CISOs face a tough balancing act. They must protect new digital transformation strategies that deliver revenue, and keep fragmented legacy systems secure. At the same time they have to battle the siege on identities, and get more work done with a smaller cybersecurity staff.
Consolidating tech stacks, together with gaining access to new technologies, is the solution many are adopting. A well-orchestrated consolidation strategy delivers greater visibility and control, cost savings and scale.
That’s thanks to advances in AI and machine learning (ML) that are strengthening cybersecurity platforms. Generative AI, for example, brings greater precision to cybersecurity while alleviating the heavy workloads and alert-fatigue that burden SecOps teams.
The goal: Fast-track new cybersecurity tech while reducing risk
Legacy tech stacks have gaps, and attackers are fine-tuning their tradecraft to exploit them. One of the widest gaps is between identities and endpoints. “It’s one of the biggest challenges that people … grapple with today,” Michael Sentonas, president of CrowdStrike, told VentureBeat in a recent interview. He had conducted a demonstration intended “to show some of the challenges with identity and the complexity … [because] it’s a critical problem. And if you can solve that, you can solve a big part of the cyber problem that an organization has.”
Three-quarters of security and risk-management professionals interviewed by Gartner say they are actively pursuing a vendor consolidation strategy for their cybersecurity tech stacks. And 22% more are planning to do so by 2025.
Gartner’s latest survey on consolidation concentrated on which direction enterprises are going in this area. It found that the top five areas through which organizations are pursuing consolidation are data security platforms (DSPs), cloud native application protection platforms (CNAPP), identity and access management (IGA, AM, PAM), extended detection and response (XDR) and secure access service edge (SASE).
CISOs from insurance, financial services and professional services enterprises tell VentureBeat that their goal is to access the latest AI and ML technologies to help reduce tool sprawl and alert-fatigue, help close skill gaps and shortages, and eliminate response inefficiencies.
AI is now part of cybersecurity’s DNA
“AI is incredibly, incredibly effective [at] processing large amounts of data and classifying this data to determine what is good and what’s bad,” said Vasu Jakkal, corporate vice president for Microsoft Security, Compliance, Identity and Privacy, in her keynote at RSAC 2023. “At Microsoft, we process 24 trillion signals every single day, and that’s across identities and endpoints and devices and collaboration tools, and much more. And without AI, we simply could not tackle this.”
Deep AI and ML expertise are now table stakes for staying competitive in cybersecurity. Even the most efficient, well-staffed and well-equipped SecOps team isn’t going to catch every intrusion attempt, breach and insider attack. Major cybersecurity vendors, including Blackberry Persona, Broadcom, Cisco, CrowdStrike, CyberArk, Cybereason, Ivanti, SentinelOne, Microsoft, McAfee, Palo Alto Networks, Sophos, VMWare Carbon Black and Zscaler have integrated AI into their core platforms, helping them sell a consolidation vision. Each sees a win-win — for their customers, and for their own DevOps teams, which are fast-tracking new AI- and ML-based enhancements into future releases.
CrowdStrike, for example, is successfully selling tech stack consolidation as a growth strategy, with its Falcon Insight XDR consolidation engine. Palo Alto Networks is another. Speaking at the company’s Ignite ’22 cybersecurity conference, Nikesh Arora, chairman and CEO, remarked that “customers … want the consolidation because right now, customers are going through the three biggest transformations ever: They’re going to network security transformation, they’re going through a cloud transformation, and [though] many of them don’t know … they’re about to go to a SOC transformation.”
The technologies proving effective at meeting CISOs’ greatest challenges
Attackers know how to exploit perimeter-based systems quickly and are constantly improving their techniques to penetrate networks undetected. They have become so advanced that they can often easily overwhelm the fragmented, legacy-based approaches many organizations still rely on for their cybersecurity.
AI and ML are instrumental in providing real-time detection and automated attack responses. CISOs tell VentureBeat that the big payoff is having a single system for all monitoring, prediction and response — a system with a set of integrated apps and tools that can interpret and act on data in real time. Together, these factors are driving the global market for AI-based cybersecurity technology and tools to grow by an expected $19 billion between 2021 and 2025.
Here are the technologies proving most effective in helping CISOs balance the many demands on their teams while keeping their organizations secure from internal and external attacks:
1. Endpoint detection and response (EDR)
EDR addresses the challenges of detecting and responding to advanced threats that can evade traditional endpoint security systems. It uses behavioral analysis to detect attacks in real time. EDR has also proven effective in helping SOC analysts and security teams detect and respond to ransomware and other attack techniques that can evade traditional signature-based antivirus apps and platforms. CISOs tell VentureBeat they rely on EDR to protect their highest-value assets first.
Leading vendors include CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, Trend Micro and VMware Carbon Black.
2. Endpoint protection platforms (EPPs)
Considered essential when revamping tech stacks to make them more integrated and able to scale and protect more endpoints, EPPs have proven their value to the CISOs whom VentureBeat interviewed for this article. They’re effective in battling emerging threats, including new malware exploits. One financial services CISO said that the advances in AI and ML in their company’s endpoint protection platform had stopped intrusions before they progressed into corporate networks.
Vendors are differentiating their EPP platforms on advanced analytics and greater endpoint visibility and control. EPPs are becoming increasingly data-driven. EPPs with ransomware detection and response include Absolute Software, whose Ransomware Response builds on the company’s expertise in endpoint visibility, control and resilience. Other vendors include Broadcom (Symantec), Bitdefender, CrowdStrike, Cisco, Cybereason, Deep Instinct, Trellix, Microsoft, SentinelOne, Sophos, Trend Micro and VMware Carbon Black.
3. Extended detection and response (XDR)
XDR platforms aggregate and correlate security alerts and telemetry from an organization’s endpoints, network, cloud and other data sources. CISOs tell VentureBeat that a well-implemented XDR solution outperforms legacy security tools in threat detection, investigation and automated response. XDR reduces costs, boosts security operations efficiency and lowers risk.
Vendors continue to add more APIs, supporting an open-architecture approach to integration so their platforms can accept, analyze and respond to telemetry data in real time. According to a vendor interview with VentureBeat, Palo Alto Networks’ Cortex XDR has reduced Rolls-Royce’s alert volumes by 90% and response times by 95%. Other leading vendors include CrowdStrike, Cynet, Microsoft and Trend Micro.
4. Identity threat detection and response (ITDR)
ITDR platforms protect a company’s identity infrastructure from sophisticated attacks. They help organizations monitor, detect and respond to identity threats as identity systems become both more critical and more vulnerable.
CISOs tell VentureBeat that combining ITDR and IAM improvements is essential to protect identities under siege, especially in healthcare and manufacturing, where attackers know there are soft targets. Microsoft has over 30,000 Azure AD Premium P2 customers gaining identity protection with Azure AD Identity Protection, for example. Other leading vendors include Netwrix and Silverfort.
5. Mobile threat defense (MTD)
MTD solutions protect smartphones and tablets from advanced threats that can bypass traditional security controls that are part of fragmented legacy tech stacks. MTD protects mobile apps, devices and networks from phishing, real-time zero-day threats, and advanced attack techniques based on identity and privileged access credential theft.
Ivanti’s approach to protecting mobile clients in highly regulated industries sets the technology standard in MTD. Ivanti Neurons for MTD is built on the Ivanti Neurons for MDM and clients and can be deployed on managed Android, iOS and iPadOS devices. Other leading vendors include CheckPoint, Lookout, Proofpoint, Pradeo, Symantec, VMWare and Zimperium.
Microsegmentation restricts lateral movement during a breach by separating workloads by identity. It also addresses poorly isolated workloads that allow attackers to spread laterally. CISOs tell VentureBeat that they have been able to streamline deployments by isolating high-risk workloads and using tools that assist in making contextual policy recommendations.
Microsegmentation reduces unauthorized workload communication and the blast radius of an attack, making it a pivotal technology for the future of cybersecurity and zero trust. Leading vendors include Illumio, Akamai/Guardicore and VMWare.
7. Secure access service edge (SASE)
CISOs tell VentureBeat that SASE has the potential to streamline consolidation plans while factoring in zero-trust network access (ZTNA) to secure endpoints and identities. This makes it a useful platform for driving consolidation.
Legacy network architectures can’t keep up with cloud-based workloads, and their perimeter-based security is proving too much of a liability, CIOs and CISOs tell VentureBeat. Legacy architectures are renowned for poor user experiences and wide security gaps. Esmond Kane, CISO of Steward Health, advises: “Understand that — at its core — SASE is zero trust. We’re talking about identity, authentication, access control, and privilege. Start there and then build out.”
“One of the key trends emerging from the pandemic has been the broad rethinking of how to provide network and security services to distributed workforces,” writes Garrett Bekker, senior research analyst, security at 451 Research, part of S&P Global Market Intelligence, in a 451 Research note titled “Another day, another SASE fueled deal as Absolute picks up NetMotion.”
Garrett continues, “This shift in thinking, in turn, has fueled interest in zero-trust network access (ZTNA) and secure access service edge.” Leading vendors include Absolute, Cato Networks, Cisco, Cloudflare, Forcepoint, Open Systems, Palo Alto Networks, Versa Networks, VMWare SASE and Zscaler.
8. Secure service edge (SSE)
To secure SaaS, web, and private applications, SSE integrates secure web gateway (SWG), cloud access security broker (CASB) and ZTNA into a single cloud platform. SSE’s workflows are also proving effective at simplifying the management of different point tools. And CISOs tell VentureBeat that SSE is effective for simplifying, securing and improving remote user experiences.
The big payoff for CISOs is how SSE can consolidate security tools into a unified cloud platform and standardize policy enforcement. Leading vendors include Broadcom, Cisco, Netskope and Zscaler.
9. Unified endpoint security (UES)
UES streamlines protection for every endpoint device, including PCs, mobile devices and servers, by consolidating siloed endpoint security tools into a single platform. UES solves the problems inherent in decentralized tools, like limited visibility, detection and response.
CISOs at leading insurance and financial services firms tell VentureBeat that UES is their go-to platform for ensuring that the security hygiene of an acquired company is in good shape before they move forward with broader integration.
Reduced licensing costs, unified visibility and faster response are key benefits, according to CISOs interviewed by VentureBeat. Leading vendors include BlackBerry, IBM Security MaaS360, Ivanti Neurons for UEM, Microsoft, VMware and ManageEngine. Ivanti Neurons for UEM is unique among UES vendors as its endpoint clients deliver real-time intelligence and can self-heal and self-secure.
10. Zero-trust network access (ZTNA)
ZTNA enforces least-privileged access in every application, resource and endpoint on a network while continuously monitoring all network activity. It assumes that no connection or resource request or use is trusted. Therefore it restricts connections to any asset, endpoint or resource to authorized users, devices and applications based on verified identity and context.
Gartner says hybrid work is a strong adoption driver for ZTNA, and that it has led to ZTNA being integrated into security service edge (SSE). According to Absolute Software’s 2023 Resilience Index, “zero-trust network access (ZTNA) helps [enterprises] move away from the dependency on username/password and [toward relying] on contextual factors, like time of day, geolocation, and device security posture, before granting access to enterprise resources.”
Zero-trust strategies effectively reduce the attack surface for remote connections by restricting access to authorized applications only. Absolute, Akamai, Cato Networks, Check Point, Cisco, Cloudflare, Forcepoint, Fortinet, Okta, Palo Alto Networks, Perimeter 81 and Zscaler are the leading vendors in the ZTNA market.
Why these 10 core technologies are driving cybersecurity’s consolidation
Attackers are aware of the gaps in legacy tech stacks and are constantly working to capitalize on them. The widening gap between identities and endpoint security is one of the largest and fastest-growing gaps. Industry leaders such as CrowdStike, Palo Alto Networks and Zscaler are focused on eliminating it.
That’s good news for CISOs attempting to balance support for new digital initiatives with consolidating their tech stacks to reduce legacy risks and getting more work done with a smaller staff.
AI-based platforms, including XDR, deliver the unified visibility and control CISOs and their teams need to reduce risk and protect threat surfaces. Cloud-based models, including SASE and SSE, are making it possible for CISOs to enable consistent policy enforcement. And ZTNA enforces least privileged access, with its core components shutting off lateral movement when a breach occurs.
By Louis Columbus, originally published on VentureBeat