1. New world application security takes off.
There is a traditional way of thinking about application security. In the past, an application may be running a data center, with firewalls looking at traffic east and west, as well as north and south. Application protection might include database security and encryption. However, with applications moving to the cloud, the ways in which you secure your workload must change, and we’re just beginning to see this new wave of application security technology be adopted.
With a fundamental change in how applications are built and deployed, there must be a corresponding change in how those applications are secured. Just over a year ago, CISOs weren’t recognizing the need for a shift in workload security strategy, but at Cisco’s recent annual CISO summit, the conversation had changed to an acknowledgment that application security must evolve.
In 2019, expect to see a major step forward in cloud application security technology. Products like Cisco’s Tetration and Stealthwatch Cloud offer an alternative to traditional means of application workload protection, but these represent a first step in what will be an increasingly important new technology landscape. We’re not sure which of the emerging technologies like NG-WAF, RASP, cloud posture and container security (just to name a few!) will prove most valuable, only that a few of them will start to gain material traction in the coming year.
2. Identity security becomes a necessity of cybersecurity strategy.
The completed acquisition of Duo Security in October 2018 signaled a major shift toward Cisco’s adoption of identity security across our entire portfolio of security products. Stolen or weak passwords are an overwhelming (81 percent) reason for hacking-related breaches, according to a Verizon 2017 Data Breach Investigation Report. So it’s clear that compromised credentials must be avoided at all costs, and multi-factor authentication (MFA) and identity access management (IAM) are increasingly effective means of protection against this vulnerability. A recent blind survey by Cisco found that the top investment area for CISOs in the next 12 to 18 months is identity security and access management. The survey also concluded that individuals in the cybersecurity community are noticing that effective MFA and IM could have deterred some data breaches of their peers.
3. SD-WAN transforms how perimeter security is deployed.
Much like workload protection in the cloud has changed, perimeter security is changing because the perimeter has moved. As traffic is increasingly moving to the cloud, enterprise networking is changing the way that traffic gets there, and the primary driver of that change is the transition to software-defined wide-area networking (SD-WAN).
SD-WAN allows our customers to use the internet as their virtual network through direct internet access (DIA), and offers a better user experience and increased cost efficiency. However, this traffic still needs to be secured. As a result, security will increasingly move to the branch edge, i.e. into the router, or to the cloud edge. With Cisco’s security engine embedded in the network device, network traffic can avoid being backhauled to security services hanging off a centralized core.
As SD-WAN adoption grows in 2019, expect to see an increased significance placed on the deployment of perimeter security. At Cisco, we provide our customers the freedom of deploying world-class security services in the place that makes the most sense for them in their network environment.
4. New capabilities coming to the Security Operations Center (SOC) continue to mature.
The second ranked investment area cited in Cisco’s blind CISO survey was security information and event management (SIEM); orchestration and automation; and integration. The SOC has always struggled with what to do with the immense data at its disposal. Expect to see more companies lean into ways to help an overworked SOC be more effective and efficient with tools that offer capabilities like orchestration, automation, and network traffic analytics.
Gartner recently forecasted that 15 percent of organizations with a security team larger than five people will leverage Security Orchestration, Automation and Response (SOAR) tools by year-end 2020, which is an exponential increase from the less than 1 percent reported in 2017.
5. The importance of underlying data for machine learning (ML) comes to light.
There is a lot of hype around ML, and in many aspects the hype is justified. The ability to harness the power of this technology to predict and stop data breaches is incredible, but this technology is not new. However, it is always learning, growing and evolving. This evolution is where data becomes paramount. Your ML security tools will only advance as far as the data each has the ability to access and leverage.
All security vendors are doing work in the ML and AI space. But there is a direct correlation to the quality of the underlying data and the quality of output from these technologies. Under the hood of Cisco Security products, you’ll find that ML is a critical component. The differentiator for Cisco is our ability to leverage a vast amount of data because of our unique position in our customers’ networking ecosystem. This data, harnessed by Cisco Talos Intelligence Group, allows us to offer world-class security detection and response for our customers.
As companies rely more and more on ML, we’ll see who has the data to back up the claims seen in today’s security marketing.
March 3, 2019