP and enterprise digital rights management (E-DRM), are at the heart of it. More and more enterprises will look for advanced DLP capabilities such as exact data match (EDM) and optical character recognition (OCR) to keep abreast of all the new workflows. Only by tapping into the scalability and power of the cloud can security solutions ensure that data is protected efficiently without hindering productivity.

Bob Egner, VP, Outpost24

Given the vast array of tools that security teams have to manage across the different layers of the technology stack, there are many risk grades, assessments and mitigations they must cope with. This is adding unwanted stress and time to remediate the millions of flagged findings and vulnerabilities, which is seen as low-hanging fruit for attackers. 

“Having a unified view across the entire security suite will be key to address the key business risk for organisations in 2022”
Bob Egner, Outpost24

The demand for more integration and a single view of technical and vulnerability information will grow. This should include real-time discovery, deep assessments across technology layers and up-to-date threat intel data for risk prioritisation. 

At a time when digital risk is a priority, security budgets are being strained and a clear cyber security skills shortage, having a unified view across the entire security suite will be key to address the key business risk for organisations in 2022 – moving away from  security risk management to an integrated approach.

Trevor Morgan, product manager, Comforte AG

We know that cyber security broadly, and data security in particular, creates lots of silos. The traditional approach for many organisations has been to cobble together point products and solutions to address different functional areas of protection. The problem with this approach is that a patchwork of solutions may not support a cohesive defensive posture, but, even worse, it overlooks the fact that we need to be viewing these functions as a larger workflow. For example, effective data discovery leads to better controls and data protection. In 2022, look for silos to be torn down and more unified platforms to evolve.

Tim Mackie, vice-president of worldwide channels, Armis

Most businesses can’t see 40% of the devices in their environments. From managed to unmanaged, businesses struggle with identifying all the devices around them, and, importantly, being able to secure them. This is likely to be a hot-ticket issue in the coming years for organisations of all types – from enterprise and healthcare to operational technology and critical infrastructure organisations.

In fact, a study from GSMA Intelligence forecasts that IoT connections will reach nearly 25 billion worldwide by 2025, up from 10.3 billion in 2018, which highlights the security problem. Channel partners and MSSPs will need to work with customers to choose solutions that enhance device detection and remediation capabilities to help them minimise the risk associated with rogue devices.

Read more on Threat Management Solutions and Services