When it comes to cybersecurity in 2023, the name of the game is proactive.
Proactive cybersecurity relies on technologies that actively prevent breaches from occurring, rather than reacting to a breach after the fact. At a basic level, proactive cybersecurity includes relatively mundane but important tasks like immediately fix vulnerabilities and perform upgrades. However, proactive security technologies are becoming increasingly sophisticated, which is why experts believe this approach to be a major cybersecurity trend in 2023.
So why now? Rik Turner, principal analyst at Omdia, said this was due to a combination of factors over the past few years. The best reactive cybersecurity technologies, such as endpoint detection and response (EDR), network detection and response (NDR), cloud workload protection platforms and e-security. incoming emails, have not stemmed the explosion of sophisticated cyberattacks. Even extended detection and responsepopular and newer security technology, is reactive in nature.
While Turner doesn’t recommend abandoning these technologies — they still have a lot of value — he thinks the next wave of proactive cybersecurity technologies will be an important complement to them.
“Instead of aiming to identify the breach and remediate it as quickly as possible, proactive security can reduce addressable targets within an organization and allow detection and response activities to focus on what is still in progress. passing,” Turner said.
8 proactive cybersecurity technologies
In addition to establish zero trust, Security-conscious organizations are evaluating or adopting these eight proactive technologies.
1. Security Posture Management (SPM)
In general, SPM automates the identification and resolution of risks in the environment, facilitating risk visualization, incident response, and compliance monitoring.
There are many SPM flavors today. These include Cloud Security Posture Management, which focuses on cloud infrastructures (including IaaS, SaaS, and PaaS), and Data Security Posture Management, which identifies sensitive data and ensures that they remain secure during access and use.
But perhaps the most important SPM technology today, Turner said, is SaaS security posture management (SSPM). SSPM works to detect and fix misconfigurations and other issues in SaaS applications.
Turner said SSPM is one of the most significant innovations in SaaS security since the development of Cloud Access Security Broker (CASB) technology. While CASB is reactive, SSPM seeks to impose the strictest possible security policies while allowing the application to remain functional for the organization, he said.
2. Attack Surface Management (ASM)
ASM technology continuously monitors an array of digital and physical assets – from applications, digital certificates and code to mobiles and IoT devices – to maintain visibility of known and unknown assets. It’s a big job: currently, 52% of IT organizations manage more than 10,000 assets. Gartner sees ASM as an important and growing technology, and other industry watchers clearly agree.
“We view ASM as a progression of security analytics and an extension of the concept of EDR and NDR,” said Scott Crawford.research director for information security at S&P Global Market Intelligence.
“[ASM] takes the trend of heightened awareness of malicious activity manifesting in response to threat detection and extends it even further,” Crawford explained. “It answers questions like, ‘Where might we be targeted where we don’t have visibility, and what is our attack surface look like as a whole? On what aspects do we not have telemetry? Or even worse, are we running out of defenses that we should have? »
3. Cloud Security Posture Management (CSPM)
CSPM technology inspects workloads in IaaS and PaaS environments and recommends mitigation measures. Some offers also perform the correction.
4. Cybersecurity Performance Management (CPM)
Cybersecurity performance management products monitor the performance of an organization’s security tools. Products can track policies such as multi-factor authentication and metrics such as time to fix vulnerabilities. This creates a fuller picture of ongoing risk and compliance management practices.
5. Offense and Attack Simulation (BAS)
BAS, or what Omdia calls Incident Response and Testing, tools inspect an organization’s IT infrastructure to identify all avenues that threat actors could exploit for an attack.
6. Cyber Asset Attack Surface Management (CAASM)
This emerging technology provides visibility of cloud and on-premises resources through API integrations into existing tools. CAASM can help security teams identify vulnerabilities and gaps in security tools and accelerate incident resolution and response.
7. Cloud Permission Management (CPM)
CPM technology discovers the scope of access rights within an organization and enforces the principle of least privilege, which grants users the minimum privileges required to perform the job. For example, the CPM can detect over-authorized access to cloud resources. Once identified, many CPM tools can make suggestions and even make necessary changes.
Cloud infrastructure entitlement management is Gartner’s term for CPM.
8. Security as a Service (SECaaS)
As cybersecurity monitoring and mitigation becomes more complicated and security talent remains scarce, more and more organizations are expected to turn to security as a service. SECaaS outsources cybersecurity management to an experienced third-party company, such as a Managed Security Service Provider (MSSP). SECaaS can range from maintaining extended security functions to overseeing specific systems, such as security information and event management, CASB and secure access service edge.
“Navigating all the solutions, capabilities and threats can be difficult,” said Max Shier, CISO of Optiv, which provides SECaaS. “It’s easy to go to an MSSP or SECaaS provider that can identify security vulnerabilities and get a solution that can satisfy…your specific use cases at a reasonable cost compared to a disparate solution or inherited… on site.”