By Shane Buckley, CEO, Gigamon
Reflecting on 2023, clearly it was another pivotal year in security technology. Cybersecurity leaders continued to face an ever expanding and evolving threat landscape, an ongoing proliferation of AI tools, and advancing migration to hybrid and multi-cloud infrastructure, all while contending with the highest rate of data breaches to date.
Further challenging these leaders, they’ve been asked to handle this increasing complexity with flat to moderate growth budgets entering 2024, potentially weakening their security posture. Which means that cybersecurity leaders must focus on scaling efficiencies for 2024: highly efficient security tools, process and resources to effectively secure and manage their hybrid cloud infrastructure.
Optimising the tool stack
For decades, the security industry has been hyper-focused on the assumed breach mentality: it’s not if, but when. While it is safest to assume that perimeter security has already been compromised, organisations can no longer rely on remediation capabilities alone.
Today’s leaders need to ensure teams have 360-degree protection and visibility into their entire hybrid cloud infrastructure traffic and activity. The ability to gain deep observability across cloud, container, and virtual workloads is key to securing and managing today’s hybrid cloud infrastructure.
But deep observability requires going beyond existing security and observability approaches (that rely exclusively on metrics, events, logs, and traces data) to proactively detect security threats and performance bottlenecks.
Today, 93 percent of malware hides behind encrypted traffic. In a recent Gigamon report, more than 70 percent of the 1,000 IT and security chiefs surveyed said they currently allow encrypted data to flow freely across their infrastructure.
Efficiency in dealing with encrypted traffic will be a top priority for security teams in 2024. That’s why late last year our company launched Gigamon Precryption™ technology, an automated solution that enables organisations to gain unobscured visibility into encrypted traffic across virtual machine (VM), cloud, and container workloads, all in a highly efficient manner.
Without visibility into all East-West, or lateral traffic within an organisation, threat actors can continue to move through your infrastructure undetected, ultimately accessing your organisation’s most valuable data.
Once a threat actor establishes command and control, they can harvest logs and identify all key assets before making their attack. Only with the deepest level of inspection can a cybercriminal be stopped from wreaking havoc and exfiltrating data.
Gigamon Precryption reveals previously concealed threat activity, including lateral movement, malware distribution and data exfiltration inside applications. Its innovative approach leverages eBPF technology inside the Linux kernel to deliver plaintext visibility, capturing traffic before encryption or after decryption.
Maximising AI data
Collins Dictionary named AI (artificial intelligence) the word of the year for 2023 for good reason. Beyond the hype, we’re seeing enterprises across every industry turning to AI to speed up manual tasks, automate and make their teams more efficient. And while the promise of benefits to the security industry are great, AI can’t protect modern hybrid cloud infrastructure on its own.
As a result, we’re seeing an increase in leveraging AIOps — artificial intelligence for IT operations, so IT and security teams can improve the signal-to-noise ratio. This means reducing false-positive alerts, avoiding false-negative alerts, and automating urgent alerts so threats don’t go unnoticed in the network.
With new AI tool investments, CISOs can reduce full dependencies on security operations centre (SOC) analysts and automate tasks efficiently.
The challenges with encrypted traffic are also wreaking havoc on AI applications. With 95 percent of network traffic encrypted, there is a surplus of data not being used to optimise AI toolsets.
Large language models (LLMs) are only as accurate as the data feeding into them, and without that informative and valuable insight, organisations are at risk of being compromised.
Security leaders need to evaluate AI tools alongside existing security protections to increase efficiencies and ultimately guarantee their hybrid cloud infrastructure, and the underlying data, is secure.
Elevating hybrid cloud security
Last year, we saw many organisations relying on a smaller set of security controls to manage a growing infrastructure that now spans cloud, virtual and container workloads.
Tool consolidation and headcount reductions over the past year have resulted in security gaps and limited visibility into hybrid cloud infrastructure in many organisations. Ensuring that you have layered defence mechanisms between tools and humans is critical.
To remain protected next year and beyond, organisations must prioritise security of their hybrid cloud, safely leverage the tool stack deployed in their network, and ensure communication is happening between cloud and on-prem infrastructure.
Doing more with less
As 2024 progresses, the mantra of doing more with less has never been truer. The good news is when organisations prioritise and invest appropriately, technology has the power to maximise efficiencies by extending resources and assisting security leaders in navigating growing complexity.
From AIOps to deep observability to threat detection, security innovations have the potential to keep pace with the expanding attack surface and enable SecOps and IT to work together and successfully secure the enterpri