Why 2024 will be the year of scaling security efficiencies

Gigamon’s CEO Shane Buckley describes 2023 as another pivotal year in security technology.

He says cybersecurity leaders continued to face an ever-expanding and evolving threat landscape, an ongoing proliferation of AI tools, and advancing migration to hybrid and multi-cloud infrastructure, all while contending with the highest rate of data breaches to date.

Further challenging these leaders, they’ve been asked to handle this increasing complexity with flat to moderate growth budgets entering 2024, potentially weakening their security posture. Which means that cybersecurity leaders must focus on scaling efficiencies for 2024: highly efficient security tools, process, and resources to effectively secure and manage their hybrid cloud infrastructure.

Optimising the tool stack

For decades, the security industry has been hyper-focused on the assumed breach mentality: it’s not if, but when. While it is safest to assume that a perimeter security has already been compromised, organisations can no longer rely on remediation capabilities alone.

Today’s leaders need to ensure teams have 360-degree protection and visibility into their entire hybrid cloud infrastructure traffic and activity. The ability to gain deep observability across cloud, container and virtual workloads is key to securing and managing today’s hybrid cloud infrastructure.

But deep observability requires going beyond existing security and observability approaches (that rely exclusively on metrics, events, logs and traces data) to proactively detect security threats and performance bottlenecks.

Today, 93 percent of malware hides behind encrypted traffic. In a recent Gigamon report, more than 70 percent of the 1,000 IT and security chiefs surveyed said they currently allow encrypted data to flow freely across their infrastructure.

Efficiency in dealing with encrypted traffic will be a top priority for security teams in 2024. That’s why late last year we launched Gigamon Precryption™ technology, an automated solution that enables organisations to gain unobscured visibility into encrypted traffic across virtual machine (VM), cloud and container workloads, all in a highly efficient manner.

Without visibility into all East-West,  or lateral,  traffic within an organisation, threat actors can continue to move through an infrastructure undetected, ultimately accessing the organisation’s most valuable data.

Once a threat actor establishes command and control, they can harvest logs and identify all key assets before making their attack. Only with the deepest level of inspection can a cybercriminal be stopped from wreaking havoc and exfiltrating data.

Our technology reveals previously concealed threat activity, including lateral movement, malware distribution, and data exfiltration inside applications. Its innovative approach leverages eBPF technology inside the Linux kernel to deliver plaintext visibility, capturing traffic before encryption or after decryption.

Maximising AI data

Collins Dictionary named AI (artificial intelligence) the word of the year for 2023,for good reason. Beyond the hype, we’re seeing enterprises across every industry turning to AI to speed up manual tasks, automate, and make their teams more efficient. And while the promise of benefits to the security industry are great, AI can’t protect modern hybrid cloud infrastructure on its own.

As a result, we’re seeing an increase in leveraging AIOps, artificial intelligence for IT operations, so IT and security teams can improve the signal-to-noise ratio. This means reducing false-positive alerts, avoiding false-negative alerts, and automating urgent alerts so threats don’t go unnoticed in the network.

With new AI tool investments, CISOs can reduce full dependencies on security operations centre (SOC) analysts and automate tasks efficiently.

The challenges with encrypted traffic are also wreaking havoc on AI applications. With 95 percent of network traffic encrypted, there is a surplus of data not being used to optimise AI toolsets.

Large language models (LLMs) are only as accurate as the data feeding into them, and without that informative and valuable insight, organisations are at risk of being compromised. Security leaders need to evaluate AI tools alongside existing security protections to increase efficiencies and ultimately guarantee their hybrid cloud infrastructure, and the underlying data, is secure.

Last year, we saw many organisations relying on a smaller set of security controls to manage a growing infrastructure that now spans cloud, virtual, and container workloads.

Tool consolidation and headcount reductions over the past year have resulted in security gaps and limited visibility into hybrid cloud infrastructure in many organisations. Ensuring that you have layered defense mechanisms between tools and humans is critical. To remain protected next year and beyond, organisationorganisations must prioritize security of their hybrid cloud, safely leverage the tool stack deployed in their network, and ensure communication is happening between cloud and on-prem infrastructure.

Doing more with less

As we enter 2024, the mantra of doing more with less has never been truer. The good news is when  organisations prioritise and invest appropriately, technology has the power to maximise efficiencies by extending resources and assisting security leaders in navigating growing complexity.

From AIOps to deep observability to threat detection, security innovations have the potential to keep pace with the expanding attack surface and enable SecOps and IT to work together and successfully secure the enterprise.