{"id":1309,"date":"2024-12-19T09:00:00","date_gmt":"2024-12-19T09:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=1309"},"modified":"2024-12-19T09:00:00","modified_gmt":"2024-12-19T09:00:00","slug":"top-security-solutions-being-piloted-today-and-how-to-do-it-right","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=1309","title":{"rendered":"Top security solutions being piloted today \u2014 and how to do it right"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Ask almost any CISO and they will tell you the security landscape just keeps getting more complex. New products arise, technology categories blur, vendors gobble up competitors or venture into adjacent markets, and every once in a while a seismic advance like generative AI comes along to shake up everything.<\/p>\n

But with threat vectors constantly evolving and enterprise IT transforming to introduce new attack surfaces, CISOs must continuously research and assess new solutions to advance their defenses and keep up with the threatscape.<\/p>\n

As part of our \u201cCSO Security Priorities Study<\/a>,\u201d we surveyed over 870 CISOs, CSOs, and other cybersecurity leaders about where their organization stood with a range of technologies core to enterprise security today. Far and away the most popular category under investigation is AI-enabled technologies, cited as being researched or piloted by 62% of CISOs \u2014 followed by zero trust<\/a> (48%); security, orchestration, automation, and response (SOAR) (46%); and deception tech (45%).<\/p>\n

DevSecOps<\/a> and SASE<\/a>, each cited by 44% of CISOs, are also popular areas for investigation, with XDR<\/a> (42%), CASB<\/a> (42%), cloud-based cybersecurity services (41%), and identity threat detection and response (ITDR) (41%) rounding out the top 10.<\/p>\n

\n

Foundry \/ CSO<\/p>\n<\/div>\n

While there is overlap between the various categories surveyed, this diversity captures the challenge CSOs face in the marketplace: the overwhelming number of technologies and solutions to choose from and then integrate seamlessly into their existing tech stack. <\/a><\/p>\n

Overcoming the paradox of choice in cybersecurity<\/h2>\n

Pascal Menezes, CTO of <\/a>MEF, summarizes the issue well: \u201cThe problem with cybersecurity is that they\u2019re all little parts and pieces that enterprises have to kind of glue together and make it work. \u2026The world\u2019s changing rapidly,\u201d he says.<\/p>\n

In this environment, cybersecurity leaders may fall into a common trap, pursuing technologies based on market hype rather than business needs, resulting in a hodgepodge of security solutions.<\/p>\n

To circumvent this problem, Achyuth Krishna, <\/a>head of IT and infosec at Whatfix, advises looking inward instead of outward. While particular technologies may address specific threats and vulnerabilities, their impact is inherently tied to the nature and priorities of the business. Thus, according to Krishna, cybersecurity leaders must understand information security risks as they align with their organization\u2019s objectives and operations.<\/p>\n

\u201cThe first priority should be identifying and addressing blind spots in the security landscape, as these often pose the greatest risks,\u201d he says, adding that CISOs should then focus research and piloting on technologies that address these vulnerabilities as part of a proactive, business-aligned approach to cybersecurity.<\/p>\n

For Krishna, this means piloting cloud access security brokers (CASBs) at Whatfix, which has another six commonly researched areas already in production: DevSecOps, cloud-based cybersecurity services, cloud data protection, data analytics, third-party security evaluation services, and cloud posture management tools.<\/p>\n

<\/a>Adopting cutting-edge technologies \u2014 in phases\u00a0<\/h2>\n

When cybersecurity leaders feel a new technology is important for their security posture, they may often rush a solution to production, leading to poor or haphazard results.<\/p>\n

Pablo Riboldi, CISO of BairesDev, recommends a phased approach. Today, the provider of nearshore tech talent is implementing zero-trust technologies to continuously verify who\u2019s accessing its systems and to ensure its devices meet security standards, Riboldi says. The goal is to minimize risks from unauthorized access and lateral movement within its network.<\/p>\n

\u201cFor our zero-trust strategy, we started with the high-risk applications and then widened our focus to include more access scenarios. We keep track of how we\u2019re doing by looking at access success rates and the number of incidents we\u2019ve reduced,\u201d he says.<\/p>\n

BairesDev is also taking a phased approach to implementing <\/a>secure access service edge (SASE)<\/a>, a term coined by Gartner when companies were shifting to remote and hybrid work en masse and needed secure access from various environments. Riboldi says BairesDev\u2019s SASE implementation will centralize its network and security services in one cloud-based solution, giving the security team greater visibility into their distributed workforce.<\/p>\n

\u201cWhen it comes to SASE, we made it a priority to integrate it with our existing cloud-based services and provided user training to help everyone adjust easily. We\u2019re also working closely with stakeholders and doing regular check-ins to ensure these technologies align well with our business goals,\u201d he says.<\/p>\n

<\/a>Understanding tech-specific implementation challenges<\/h2>\n

With security vendors rapidly enhancing solutions with AI \u2014 and hyping them \u2014\u00a0CISOs are faced with a firehose of options to investigate, many of which require the greater scrutiny that a version 1.0 product requires.<\/p>\n

Because a key selling point of \u201cAI inside\u201d is scale, IDC Asia Senior Research Manager Sakshi Grover advises CISOs who want an AI-enabled use case in their cybersecurity portfolio to first determine what they are trying to scale.<\/p>\n

\u201cIs the problem occurring with your [configuration management], your system identity and event management, identity, threat intelligence, or threat detection and response workloads? If you are able to figure out which tech you want to scale \u2014 what\u2019s the problem on ground \u2014 that solves the majority of your problem,\u201d she says.<\/p>\n

Mital Patel, CIO of <\/a>Caxton, says his company is implementing AI-enabled technology, especially around ITDR and XDR, for its user base of 100 to 125 employees.<\/p>\n

\u201cWhat we typically find is we give them technology, we give them access to systems, but we don\u2019t know how they\u2019re controlling their accounts, the devices, and anything related to the company,\u201d he says.<\/p>\n

This lack of transparency compounds the nature of cyberattacks against the fintech company, which occur when the company is most vulnerable, such as after work hours or on bank holidays.<\/p>\n

AI-enhanced, the company\u2019s security software now monitors login analytics, such as where a person is logging in from and what device they are using, to detect any abnormal activities and raise an alert. The goal is to create a self-service model because Caxton\u2019s cybersecurity team is small and not on-site.<\/p>\n

But the AI-enabled solution has taken time to prove effective, Patel says. In the first few months of implementation, Caxton received many false positives: activities that were flagged as vulnerabilities but were, in fact, legitimate business uses. These false positives wasted the team\u2019s time.<\/p>\n

Patel advises businesses exploring AI-enhanced technologies to pay close attention to parameters and give the solution time to understand and learn from your infrastructure. He also emphasizes the importance of feeding it relevant data.<\/p>\n

\u201c[AI-enabled solutions] can give you a lot of nonsense, a lot of noise that you don\u2019t even respond to. So it\u2019s basically having that granular throughput where you can actually see, \u2018Okay, this is genuine information that I care about, the organization cares about, and this is how we handle it,\u2019\u201d Patel says.<\/p>\n

<\/a>Evaluating vendors<\/h2>\n

Evaluating and implementing external solutions carries many risks. With AI-based solutions, this is compounded.<\/p>\n

IDC\u2019s Grover says her research firm predicts that in the next year at least 20% of organizations will move gen AI use cases from proof-of-concept to production without conducting a risk-based assessment, leading to a \u201chouse of cards situation,\u201d she says.<\/p>\n

Vendors may not be immune to this practice, so Grover stresses that any vendor must be vetted through a litany of questions in the early stages relevant to its intended use.<\/p>\n

\u201cFor example, if it comes to data: Who is going to use that data? Where is that data coming from? How is that data being used? How is it being collected?\u201d she says.<\/p>\n

If the CISO gets satisfactory answers to these questions, they should look at the metrics the vendor will track and project their return on investment, Grover says. \u201cIf you feel that those metrics can give you a good return on investment and you are assured of the vendor\u2019s answer, then only go to the pilot stage,\u201d she advises.<\/p>\n

MEF\u2019s Menezes suggests another shorthand for evaluating vendors: certifications. According to Menezes, examining a vendor\u2019s certifications can help CSOs cut through the marketing speak.<\/p>\n

\u201cBecause really, they all claim a whole bunch of stuff, but who knows what they can really do, right? Certification is third-party testing to ensure this stuff works,\u201d he says.<\/p>\n

As a global industry association, MEF offers vendor certifications that cover SASE and zero-trust technologies, but Menezes recommends looking for certs from a vendor regardless of category.<\/p>\n

With certification, \u201ceverything is tested by a third party to make sure it works as it claims it should work. And certification by default means there\u2019s some standardization that allows them to test these various use cases,\u201d he says.<\/p>\n

<\/a>Prioritize with purpose<\/h2>\n

IDC\u2019s Grover says each technology category mentioned in the \u201cCSO Security Priorities Study\u201d is generally crucial to all enterprises. In this view, organizations should not treat the categories as a menu of options but a list to prioritize to suit their needs.<\/p>\n

For example, when asked where a cybersecurity organization should start from scratch, such as a startup that just received venture funding, she offered the following advice: \u201cOnce you have decided [between on-premises or cloud], the most important vision for cybersecurity you need to have is SASE because it gives you a methodology and a framework to protect your assets.\u201d<\/p>\n

Grover then advises researching threat detection and response, including incident management and vulnerability assessment and penetration testing (VAPT). \u201cLast but not the least, identity \u2014 because, at the end of the day, you are going to interact with your clients, your partners, your employees, and other stakeholders from the board as well,\u201d she says.<\/p>\n

Regardless of the where your company is on its growth curve, security leaders should prioritize their pilots based on the underlying purpose of the technology: what they ultimately defend, Grover says.<\/p>\n

To sharpen focus in a busy landscape, organizations may want to determine how a technology advances \u2014 or does not advance \u2014 the security posture of the area they are trying to strengthen.<\/p>\n

\u201c[The technologies] are basically protecting these five control points, which are your data, your network, your APIs and applications, your endpoint, and your identity,\u201d she says. \u201cAll solutions are directly linked to these five control points.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Ask almost any CISO and they will tell you the security landscape just keeps getting more complex. New products arise, technology categories blur, vendors gobble up competitors or venture into adjacent markets, and every once in a while a seismic advance like generative AI comes along to shake up everything. But with threat vectors constantly […]<\/p>\n","protected":false},"author":0,"featured_media":1310,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1309","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1309"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1309"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1309\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/1310"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1309"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1309"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1309"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}