ESG Blogs

Operationalizing the IT requirements for a remote workforce for many businesses means accelerating digital transformation initiatives, which leverage a range of cloud services. As a result, an organization’s cloud footprint increasingly includes a mix of third-party SaaS applications as well as internally developed cloud-native apps to support critical back, middle, and front office operations. But different organizations are in different stages of cloud adoption from born-in-the-cloud companies fully indexed on the cloud to enterprises who operate in a hybrid, multi-cloud world.

The application security market is in a state of transition as legacy approaches to web application firewall, API protection, bot mitigation, and DDoS prevention have struggled to meet the needs of modern applications. The decentralization of application development and shift to agile methodologies, significant shortage of security skills with regards to applications, and evolution towards sophisticated, multi-vector attacks have forced organizations to rethink their approaches to application security. The evolution towards WAAP, or web application and API protection has been a direct result but remains a work in progress, with many providers just starting to loosely couple the required pieces.

The IT implications of the pandemic-induced surge in remote work are headlined by an increased reliance on cloud applications and services. Supporting and securing direct-to-cloud access has necessitated a focus on identity and access management (IAM) initiatives including:

Zero-trust has seen an explosion in interest over the last few years. As the perimeter has become increasingly porous due to cloud usage and distributed network architectures, a fresh look at some of the foundational cybersecurity concepts was sorely needed. This has only been exacerbated by the pandemic, with many organizations not only supporting a primarily remote workforce, but also trying to complete their digital transformation journey in a matter of months, rather than the years they originally planned.

Old friend and Cybereason CSO Sam Curry and I got together (virtually) to chat about all things SOAPA. In part 2 of our video, we focus on:

• This newish thing called XDR. My colleague Dave Gruber and I are all over XDR as analysts, so I asked Sam for his thoughts. Sam thinks of XDR as taking EDR to the next level. He even broke down the acronym stating that the X signified telemetry independence. The “D” in XDR is somewhat overstated, Sam is really focused on the importance of the R, response, as security is about blocking (not finding) the bad guys. In the end, XDR should be a force multiplier for the cybersecurity staff.

I’ve known Cybereason CSO, Sam Curry for years, so it was a pleasure to lure him to ESG’s virtual studio for a SOAPA video. In part 1 of our 2-part series, Sam and I discuss:

• Why EDR? Sam describes how, unlike SIEM, EDR is designed for one specific purpose – finding the bad guys. The best EDR solutions identify signals in all the noise, alert humans about malicious activities, and make it easy for them to take action.

Cloud security as has reached a tipping point by virtue of the fact that both SaaS and internally developed cloud-native applications now perform business-critical functions. In turn, cloud security can no longer be a siloed discipline in which separate teams employ separate controls to secure separate environments. Fortunately, cloud security is starting to be mainstreamed – security teams are getting more involved in scrums and sprints, and many CIO’s are creating and funding cross-functional cloud centers of excellence (CCoE). The maturation of cloud security programs, however, needs to include bringing cloud observability into the security operations center. It’s time to put the C in XDR. 

The first blog I wrote about elastic cloud gateways prior to Black Hat 2019 referenced next-generation firewalls relative to the shift to application-centric, Layer 7 scanning, and the massive impact that had on the network security market. What I didn’t appreciate at the time is how similar the trajectory of the two spaces would be. In the 10 months since Black Hat, we’ve witnessed a massive amount of momentum in this area. In fact, recently completed ESG research on elastic cloud gateways found that 94% of organizations reported usage of, or some level of interest in, these types of solutions. With secure access services edge (SASE) having become common terminology within the network security space, I’m often asked what the difference is between ECG and SASE. The fact is, there are many more similarities than differences; however, the differences that do exist are important.

XDR may succeed but XDR vendors face deployment challenges and competition on several fronts.

My colleague Dave Gruber and I are all over this new concept called XDR. Just what is this new acronym all about? In a recent CSO Online blog, I defined XDR as:

An integrated suite of security products spanning hybrid IT architectures, designed to interoperate and coordinate on threat prevention, detection, and response. XDR unifies control points, security telemetry, analytics, and operations into one enterprise system.

Hmm, sounds interesting but is there a market for yet another type of security product?

To explore user perspectives around SASE solutions and elastic cloud gateway architectures, ESG recently completed a research study on the convergence of network security tools through a consolidated, cloud-delivered platform. The study explored pain points with current approaches and tools, interest in and important elements of an ECG approach, and what organizations expect to gain from implementing an ECG architecture. To explore some of the research, I invited my colleague Jon Oltsik to discuss the findings and what they mean.