The Covid-19 crisis has completely changed the outlook towards enterprise security. With a majority of people working remotely, cybersecurity has assumed a new importance. With an increase in the attack surface, enterprises are now looking at protecting data and applications, as the concept of a defined perimeter has evaporated. While 2020 was a year of upheaval, 2021 promises to be one of consolidation, and for preparing ourselves for the future with a solid and secure foundation.
As we are close to entering the new year, here is what we expect will be the top trends that will redefine cybersecurity:
#Increase in Automation: With an increase in multi-cloud deployments, many organizations are struggling to monitor and secure different cloud based systems, as there is no single point of control to monitor security and compliance. This is where automation can help. Automation can help in enforcing best practices and compliance, so that any human errors that may have inadvertently resulted in the infrastructure being insecure are corrected. This also means that security engineers do not have to manually configure different firewalls, access points, networks etc. Security automation can also help in detection, alerting key people, remediation, taking counter measures and forensics. One such use case can automate continuous compliance monitoring, compliance reporting and security response.
#Identity is the new perimeter: In a new world where the concept of a perimeter is no longer relevant, identity is the new perimeter. Every service in the network or cloud can be compromised because of a compromised identity. There is hence a need to reinforce identity protection with user behavior analytics and adopting a zero trust model, where access is given only for what the user is entitled to. This also means that managed service providers and enterprises must incorporate security by design, so that every stakeholder (customers, channel partners or suppliers) is protected.
#Rising use of ML: Machine learning can be used with great impact in a security operations center in a data center. AI can complement current Security Incidents and Event Management (SIEM) systems, by analyzing incidents and inputs from multiple systems, and devising an appropriate incident response system. Machine Learning models can improve the security operations centre monitoring and basic L1 jobs can be reduced. For example, when more than 20,000 events per second are logged, it becomes difficult for human beings to monitor these events. ML based systems can help in identifying the malicious traffic from the false positives and help data center administrators handle cyber security threats more efficiently. In 2021, we can expect a rise in ML-based behavior threat models for preventing known and unknown threats.
#Consolidation of multiple security systems: Over the years, organizations have assembled a variety of security point solutions for different functions. This has created an information overload which is not consistent and most often leads to difficulty in getting the required insights that are needed to respond to these threats effectively. In 2021, we may see a rise in consolidation of multiple enterprise security silos across the digital and physical realm (IT, OT, supply chains etc).
#Transitioning to proactive threat management: Historically, Managed Security Service Providers, have been acting on alerts that they receive through event monitoring logs received through their SIEM systems. Today, as the threat landscape has evolved, the focus has changed to proactive security made possible by active threat hunting, network forensics and incident response. MSSPs will hence need to evolve to become Managed threat detection and response (MDR) providers and undertake proactive threat management. Gartner says that Managed detection and response (MDR) providers deliver 24/7 threat monitoring, detection and lightweight response services to customers leveraging a combination of technologies deployed at the host and network layers, advanced analytics, threat intelligence, and human expertise in incident investigation and response. MDR providers undertake incident validation, and can offer remote response services, such as threat containment, and support in bringing a customer's environment back to some form of known good. In 2021, this will be a big trend. Gartner forecasts that by 2024, 25% of organizations will use MDR services, up from 5% today, and 40% of midsize enterprises will use MDR as their only managed security service.