Something simply must be done to slow, and ultimately reverse, attack surface expansion.
Related: What Cisco’s buyout of Splunk really signals
We’re in the midst of driving towards a dramatically scaled-up and increasingly connected digital ecosystem. Companies are obsessed with leveraging cloud-hosted IT infrastructure and the speedy software development and deployment that goes along with that.
And yet it remains all too easy for malicious hackers to get deep access, steal data, spread ransomware, disrupt infrastructure and attain long run unauthorized access.
I heard a cogent assessment of the shift that must take at the Omdia Analyst Summit at Black Hat USA 2023. In a keynote address, Omdia’s Eric Parizo, managing prinicipal analyst, and Andrew Braunberg, principal analyst, unveiled an approach they coined as “proactive security.”
What I came away with is that many of the new cloud-centric security frameworks and tools fit as components of proactive security, while familiar legacy solutions, like firewalls and SIEMs, can be categorized as either preventative or reactive security. This is a useful way to look at it.
Rising reliance on proactive tools seems inevitable, although legacy tools continue to advance and have their place. The Omdia analysts called out a handful of key proactive methodologies: Risk-Based Vulnerability Management (RBVM), Attack Surface Management (ASM), and Incident Simulation and Testing (IST).
RBVM solutions don’t merely identify vulnerabilities, it quantifies and prioritizes them, making risk management more strategic. Notably, some 79 percent of enterprises recently polled by Omdia consider this risk-ranking capability indispensable.
Last Watchdog followed up with Braunberg to ask him, among other things, what RBVM solutions signal about the ramping up of proactive security. Here’s what he had to say:
LW: What is ‘proactive security’ and why is it gaining traction?
Braunberg: Proactive solutions seek out and mitigate likely threats and threat conditions before they pose a danger to the environment. These tools provide visibility, assessment, and control of an organization’s attack surface and an understanding of viable attack paths based on asset exposures and the effectiveness of deployed security controls. Omdia believes it is gaining traction because, for too long, enterprises have been investing in security solutions that only help after an attack is already on their doorstep – or has broken down the door! Proactive Security finally helps get ahead of adversaries, finding and fixing the opportunities they seek to exploit, before they can exploit them.
LW: Legacy on-prem tools tend to be preventative, advanced on-prem tools are reactive and the shiny new cloud-centric solutions are proactive. Is that fair?
Braunberg: Well, it’s fair to say that modern software defined architectures, such as cloud, can introduce many more potential exposures and that a proactive approach is particularly effective in identifying and controlling configuration drift in these environments. But Omdia believes that a mix of preventative, reactive, and proactive tools are appropriate across all components of the digital landscape.
LW: Your ‘continuous security protection lifecycle’ argument suggests we’re in an early phase of what: co-mingling; consolidating; integration of these three categories?
Braunberg: Omdia sees several trends at work in the market today. There is a strong trend of consolidation in proactive security segments. We predict that proactive security functionality will roll up into comprehensive proactive security platforms over the next several years. But we also see traditional reactive security suites incorporating proactive features. So, we expect consolidation, co-mingling, and integration for the foreseeable future.
LW: How would you characterize where we are today?
Braunberg: There is significant innovation and investment in many traditional segments of proactive security. This is driven primarily by a desire to support better risk-based analytics to prioritize risk and better inform remediations. But as noted, we are also in the early stages of market consolidation.
LW: What does Cisco’s $28 billion acquisition of Splunk signal about the trajectory that network security is on?
Braunberg: It’s less about network security as much as it is filling a need for Cisco. The networking giant sees Splunk as a premium brand in a market segment, SIEM, that it had yet to enter, giving Cisco a strong opportunity to upsell existing Cisco Secure customers
LW: Won’t companies have to rethink and revamp long-engrained budgeting practices?
Braunberg: Absolutely. Omdia believes that over the coming years, enterprises should and will increase the percentage of their cybersecurity technology budgets allocated for proactive security solutions. Not only will this provide a forward-leaning approach to get ahead of threats and threat conditions before they can hurt the enterprise, but it will also reduce cybersecurity risk, in turn providing improved ROI for the security solution.
LW: How does ‘risk-based vulnerability management’ factor in?
Braunberg: RBVM will play a key role in proactive strategies. These products are already expanding into more comprehensive tools for addressing security hygiene issues across the entire digital domain for both production code and code in development.
LW: Can you characterize what’s happening in the field today with early adopters of this approach?
Braunberg: Omdia’s recent primary research, the 2023 Omdia Cybersecurity Decision Maker Survey, querying global security practitioners, found an overwhelming need to rank vulnerabilities and to prioritize next actions based on risk. Early adopters of proactive tools are primarily focused on this need.
LW: What are you hearing from these early adopters?
Braunberg: In addition to the obvious benefit of more efficient, effective security practices in the form of specific product categories like risk-based vulnerability management, which provides prioritization and remediation decision based on contextual risk to the organization, but also increased emphasis on the core tenants of Proactive Security: visibility and risk.
Proactive helps underscore the importance of being able to detect, define, categorize, and understand the risk of all assets in the extended enterprise environment. From there, it becomes possible to identify opportunities to address threat conditions, such as the need for software patches, vulnerable configurations, or even poor practices and policies.
Going forward, this will further the importance of maturation on security risk, leading to more dedicated risk teams and discerning ROI from security solutions based on their ability to reduce risk.
LW: Five years from now, will it be equal parts proactive, preventative and reactive — or some other mix?
Braunberg: It’s too early to say what the pie chart might look like, but for most organizations today, the priority is to increase the emphasis on and shift toward Proactive Security, from both a strategic and technical planning perspective. Omdia believes it’s time to shift the conversation to one of ROI based on risk reduction, and vendors offering Proactive Security solutions will be best positioned to make that case.
LW: Anything else?
Braunberg: We just published our new report on the Fundamentals of Proactive Security, which is a 6,000-word deep dive on the topic. It’s available to Omdia Cyber clients. Plus, we’ll have more on Proactive, on our sister site Dark Reading, and elsewhere in the near future.
Acohido
Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.
October 4th, 2023