From ransomware-as-a-service, which lets criminals lease out ready-made ransomware tools, to evasive malware, which avoids detection techniques, cybercrime is evolving fast. Fortunately, cybersecurity is too.
As threat actors discover new methods to infiltrate networks, security vendors and researchers are constantly finding new ways to stop them. In some cases, defenders even appear to be winning. According to IBM, the average time to identify and contain a breach in 2022 is 277 days. That’s still a lot, but it’s 10 days less than last year.
Looking back on 2022, here are the three cybersecurity market trends we think defined this year.
As a rule, any organisation that invests in its own security probably has too many cybersecurity tools. In 2022, the race to reign in cybersecurity tool sprawl was a core trend.
Cited by Gartner as one of their top security and risk management trends for 2022, vendor consolidation is one way to do more with fewer tools. It means swapping a security stack built on a range of different solutions from multiple vendors for a single platform from one vendor.
The promise of single vendor platforms is that all the solutions on them work well together out of the box. It also makes it easier to plug in new solutions, spot redundancy, and see your digital estate in a single view—a major plus for most companies.
At the moment, nearly half of organisations use between 6 and 40 point security products, and close to one-third use between 11 and 40 products from different vendors, according to Check Point Research.
This means that pretty much all (98%) organisations have to switch between multiple consoles to manage their security products, creating a host of challenges such as:
Previous research also shows that the more tools a company uses, the worse its ability to detect and respond to attacks gets. Unsurprisingly, more than two-thirds of IT professionals think vendor consolidation would improve their security.
However, it’s important to point out that buying a suite of tools from a “single vendor” doesn’t always mean the tools you get are actually “consolidated.” It just means the same company sells them.
For a tool stack to be truly consolidated, its capabilities must be built from the ground up to link together natively. Integration doesn’t happen by accident.
In their 2022 cybersecurity trends report, McKinsey noted that the threat landscape is evolving rapidly. To keep up, the consulting firm strongly recommended that companies automate as much of their security operations as possible.
IBM is of a similar opinion. In its Cost of a Data Breach Report, IBM provided a host of real-world statistics that prove the value of security AI and automation systems.
According to the report, companies that leverage security AI and automation— using tools that replace/augment humans in detecting and responding to cyber incidents—see a big reduction (65.2%) in how much an average breach costs compared to companies that don’t.
AI can also detect suspicious patterns that may go unnoticed by humans. This shortens the time it takes to spot and remediate a breach too. On average, security AI and automation reduce the time it takes to identify and contain a breach by almost two and a half months (74 days).
Little wonder then that security AI and automation tools got more popular in 2022. Between 2020 and 2022, adoption went from 59% to 70%. We expect this figure to grow further in 2023.
First noted in 2010, the term “zero trust” describes an IT environment where trusted applications or users don’t exist. This year, zero trust seemed to be on almost every IT leader’s to-do list.
To recap, zero trust is based on the principle that no user, whether inside or outside of an organisation’s network, can be trusted implicitly. Instead, zero trust requires continuous authentication and verification — the exact opposite of the castle-and-moat version of cybersecurity that IT professionals have grown up with.
In 2022, 97% of organisations said they had either implemented zero trust initiatives (like multi-factor authentication) already or planned to do so in the next year and a half. In contrast, in 2018, only 16% of companies followed zero trust principles.
As for why zero trust is getting so popular? 99% of businesses that have adopted zero trust said their cybersecurity has improved.
However, zero trust is probably one of the most difficult things a security team can do.
Balancing usability and security is as much of a political as a technological challenge. Making things worse is that many organisations seem to think that they can buy a product from a single vendor that will do the job.
In reality, zero trust is “a framework of technologies and best practices” that need to be hashed out over time and adopted across a company’s IT environment, says Vice President of Product Management Steve Malone at Egress when speaking to CSO Online. He likes to call it “healthy and ongoing paranoia.” We agree.
SenseOn might be on the cutting edge of the hottest trends shaping security today, but our priority is not to follow what the market thinks. Instead, our goal is to create the solutions that firms need to stay safe, regardless of what is trending in the security world.
We give our customers an automated security platform that natively consolidates multiple security tools, automates threat detection, investigation, and response, and supports zero trust.
SenseOn combines the capabilities of antivirus (AV), endpoint detection and response (EDR), network detection and response (NDR), security information and event management (SIEM), and security orchestration, automation, and response (SOAR) into one consolidated system. In this way, we eliminate the need for companies to manage multiple-point solutions and use several dashboards to keep track of alerts.
SenseOn also uses machine learning and AI to emulate how a human analyst thinks. Rather than flagging every suspicious event it comes across, SenseOn correlates data across a company’s infrastructure to see if there’s a link between events on different parts of its IT estate.
SenseOn then contrasts whatever it finds against real-world hypotheses using Machine and Expert Reasoning frameworks, only bringing genuine alerts to the surface. Every alert is prioritised and mapped to the MITRE ATT&CK framework, reducing the investigative workload by 99% on average.
This security visibility and context also help with zero trust as it makes it easier to verify authentic connections. Anytime a user or device starts acting suspiciously, SenseOn will bring this to the attention of the IT team.
For time-critical threats like ransomware, SenseOn can even take automated action, i.e., quarantining infected devices.
In 2023, security teams will bear the brunt of a global economic and political environment that has never been more unpredictable. One constant will be the need to allocate security resources efficiently. More teams will look for connected tools like SenseOn, which decreases deployment times 15-fold and costs 10- times less compared to traditional security stacks.