As the year draws to a close, Avkash Kathiriya, Sr. VP – Research and Innovation at Cyware, takes a look at the cybersecurity trends we’ve been party to over the last 12 months, as well as where the security ecosystem is heading as we approach 2024.
The cybersecurity landscape in 2023 continues to be shaped by a range of opposing forces, perhaps most importantly, the growing sophistication of cyber threats and rapid innovation in protection technologies. The result is an environment where organisations and their adversaries are increasingly utilising automation, real-time data and AI-driven systems to gain an advantage.
Arguably, the pace of change across the security ecosystem is accelerating faster than at any time in recent years, driven by the widespread adoption of cloud technologies, the proliferation of Internet-of-Things (IoT) devices and, of course, the transformational emergence of Generative AI. With all this in mind, where is the security ecosystem heading as we approach the end of 2023 and what are the trends that will determine the direction of travel?
- The evolution of SIEM
Security Information and Event Management (SIEM) solutions have long been a core component of enterprise security stacks. However, traditional SIEMs are losing some ground to newer platforms optimised for handling large volumes of fast-moving security data. For instance, security data lakes act as centralised repositories where security event data from multiple sources can be efficiently stored and accessed, while SecDataOps provides the tools and practices to ingest, manage and analyse security data flows.
These emerging platforms are taking on key SIEM capabilities with the aim of providing greater agility, scalability and real-time threat analytics. Rather than fully replacing SIEMs, these new solutions are driving SIEM vendors to evolve their offerings for the world of cloud, containers and highly distributed environments.
The common thread is enabling security teams to harness massive amounts of data and intelligence to detect, investigate and respond to threats with speed and precision. As cyberattacks become more sophisticated, these data-driven platforms will only grow in importance. Looking to the future I expect to see the decentralisation of SIEM – it will not necessarily be sold as a standalone. Instead, we will see specialised players emerging to offer specialised SIEM services.
- The AI revolution: A double-edged sword
Generative AI has firmly entered the security ecosystem and is already being used to pursue positive and malicious objectives. Threat actors exploit AI’s capabilities to craft more sophisticated attacks, forcing businesses to leverage it for defence. For example, organisations are increasingly utilising AI products, like security co-pilot – Microsoft is changing the AI game for the security industry, introducing strategic AI features which will enhance the analyst experience and increase the cohesive nature of the security ecosystem. Advances like this are crucial to help incident response times and accuracy. With AI-driven content engineering, cybersecurity awareness and threat intelligence dissemination will continue to become more streamlined. At the same time, the rise of AI-driven security underlines the specific importance of protecting AI implementations.
- Evolving Zero Trust model: AI-enhanced security
Zero Trust, while not a new concept, has evolved into a more adaptive model, leveraging AI’s powerful capabilities to deliver more effective protection. Given the burgeoning level of state-sponsored attacks and complex geopolitical situations, organisational reliance on AI-driven Zero Trust models will become indispensable in the modern threat landscape.
As the adoption of the Zero Trust model grows in the coming years, the key foundations for a sound model – namely centralised visibility, orchestration and governance – will take centre stage where today they are all too often ignored.
- The development of SASE and cloud-native security
Secure Access Service Edge (SASE) has become a cybersecurity linchpin, merging networking and security functionalities. This architecture, combined with cloud-native security, revolutionises how organisations approach cloud-based applications and workloads. These developments underline the role of threat intelligence in cloud environments – a crucial capability for delivering visibility, prompt detection and coordinated response across these complex ecosystems.
- Threat intelligence: A growing necessity
In 2023, threat intelligence has become increasingly relevant for organisations aiming to understand and counteract the evolving cyber threats. By providing data on potential adversaries and vulnerabilities, threat intelligence offers a practical tool for better-informed cybersecurity decision-making.
Moving into 2024, the integration of threat intelligence with technologies such as AI and Machine Learning is expected to continue. This integration aims to enhance threat prediction and response capabilities. The trend of cross-industry collaboration in sharing threat intelligence is also likely to accelerate, underlining its role in building robust and adaptable cybersecurity strategies. It will drive change within the industry and we will see trusted community intelligence become more valuable than commodity intelligence.
- The SOAR conundrum: Promise vs. reality
Security Orchestration, Automation and Response (SOAR) products, though promising on paper, face practical implementation hurdles. The limitations of legacy SOAR platforms, for example, have highlighted the demand for more comprehensive solutions that cater to modern Security Operations Centres (SOCs). The focus has shifted from a ‘single pane of glass’ to a more holistic approach that integrates various facets of cybersecurity. By providing SOCs with the customisation capabilities they need, organisations can ensure faster and more efficient threat detection and response.
In 2024 and beyond I expect to see AI start to drive the SOAR industry to true no-code platforms, reducing the complexity around workflows and playbook writing.
Over the next 12 months, we should expect to see further consolidation between security solutions like SIEM, SOAR and data lakes. Integration will also increase between security tools and IT systems to enable smarter orchestration, while most important of all, organisations will harness AI to stay ahead of increasingly sophisticated AI-driven attacks.
In addition, AI-enabled detection, together with seamless orchestration between machines and humans and security, will be more deeply embedded within systems and culture. The winners will find the right balance between integrated, intelligent technology and empowered, skilled analysts.