Instead of making 2016 predictions in December, I decided to kick off the new year by sharing what’s on my cybersecurity radar screen for 2016. Given fundamental changes in computing models from cloud to mobility to IoT; the complexity of the threat landscape with hacker motivations of cybercrime, espionage, and activism; and the multitude of technology and solution providers; one’s radar screen quickly fills with more blips than can be reasonably tracked. And so I somewhat reluctantly offer up just a few threads of particular interest. But before looking at 2016, here’s a positive retrospective thought about 2015.
It would be obvious, if not trite, to recite the large number of high profile breaches of 2015, and while that is an undeniable truth, we also saw notable collaboration amongst security vendors. After all, cybersecurity needs to be more of a team sport, and in 2015 such teamwork yielded product integrations that go well beyond sending alerts to consoles. Customers buy point tools out of necessity, but prefer platforms for good reason — feature aggregation and operational efficiency. Integrations that enable use cases represent solutions that can help fill the void. Here are three such examples:
- Coordination of advanced endpoint and network security controls to expedite threat detection and response to reduce dwell time.
- In the Cloud Access Security Broker (CASB) market, integrations with web proxies and DLP inspection engines provide customers with the levels of visibility and control required to protect data associated with the use of SaaS applications, be they shadowy or sanctioned.
- And threat intelligence feeds integrated into network and host-based security controls start to make such data more contextual, and thus actionable.
While I will look for deeper integrations to be delivered in 2016 that enable more advanced use cases such as automated workflow, here are a few other things on my radar screen for this new year.
- Multi-Dimensional Clouds Highlight The need for Unifying Security Controls — Broader deployment of hybrid clouds in the enterprise creates an imperative to unify policies across disparate infrastructures for seamless security as well as compliance. One can argue the difference between a hybrid and multi-cloud environment, especially as public cloud footprints become more heterogeneous. In all variations thereof, however, CISOs I speak with seek security solutions which are workload-centric, API-driven, and span disparate infrastructures to secure multi-dimensional clouds. SumoLogic and Trend Micro are two vendors with solutions that centralize security across the modern datacenter, while offerings from Certes, Illumio, and vArmour employ a software-defined perimeter approach to secure workload communication both intra and inter-clouds.
- Containers Seeing the Light of Day — To date largely relegated to test and dev environments, the "agility on steroids" value-prop of containers is such that we should watch for more containerization of the production environment (at least by cloud-native and some cloud-first companies) putting further pressure on enterprises-still-in-transition to get with the agility program. But enterprise readiness of container deployments is TBD for 2016 and could well be a limiting factor. Companies such as CloudPassage, ThreatStack, and Twistlock, who have already provided container-aware security controls, are leading the discussion for this emerging sub-segment of workload security.
- Consolidation and (Re) Emergence of Market Leaders — Two cybersecurity segments I’ll be paying a lot of attention to in anticipation of consolidation is CASB and endpoint security, of which the former, while still early days, is developing at an accelerated rate, and the latter is in a state of disruption. Elastica (now Blue Coat), Netskope, and Skyhigh Networks are the pure plays who defined and essentially created the CASB market with solutions that have horizontal appeal given the need to both discover the use of Shadow IT applications for visibility, and to control such use to protect cloud-resident data assets. Appreciable customer, channel, and vendor activity make this space a hot one in 2016. As relevant as cloud access is for nearly all organizations, the focus on securing the vulnerable endpoint will be equally front and center with new prevention capabilities from vendors such as Cylance and Invincea challenging both incumbents as well as the order in which an endpoint detection and response (EDR) product is purchased and deployed. But beware the incumbents who already own precious endpoint real estate and have a strategic imperative to maintain account control via both organic and inorganic initiatives. Symantec, liberated from its split with Veritas, will be highly focused on delivering on its compelling advanced threat protection strategy making them an obvious player to watch in 2016.
Cybersecurity insurance market dynamics, the impact of European Union data protection and privacy directives on the industry, securing east-west traffic and security as a killer app for microsegmentation, applying user behavior analytics to all touch points, and “next gen” analytics which enable the hunt are also on my over-subscribed and hyperactive radar screen. All the best for 2016!