Industry executives and experts share their predictions for 2021. Read them in this 13th annual VMblog.com series exclusive.
Hindsight is 2020 - How to Prepare for the Digital Business Era
By
Augusto Barros, VP of Solutions at Securonix
Prior
to the pandemic, enterprises were already shifting focus to cloud and hybrid IT
strategies that offered new benefits including enhanced flexibility, agility,
and cost savings. This movement was further accelerated by COVID-19, as
organizations rushed to deploy technologies to enable a remote workforce. More
than ever, organizations realize the need for tools that can provide SOC teams
with critical visibility and comprehensive telemetry into expanding cloud
environments and technology layers, so they can better protect against new and
emerging threats that have arisen in this unprecedented time.
While everyone
hopes to return to "normal" post-pandemic, the remote workforce is here to stay.
A recent 451-survey found that 67% of respondents expect
work-from-home policies will remain in place permanently or at least for the
long term after the pandemic ends. During this time, organizations will realize
that trying to make traditional tools work in this new digital
business era is like trying to fit a square peg into a round hole.
With 2020 finally reaching its end, here
are some key predictions and trends that will help organizations prepare for a
successful 2021 and beyond:
Remote Workforce Attacks Will Become Even More Noticeable
Organizations moved quickly to remote work situations in response to the
COVID-19 pandemic. The rushed move greatly expanded the threat surface of all
organizations, and attackers will continue to exploit that as a new vector for
their campaigns.
Cloud and Traditional Hybrid Threats Will Expand
As organizations expand their footprint into the cloud, more threat
scenarios will persist where the compromise of cloud assets lead to the compromise
of on-prem resources and vice-versa. Organizations will see their cloud
resources hijacked through users having their workstations in the corporate
network compromised and cloud credentials stolen there. Others will see
cloud-based applications being compromised and used as bridgeheads to reach
on-prem sensitive systems such as corporate databases.
Ransomware Cases Will Become More Complex and Hit Big Enterprises
We've seen in 2020 cases where ransomware caused major disruption to organizations'
services, such as Garmin, and also cases where the attack moved from a purely
malware-driven attack to an advanced threat scenario including human factors
such as insider cooperation, such as Tesla. Criminals will keep expanding on
the threat vectors used and move to more complex scenarios beyond simple
malware automated attacks.
SaaS (Software as a Service) Solutions Will Rise in Adoption
More organizations will move their security tools to the cloud.
Organization-wide cloud first initiatives are putting pressure on security
groups to also move their tools to the cloud. As these initiatives move
forward, data gravity will force solutions that require the collection of
massive data volumes from infrastructure and applications to move closer to the
data sources.
XDR (Extended Detection Response) Will Skyrocket as It Proves Enterprise
Need
XDR will keep growing in adoption and buzz as organizations look for a
way to cover an expanding threat landscape and keep complexity and operational
overhead under control. Many will realize the complexity reduction and
operational gains will not fully materialize as additional solutions to
compensate for the lack of flexibility and threat coverage will need to be
added.
MDR (Managed Detection and Response) Services Will Keep Evolving Beyond EDR
(Endpoint Detection and Response) Based Offerings
As organizations adopt more cloud services and expand their endpoint
profile to IoT (Internet of Things) and mobile devices, the need to leverage
security services that work even when an agent cannot be deployed will push MDR
providers to evolve their offerings to integrate other technologies. The number
of MDR providers adopting SIEM (Security Information & Event Management),
UEBA (User Behavior Analytics) and SOAR (Security Orchestration Automation and
Response) solutions in their backend will grow as part of this evolution.
Migrating
from on-premises systems to the cloud is no longer an option for organizations
looking to excel post-pandemic, in a virtual world that will be characterized
by a new set of priorities and challenges. Adopting solutions that provide
seamless visibility and telemetry across environments will be crucial for SOC
teams that must vigilantly monitor the ever-changing threat landscape and
maintain optimal security posture.
##
About
the Author
Augusto
Barros has more than 15 years of experience in the IT security industry. He is
currently the VP of Solutions for Securonix. Prior to his current role he was a
VP Analyst at Gartner, covering the security operations space. He has served as
a Security Architect and Security Officer for large enterprises and as a
Security Consultant for clients in finance, retail, manufacturing and
healthcare. Augusto Barros has worked on a variety of projects and initiatives
on information security, from security awareness campaigns to penetration
testing and security infrastructure design. In addition, Augusto Barros has
taught classes and presented at many security conferences across the world,
addressing audiences in the U.S., Europe and Brazil.