Is your detection and response approach robust?
Prevention tech is out, detection and response is in for 2017, according to Gartner, a move which is set to drive 7.6 per cent rise in security spend.
This year is set to be a transformative one in information security, according to the latest Gartner report. The analyst firm predicts that enterprises are - in the main - moving away from prevention-only approaches to focus more on detection and response.
Spending on enhancing detection and response capabilities is expected to be a key priority for security buyers through 2020. Total worldwide spend on information security is expected to hit $90bn in 2017, an increase of 7.6 per cent over 2016, and to top $113bn in three years’ time - by 2020.
Time-honoured preventative technologies, such as anti-virus endpoint protection, firewalls and intrusion prevention systems (IPSs) have been increasingly criticised for failing to protect against modern attacks, a trend which has in part forced companies to redirect budget towards identifying attacks post-event, and mitigating against the results.
However, this shift is revealing a shortcoming in skillsets, according to Gartner, partly because preventive approaches have been the most common tactics for decades. Skill sets are scarce and, therefore, remain at a premium, leading organizations to seek external help from security consultants, managed security service providers (MSSPs) and outsourcers.
"The shift to detection and response approaches spans people, process and technology elements and will drive a majority of security market growth over the next five years," said Sid Deshpande, principal research analyst at Gartner. "While this does not mean that prevention is unimportant or that chief information security officers (CISOs) are giving up on preventing security incidents, it sends a clear message that prevention is futile unless it is tied into a detection and response capability."
Gartner’s research indicates that this requirement for better detection and more robust response tools and processes has generated a new wave of product segments such as deception, endpoint detection and response (EDR), software-defined segmentation, cloud access security brokers (CASBs), and user and entity behaviour analytics (UEBA). These young upstarts are diverting budgetary spend from more traditional, incumbent segments such as data security, enterprise protection platform (EPP) network security and security information and event management (SIEM), although they are also attracting new budgetary allowances too.
Traditional MSSPs are increasingly under threat by the emerging specialized managed detection and response (MDR) services, but this market expansion has in turn caused sprawl and manageability headaches for CISOs, who are consequently spending more on integrated management platforms and services. CISOs are also sharpening up on their metrics, according to the research firm, with even preventive security controls, such as EPP, firewalls, application security and intrusion prevention systems (IPSs), being tweaked to provide more intelligence into security operations, analytics and reporting platforms.
While the shift away from ‘traditional’ prevention technologies may be the flavour of 2017, it is certainly not time to strip out the preventative boxes. Even if that were desirable from a risk perspective, numerous compliance standards (including PCI) mandate the use - and indeed specify the configuration - of technologies such as firewalls and AV.
Ilia Kolochenko, CEO of High-Tech Bridge said: “Spending more does not necessarily guarantee better security, and although detection and response capabilities are worth investing in for some, it is often the forgotten basic measures that are the biggest threat to an organisation. A holistic risk assessment, comprehensive asset inventory and continuous security monitoring are often omitted, even though they are probably the most important parts of information security strategy and management.”
The Gartner report "Market Insight: Security Market Transformation Disrupted by the Emergence of Smart, Pervasive and Efficient Security." is available now.