The COVID-19 crisis has completely changed the outlook towards enterprise security. With a majority of people working remotely, cybersecurity has assumed a new importance. With an increase in the attack surface, enterprises are now looking at protecting data and applications, as the concept of a defined perimeter has evaporated. While 2020 was a year of upheaval, 2021 promises to be one of consolidation, and for preparing ourselves for the future with a solid and secure foundation.
As we are close to entering the new year, here’s what we expect will be the top trends that will redefine cybersecurity:
Increase in automation: With an increase in multicloud deployments, many organizations are struggling to monitor and secure different cloud-based systems, as there is no single point of control to monitor security and compliance. This is where automation can help. Automation can help in enforcing best practices and compliance, so that any human errors that may have inadvertently resulted in the infrastructure being insecure are corrected. This also means that security engineers don’t have to manually configure different firewalls, access points, networks etc. Security automation can also help in detection, alerting key people, remediation, taking countermeasures and forensics. One such use case can automate continuous compliance monitoring, compliance reporting and security response.
Identity is the new perimeter: In a new world where the concept of a perimeter is no longer relevant, identity is the new perimeter. Every service in the network or cloud can be compromised because of a compromised identity. There’s therefore a need to reinforce identity protection with user behavior analytics and adopting a zero trust model, where access is given only for what the user is entitled. This also means that managed service providers and enterprises must incorporate security by design, so that every stakeholder (customers, channel partners or suppliers) is protected.
Rising use of ML: Machine learning (ML) can have a great impact on the security operations center within a data center. AI can complement current Security Incidents and Event Management (SIEM) systems, by analyzing incidents and inputs from multiple systems, and devising an appropriate incident response system. Machine Learning models can improve the security operations center monitoring and basic L1 jobs can be reduced. For example, when more than 20,000 events per second are logged, it becomes difficult for human beings to monitor these events. ML-based systems can help in identifying the malicious traffic from the false positives and help data center administrators handle cyber security threats more efficiently. In 2021, we can expect a rise in ML-based behavior threat models for preventing known and unknown threats.
Consolidation of multiple security systems: Over the years, organizations have assembled a variety of security point solutions for different functions. This has created an information overload which is not consistent and most often leads to difficulty in getting the required insights that are needed to respond to these threats effectively. In 2021, we may see a rise in consolidation of multiple enterprise security silos across the digital and physical realm (IT, OT, supply chains etc.).
Transitioning to proactive threat management: Historically, managed security service providers (MSSPs) have been acting on alerts that they receive through event monitoring logs received through their SIEM systems. Today, as the threat landscape has evolved, the focus has changed to proactive security made possible by active threat hunting, network forensics and incident response. MSSPs will therefore need to evolve to become managed detection and response (MDR) providers and undertake proactive threat management. Gartner says that MDR providers deliver 24/7 threat monitoring, detection and lightweight response services to customers leveraging a combination of technologies deployed at the host and network layers, advanced analytics, threat intelligence and human expertise in incident investigation and response. MDR providers undertake incident validation, and can offer remote response services, such as threat containment, and support in bringing a customer's environment back to some form of known good. In 2021, this will be a big trend. Gartner forecasts that by 2024, 25% of organizations will use MDR services, up from 5% today, and 40% of midsize organizations will use MDR as their only managed security service.