A Perspective on Gartner’s 2020 Security & Risk Trends
This Gartner post was published in June, after COVID 19 struck the world, and therefore the perspective of a new world is already factored into the posting. Response to COVID 19-related changes in work habits have driven cyber-security priorities since March 2019. But there is an uber trend that has been happening for a few years now and I expect will emerge as a high priority element in cyber-security planning at the CISO level — the emergence of several silos of security threat detection and analytics, run by different domain experts, for different workloads.
This is captured in trend #4 in Gartner’s post, about how enterprise-level (centralized) Chief Security Officers are arising in order to merge security-oriented silos. I fully agree with this, and we, at Anvilogic, have started to see this ourselves as we engage with Fortune 1000 companies, and I started seeing these signs of silos emerging a few years back while at Splunk.
Let’s try and understand why this is happening, and how we must embrace and optimize operations to accommodate this phenomenon.
Why is it happening?
As enterprises grow larger in operations, varying workforce habits, and new application workloads, security organizations tend to get decentralized and clusters of expertise governing their own areas arise. This is, in general, a good thing because those specific application/area owners know their environments best and therefore allowing them to govern those areas for security vulnerabilities and attacks is the most viable strategy in the long haul. This is not akin to how the server world got disrupted with VMware’s virtual machines, and the business application world got disrupted with companies like SalesForce and the infrastructure world got disrupted with AWS — the commonality in all this is there ceased to be one central IT organization servicing the needs of server groups, business application areas and infrastructure project areas, in favor of domain experts producing the necessary value elements for the business to operate with a ‘best-of-breed’ approach. Similarly, we are seeing this forward-progress trend starting in cyber-security with the advent of subject matter expertise in respective areas operating to deliver value for the areas they know best and own. Enterprises are considering Microsoft Sentinel to address Cloud AD and Azure security needs, Google Chronicle for GCP workloads, XDR technologies for end-point and related detection & response and so on. This is in addition to multiple (at least two) SIEMs many enterprises are already operating today. As a result, there is a growing separation of data, analytics and detection in the enterprise, and this goes beyond the capacity and governance reach of a traditional SOC. This trend must continue for the betterment of overall security posture of enterprises. However, the downside which we have not yet addressed, but we must, is bringing the knowledge of these disparate silos together and provide a centralized view of the cyber-security posture of the enterprise. This is true next-gen value, but we are not there yet.
How do we deal with it?
As mentioned above, we have not yet addressed how to bring concerted & correlated value from across these silos to address overall enterprise cyber-security and maturity. But it is important we look at the role of a SOC and consider the value of domain expert-run security methods carefully and embrace the next-gen cyber-security operations of an enterprise which shall be run by security domain experts rather than the traditional IT/developer persona. This certainly means the end of a traditional, central SIEM as we know it, and augmentation of the security infrastructure with a federated, content platform which operates as a fabric across all security silos — this is the ONLY way to embrace the next generation of enterprise security. We shall address this further in an upcoming blog post soon — watch this space!
In the meantime, look out for our CTO’s post on the related trend, #1 in Gartner’s posting, about how XDR technology is gaining traction in enterprises.
Ready to learn more about Anvilogic?
Kickstart your security operations
Anvilogic provided the necessary threat detection automation for our small SOC, adding a significant force-multiplier advantage for my team.