By Shane Buckley, CEO, Gigamon

Reflecting on 2023, clearly it was another pivotal year in security technology. Cybersecurity leaders continued to face an ever expanding and evolving threat landscape, an ongoing proliferation of AI tools, and advancing migration to hybrid and multi-cloud infrastructure, all while contending with the highest rate of data breaches to date.

Further challenging these leaders, they’ve been asked to handle this increasing complexity with flat to moderate growth budgets entering 2024, potentially weakening their security posture. Which means that cybersecurity leaders must focus on scaling efficiencies for 2024: highly efficient security tools, process and resources to effectively secure and manage their hybrid cloud infrastructure.

Optimising the tool stack

For decades, the security industry has been hyper-focused on the assumed breach mentality: it’s not if, but when. While it is safest to assume that perimeter security has already been compromised, organisations can no longer rely on remediation capabilities alone.

Today’s leaders need to ensure teams have 360-degree protection and visibility into their entire hybrid cloud infrastructure traffic and activity. The ability to gain deep observability across cloud, container, and virtual workloads is key to securing and managing today’s hybrid cloud infrastructure.

But deep observability requires going beyond existing security and observability approaches (that rely exclusively on metrics, events, logs, and traces data) to proactively detect security threats and performance bottlenecks.

Today, 93 percent of malware hides behind encrypted traffic. In a recent Gigamon report, more than 70 percent of the 1,000 IT and security chiefs surveyed said they currently allow encrypted data to flow freely across their infrastructure.

Efficiency in dealing with encrypted traffic will be a top priority for security teams in 2024. That’s why late last year our company launched Gigamon Precryption™ technology, an automated solution that enables organisations to gain unobscured visibility into encrypted traffic across virtual machine (VM), cloud, and container workloads, all in a highly efficient manner.

Without visibility into all East-West, or lateral traffic within an organisation, threat actors can continue to move through your infrastructure undetected, ultimately accessing your organisation’s most valuable data.

Once a threat actor establishes command and control, they can harvest logs and identify all key assets before making their attack. Only with the deepest level of inspection can a cybercriminal be stopped from wreaking havoc and exfiltrating data.

Gigamon Precryption reveals previously concealed threat activity, including lateral movement, malware distribution and data exfiltration inside applications. Its innovative approach leverages eBPF technology inside the Linux kernel to deliver plaintext visibility, capturing traffic before encryption or after decryption.

Maximising AI data

Collins Dictionary named AI (artificial intelligence) the word of the year for 2023 for good reason. Beyond the hype, we’re seeing enterprises across every industry turning to AI to speed up manual tasks, automate and make their teams more efficient. And while the promise of benefits to the security industry are great, AI can’t protect modern hybrid cloud infrastructure on its own.

As a result, we’re seeing an increase in leveraging AIOps — artificial intelligence for IT operations, so IT and security teams can improve the signal-to-noise ratio. This means reducing false-positive alerts, avoiding false-negative alerts, and automating urgent alerts so threats don’t go unnoticed in the network.

With new AI tool investments, CISOs can reduce full dependencies on security operations centre (SOC) analysts and automate tasks efficiently.

The challenges with encrypted traffic are also wreaking havoc on AI applications. With 95 percent of network traffic encrypted, there is a surplus of data not being used to optimise AI toolsets.

Large language models (LLMs) are only as accurate as the data feeding into them, and without that informative and valuable insight, organisations are at risk of being compromised.

Security leaders need to evaluate AI tools alongside existing security protections to increase efficiencies and ultimately guarantee their hybrid cloud infrastructure, and the underlying data, is secure.

Elevating hybrid cloud security

Last year, we saw many organisations relying on a smaller set of security controls to manage a growing infrastructure that now spans cloud, virtual and container workloads.

Tool consolidation and headcount reductions over the past year have resulted in security gaps and limited visibility into hybrid cloud infrastructure in many organisations. Ensuring that you have layered defence mechanisms between tools and humans is critical.

To remain protected next year and beyond, organisations must prioritise security of their hybrid cloud, safely leverage the tool stack deployed in their network, and ensure communication is happening between cloud and on-prem infrastructure.

Doing more with less

As 2024 progresses, the mantra of doing more with less has never been truer. The good news is when organisations prioritise and invest appropriately, technology has the power to maximise efficiencies by extending resources and assisting security leaders in navigating growing complexity.

From AIOps to deep observability to threat detection, security innovations have the potential to keep pace with the expanding attack surface and enable SecOps and IT to work together and successfully secure the enterpri

Recent research from cyber security vendor Keeper Security demonstrates that  IT leaders believe cyberattacks are more sophisticated than ever before.

The recently released key findings from Keeper’s latest survey give a clear picture about what’s on the cybersecurity horizon – with AI and other emerging technologies in the spotlight.

The survey of more than 800 IT security leaders around the globe finds that the vast majority (95%) believe cyberattacks are more sophisticated than they have ever been. AI-powered attacks emerge as the  most serious and phishing attacks are widely considered to be increasing the fastest.

Entering into 2024, the cybersecurity landscape showcases a compelling mix of factors with novel AI threats casting a looming shadow. The dynamic environment underscores the necessity for proactive cybersecurity strategies that can adeptly counter both existing and emerging threats.

Respondents ranked the most serious attack vectors as follows:

1. AI-Powered Attacks
2. Deepfake Technology
3. Supply Chain Attacks
4. Cloud Jacking
5. Internet of Things (IoT) Attacks

According to global IT leaders, the attack vectors increasing the fastest are:

1. Phishing
2. Malware
3. Ransomware
4. Password Attacks
5. Denial of Service (DoS)

There is more compelling information in this infographic.

“As emerging technologies, such as AI, fuel the next wave of cyber threats, a great paradox lies in our ability to implement the very innovations that, if not controlled properly, will radically increase cyber risk,” said Darren Guccione, CEO and Co-founder, Keeper Security. “With the cybersecurity tools at our disposal today, we possess the arsenal to mitigate emerging threats – thereby converting this challenge into an opportunity for resilience and fortification of our digital defences.”

As technology continues to advance, evolving threats demand constant adaptation, which must remain a top priority for IT leaders. A password manager can mitigate risks by enforcing strong password practices, while privileged access management safeguards an organisation’s vital assets by controlling and monitoring high-level access, collectively fortifying defences and minimising potential damage in the event of a cyber attack. Integrating these solutions creates a layered security approach that restricts unauthorised access and enhances overall cybersecurity resilience.

In the fast-evolving landscape of cybersecurity, staying ahead of threats is paramount. Security operations centre (SOC) teams are on the frontlines every day, dealing with the consequences as emerging threats outsmart traditional rate limiting protections.

Sharon Shitrit, director, product management for Radware, says that given recent shifts in the threat landscape, it’s time to take a look at innovative automated security measures.

Rate limiting is a security technique used to control and manage traffic flows to a network, particularly in the face of Distributed-Denial-of-Service (DDoS) attacks. It is designed to restrict traffic that exceeds a certain threshold level, such as connections rate, packet rate, bandwidth or other.

Administrators are required to be security experts and define these thresholds in advance to prevent network congestion and sudden traffic spikes.

While rate limiting techniques can be valuable for traffic shaping, they become less effective in the face of advanced multi-vector DDoS attacks and especially application Web DDoS vectors. Today’s Web DDoS vectors imitate legitimate traffic to thwart security systems and lead to collateral damage to the legitimate traffic.

These attacks have been observed at several million RPS, impacting major enterprises and lasting for hours.

For example, recently a large European hospital network was the target of a Web DDoS campaign. The network, which serves more than 10 million patients annually, became the target of an international hacktivist group that generated a dozen major attack waves over a period of six weeks.

The attack vectors were comprised of short bursts with up to 50K requests per second each and pseudo-random request headers that resembled legitimate requests.

Applying a naive rate limit in such scenario can lead to false positives, deny access from legitimate users, and severely damage the web service. Rate limiting is applied on all incoming traffic, without segmentation between the malicious and legitimate traffic, therefore it is a risk on legitimate traffic.

There are additional undesired impacts due to rate-limiting mechanisms:

Turns away website visitors
Using rate limiting to manage traffic can accidentally limit potential website visitors. Once a traffic threshold is exceeded, new connections get blocked, which might work well in an attack scenario, but not so well to accommodate a surge in online shopping traffic on Black Friday. This impacts the digital experience, brand reputation and sales.

Drives down conversion rates
Rate limiting does not just limit website traffic during an attack. It also makes the website slower for visitors who are already there. This can be frustrating for users and negatively impact conversion rates by discouraging them from making purchases, signing up for offers, or engaging with a site.

Creates endless configuration challenges for SOC operations
Rate limiting can not only hinder the user experience but also introduce a maintenance challenge for the SOC team. SOC teams face the ongoing task of tracking and fine-tuning configurations and thresholds. This continuous effort is necessary to adapt to changes in user behavior, evolving traffic patterns, and emerging cyber threats. The need for constant attention and manual adjustments highlights another limitation of relying solely on a rate limiting approach.

The shortcomings of rate limiting along with a rapidly evolving threat landscape is prompting organisations to critically reassess their security posture and consider more advanced protections.

Behavioural protection, for example, is a more sophisticated approach that unlike conventional rate limiting leverages machine learning to surgically,with precision and accuracy,detect and mitigate anomalies based on learned patterns of legitimate traffic.

The standout feature of behavioural protection lies in its ability to automatically adapt to the dynamic nature of modern DDoS attacks, and consistently learn from customer traffic to automatically fine-tune baselines. This ability to adapt enhances the security infrastructure, translating to an improved user experience and sustained business continuity, while also assisting the SOC team in focusing on critical tasks.

Relying on behavioural protections, SOC teams can optimise their operations and significantly reduce time to mitigate. Operating in real-time, behavioural protection swiftly identifies and responds to emerging threats, minimising the impact of attacks. This proactive approach substantially reduces false positives, ensuring minimal disruptions for legitimate users while surgically mitigating the attack traffic.

While rate limiting has historically served as a ‘good-enough’ defence, its pitfalls are being magnified by increasingly sophisticated threats designed to create severe collateral damage on legitimate traffic. Its ineffectiveness in mitigating complex attacks, impact on legitimate traffic, and challenges for the SOC are prompting organisations to rethink their reliance on this security approach.

As attacks evolve, so must security solutions. Behavioural-based protection offers enhanced accuracy, automation, adaptability, and fast time to mitigation—an approach that should be considered by any organisation wanting to modernise its security posture.

Milestone Systems has partnered with the Common Vulnerability and Exposures (CVE^®) Program as a CVE Numbering Authority (CNA). The aim of the program is to find, describe, and catalogue known cybersecurity issues.

The mission of the CVE^® Program is to identify, define, and catalogue publicly disclosed cybersecurity vulnerabilities. Vulnerabilities are discovered then assigned and published by organisations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritise and address the vulnerabilities.

Organisations worldwide, working with the program, find and share these vulnerabilities. They publish CVE Records with clear details about the issues to help IT and cybersecurity experts talk about the same problem and work together to fix it.

Thomas Jensen, CEO of Milestone Systems said: “Milestone Systems is committed to transparency in cybersecurity across our business. As Responsible Technology becomes a license to operate, we believe that people have the right to feel safe knowing that they can trust video technology.

“As a CVE Program partner, we will now publish mitigated vulnerabilities to the wider community, which will allow Milestone to coordinate and address potential issues even more effectively. This will further enhance our cybersecurity and continue to build trust in our XProtect^® open platform video management software.”

Cybersecurity vulnerabilities will continue to be reported via Milestone’s website. The registration will now be under CVE ID numbers and vulnerabilities and mitigations will be accessible through Milestone’s profile on the CVE website, as well as milestonesys.com.

New Council members will advise and accelerate development of advanced cyber resilience solutions

Cyber resilience, storage and protection organisation Commvault has announced that cybersecurity experts across a host of industries — from security to public sector to technology — have joined the Commvault Cyber Resilience Council.

Council members will advise Commvault on emerging security trends and cyber threats as well as highlight best-practices in cyber resilience, all of which can play a key role in shaping product development, defining partnership opportunities, and guiding business strategies.

The council is chaired by Melissa Hathaway, who served as a top cybersecurity advisor for two presidential administrations, has worked extensively with international institutions like NATO and the World Bank, and currently advises leading Fortune 500 companies as President of Hathaway Global Strategies.

“As tomorrow’s threats evolve and intensify, business resilience is increasingly challenged and vulnerable,” said Sanjay Mirchandani, President and CEO, Commvault. “Our newly formed Commvault Cyber Resilience Council will help us keep a pulse on this ever-changing landscape and enable us to continue delivering industry-leading cyber resilience to our customers.”

The members include:

• Roland Cloutier, Principal, The Business Protection Group, Former Chief Security Officer, Tik Tok

Following a distinguished career protecting digital assets and guiding organizations such as Tik Tok and ADP, Cloutier helps organizations enhance their corporate security strategies and digital protection mechanisms.

• Shawn Henry, Chief Security Officer, CrowdStrike, Former Executive Assistant Director, FBI’s Criminal, Cyber, Response and Services Branch

Building on his 24-year career with the FBI, Henry spearheads security strategies at CrowdStrike, where he leads the charge against cybercrime and addresses cyber threats with innovative technologies and intelligence-driven responses.

• Mark Hughes, President, Security, DXC Technology

As a 20-year cybersecurity veteran with accomplishments including the formation of BT Security, Hughes is dedicated to developing advanced cybersecurity solutions to protect enterprises against emerging digital threats.

• Nancy Wang, Cybersecurity Investor, Former General Manager of AWS Data Protection and Data Security

After launching the first managed data protection business for AWS Cloud, which now serves the majority of Fortune 500 enterprises on AWS, Wang now invests in cybersecurity startups and advises them on product strategy and enterprise Go-To-Market.

• John Zangardi, CEO, Redhorse Corporation, Former CIO, U.S. Dept. of Homeland Security

Zangardi harnesses his vast experience in government IT, including roles as CIO for the U.S. Department of Homeland Security (DHS), Acting CIO and Principal Deputy for the U.S. Department of Defense (DoD), and Acting CIO for the U.S. Department of the Navy (DON), to deliver advanced data analytics and cybersecurity counsel to solve mission-critical government issues.

“Each new member of the council brings a diverse wealth of experience, from governance and risk management, to developing cutting-edge security products and countering sophisticated cyber threats,” said Hathaway. “I look forward to collaborating with this esteemed group of experts as we work hand-in-hand with Commvault to combat widespread AI-driven threats and advance cyber resilience for organisations around the world.”

The council’s objective is underscored by the company’s recent introduction of Commvault Cloud, powered by Metallic AI, a unique cyber resilience platform built to meet the demands of the hybrid enterprise at the lowest TCO. It empowers businesses to secure data, anticipate risks, minimize damage, and rapidly recover – in the face of any threat.

Report exposes slow shift-left adoption, rampant identity management risk, and cautious AI rollout across enterprises

Cloud security organisation Sysdig has announced findings from its “2024 Cloud-Native Security and Usage Report.” Looking at real-world data, the seventh annual report details the dangerous practice of putting convenience before preventive security in pursuit of faster application development. This report comes on the heels of significant infrastructure breaches across well-known organisations and the recently updated Securities and Exchange Commission (SEC) cybersecurity and disclosure rules.

Derived from an analysis of millions of containers and thousands of cloud accounts, users, and roles, the “2024 Cloud-Native Security and Usage Report” explores how companies of all sizes and industries across the globe are using and securing cloud and containerised environments. Meet the researchers behind the report.

Report Highlights

69% of enterprises have yet to embed AI into their cloud environments: While 31% of companies have integrated AI frameworks and packages, only 15% of these integrations are used for generative AI tools such as large language models (LLMs). Considering the risk acceptance described in this year’s report, organisations are ignoring security best practices, yet they are cautious when it comes to implementing AI into their enterprise environments.

91% of runtime scans fail: In shift-left security, organisations scan early and often during the development phase, recognizing failed builds, correcting the code, and then redeploying. The goal is to catch issues before delivery, and before they become exploitable conditions for attackers. However, with 91% of runtime scans failing, teams appear to be relying more on threat detection than prevention.

Only 2% of granted permissions are being used: Identity management – for both humans and machines – has become the most overlooked cloud attack risk and opportunity for companies to improve their security posture, especially in light of well-known 2023 attacks that took advantage of overly permissive identities. In last year’s report, Sysdig saw 90% of permissions going unused, showing that this trend has worsened year over year.

Shorter container lifespans are not stopping attackers: The homogenous nature of cloud environments and attackers’ usage of automation for discovery and reconnaissance gives them a near-instant understanding of cloud environments and their opportunities to move laterally. Running vulnerable workloads, no matter how short-lived, leaves organisations at risk for attacks.

“Attackers are leveraging automation to exploit every point of weakness they can uncover,” said Crystal Morin, Cybersecurity Strategist at Sysdig. “This year’s report shows that many companies are chasing faster innovation at the cost of more comprehensive security – a gamble that poses real business risks.”

“Though I am unsurprised by the apprehension around the security of new technologies like AI, I am disheartened by the massive number of excessive permissions being administered, especially for machine identities. It feels a bit like obsessing over a plane crash while regularly running stop signs with no seatbelt on,” said Anna Belak, Director, Office of Cybersecurity Strategy at Sysdig.

Resources

• Download the full report.
• Read the report highlights in the blog post.
• Watch the highlight video for this year’s report.

In the ever-shifting realm of cybersecurity, where innovation and uncertainty intertwine, the year 2023 was nothing short of chaos.

Michal Lewy Harush, Aqua Security executive, says that as the dark underbelly of AI-powered threats surfaces, and court rulings redefine the consequences of security failures, the security industry stands at a pivotal juncture. CISOs face jail!

The SolarWinds ruling and the Uber Breach have already reshaped the security landscape, propelling CISOs into the spotlight. Governments now seek to make examples of security leaders, reinforcing the urgency of fortifying digital defences.

As the new year progresses, we are taking time to reflect on how cybersecurity has evolved and what that means for the year to come. I’ve asked my colleagues for their input on what to expect in 2024, with the aim of bringing greater stability in the coming year.

An evolving threat landscape demands evolving security measures.

Our CISO, Moshe Weis, pointed out three key threats that emerged in 2023 that will impact and influence security teams in 2024.

Unsurprisingly, he shared that AI-Powered threats and mitigation were top of mind. He said that in 2023, we saw the increasing adoption of AI in both offensive and defensive cybersecurity strategies.

This trend will intensify in 2024, with AI-driven threat actors becoming more sophisticated and organisations deploying advanced AI-driven security measures. The industry has and will continue to recognise the importance of staying ahead of these evolving threats through behavioural analytics, anomaly detection and ethical AI practices.

The democratisation of access to AI has made the need for AI trust, risk and security management even more urgent and clear. Organisations will also need to examine AI trust, risk and security management in the next year, and they will need to evaluate the AI model its application governance, fairness, reliability, robustness, security and data protection.

The attack surface of Gen AI is all over the AI lifecycle, starting with the development ending with runtime. Therefore, security leaders will have to include in their security programs solutions and techniques for model monitoring, data and content anomaly detection, AI data protection, model management and operations, attack resistance and AI-specific application security.

Moshe also pinpoints that data privacy concerns gained significant attention in 2023, and the momentum behind this trend will only grow stronger in the year ahead.

As privacy regulations become more stringent, and user data protection gains prominence, organisations are intensifying their efforts to navigate this complex landscape. They are not only focusing on compliance but also on enhancing data security through encryption, robust access controls, and data anonymisation.

Finally, he pointed out that supply chain security continued to emerge as a major concern in 2023 and will deepen this year. He acknowledged that cyberattacks targeting the supply chain have the potential to disrupt businesses and even national security.

As a result, organisations are increasing their efforts to assess and strengthen their supply chain security, recognising the need for robust vendor risk management practices and continuous monitoring to address these growing risks.

He added that as these threats intensify, it underscores the industry’s commitment to staying ahead of the ever-evolving threat landscape. In 2024, cybersecurity professionals will be challenged not only to adapt but also to innovate and proactively secure their organisations against these dynamic and persistent threats.

Prioritising and remediation

As the threat landscape evolves, so does the enterprise attack surfaces, and it continues expanding far beyond what most effective patch management programs can cover. The time has come for a forward-looking defence strategy that requires modernisation of the assessment tool portfolio.

These tools must not only inventory patchable and un-patchable exposures, but also prioritise findings based on what an attacker could really do. To achieve that, they must validate the reality of the exposure based on the ability to penetrate existing security defences.

Gilad Elyashar, Aqua’s CPO confirms these thoughts: “Remediation is where the market is going. Attacks are on the rise. Attackers can spin up in the cloud, and in an hour’s time they can attack your environment.

How quickly the threat can be identified, the risk prioritised when it gets through, where to find it and how to stop it is what the market is asking for in cloud security solutions.”

Gilad acknowledges that not every business is at the same level of risk maturity, but he does see the market pivoting during 2023 in the understanding that visibility tools are not enough. These provide a level of value in identifying the risk, but they do not stop attacks.

With many attackers circumventing these tools’ capabilities, as was confirmed in this year’s Aqua Nautilus threat report, that the conversations happening amongst CISOs now are about reducing the attack surface. This shifts the conversation to not only seeing and blocking what is trying to get in but also to stopping and responding to the things that do.

What does all of this mean for our partners? I asked Jeannette Lee Heung, Senior Director, Global Channel and Ecosystems about this. She anticipates 2024 to be a juncture where partners must navigate the intersection of heightened demand for advanced cybersecurity and the constraints of tightening budgets.

A noticeable trend is the acquisition of appropriate tools by customers to address their company’s challenges.

Despite customers recognising the necessity of these tools, a prevalent challenge persists: finding personnel with the requisite skills or expertise to fully leverage the technology in which they have invested.

Looking ahead , it is evident that numerous partners will be channelling investments into advisory and consulting services tailored to address specific customer needs. This foresight is driven by the recognition that the services market is poised for continued expansion.

As traditional partners are heavily reliant on the transactional model of reselling, they are at a crossroads. In response to the evolving landscape, they are likely to explore strategic options such as mergers, acquisitions, or forging partnerships with specialised services companies.

This strategic shift is essential for bridging the gap between sustaining revenues and meeting the evolving needs of customers in the dynamic cybersecurity landscape.

One last prediction:  as cloud usage expands, more and more organisations will have to find the balance between cost, effectiveness, value and security.

To do that, more and more CISOs together with CIOs will look for consolidated platforms that can help people like me to manage cloud spend, security posture, asset configuration management, quality and cost optimisation. This is one prediction I look forward to experiencing.

As we look ahead to 2024, the security world is on the cusp of major advancements, both good and bad. I hope we are wrong on some of them, particularly as it relates to weaponisation of AI, though early signs suggest the opposite. Embracing these predictions will help you plan robust security measures – essential for organisations in an increasingly complex and dynamic digital environment.

By staying informed and adopting innovative security solutions, businesses can navigate the evolving landscape of cloud native technologies with confidence.

Despite reported threat detection, investigation, and response (TDIR) improvements in security operations, more than half of organisations still experienced significant security incidents in the last year

According to new research from International Data Corporation (IDC) and Exabeam, a global cybersecurity leader that delivers AI-driven security operations, 57% of companies experienced significant security incidents in the last year that required extra resources to remediate — shining a glaring light on program gaps caused by dedicated but overburdened teams lacking key, automated threat detection, investigation, and response (TDIR) resources.

North America experienced the highest rate of security incidents (66%), closely followed by Western Europe (65%), then Asia Pacific and Japan (APJ) (34%). Research for the Exabeam report, The State of Threat Detection, Investigation and Response, November 2023, was conducted by IDC on behalf of Exabeam and includes insights from 1,155 security and IT professionals spanning these three regions.

“As organisations continue to improve their TDIR processes, their security program metrics will likely look worse before they get better. But the tools exist to put them back on the front foot”

The findings reveal a significant gap between self-reported security measures and reality. Despite 57% of interviewed organisations reporting significant security incidents, over 70% of organisations reported better performance on cybersecurity key performance indicators (KPIs), such as mean time to detect, investigate, respond, and remediate in 2023 as compared to 2022, and the overwhelming majority of organisations (over 90%) believe they have good or excellent ability to detect cyberthreats.

Seventy-eight percent also believe that their organisations have a very effective process to investigate and mitigate threats. These inflated confidence levels are creating a false sense of security and likely putting organisations at risk. A continued lack of full visibility and complete TDIR automation capabilities, which survey respondents also reported, may explain the discrepancy.

“While we aren’t surprised by the contradictions in the data, our study in partnership with IDC further opened our eyes to the fact that most security operations teams still do not have the visibility needed for overall security operations success. Despite the varied TDIR investments they have in place, they are struggling to thoroughly conduct comprehensive analysis and response activities,” said Steve Moore, Exabeam Chief Security Strategist and Co-founder of the Exabeam TEN18 cybersecurity research and insights group. “Looking at the lack of automation and inconsistencies in many TDIR workflows, it makes sense that even when security teams feel they have what they need, there is still room to improve efficiency and velocity of defence operations.”

A visibility crisis in security operations

Organisations globally report that they can “see” or monitor only 66% of their IT environments, leaving ample room for blind spots, including those in the cloud. While no organisation is immune from adversarial advances, the lack of full visibility means that organizations are potentially blind to any advances in those unseen environments.

“Despite having the lowest number of security incidents, APJ reports the lowest visibility of all regions at 62%, signalling that these teams may be missing and failing to report incidents as a result,” noted Samantha Humphries, Senior Director, International Security Strategy, Exabeam. “With business transformation initiatives moving operations to the cloud and an ever-increasing number of edge connections, lack of visibility will likely continue to be a major risk point for security teams in the year ahead.”

Automation lags across TDIR

With TDIR representing the prevailing workflow of security operations teams, more than half (53%) of global organisations have automated 50% or less of their TDIR workflow, contributing to the amount of time spent on TDIR (57%). Not surprisingly, respondents continue to want a strong TDIR platform that includes investigation and remediation automation, yet hesitation to automate remains.

“As attackers increase their pace, enterprises will have to overcome their reluctance to automate remediation, which often stems from concern over what might happen without a human approving the process,” said Michelle Abraham, Research Director for IDC’s Security and Trust Group. “Organisations should embrace all the helpful expertise they can find, including automation.”

The greatest TDIR needs in 2024 and beyond

When organisations were asked about the TDIR management areas where they require the most help, 36% expressed the need for third-party assistance in managing their threat detection and response, citing the challenge of handling it entirely on their own. This highlights a growing opportunity for the integration of automation and AI-driven security tools.

The second most-identified need, at 35%, was a desire for improved understanding of normal user and entity and peer group behaviour within their organisation, demonstrating a demand for TDIR solutions equipped with user and entity behaviour analytics (UEBA) capabilities. These solutions should ideally minimise the need for extensive customization while offering automated timelines and threat prioritisation.

“As organisations continue to improve their TDIR processes, their security program metrics will likely look worse before they get better. But the tools exist to put them back on the front foot,” continued Moore. “Because AI-driven automation can aid in improving metrics and team morale, we’re already seeing increased demand to build even more AI-powered features. We expect the market demand for security solutions that leverage AI to continue in 2024 and beyond.”

The organisations surveyed for the report represent North America (Canada, Mexico, and the United States), Western Europe (UK and Germany), and APJ (Australia, New Zealand, and Japan), across multiple world industries.

To download and read The State of Threat Detection, Investigation, and Response 2023 report, including regional survey results and IDC’s essential guidance, visit the Exabeam website here.

https://www.exabeam.com/tp/2023-tdir-global-report/

Gigamon, the leading deep observability company, today announced significant cloud business momentum for 2023, delivering over 100 percent cloud revenue growth (YoY).

Powered by strong global customer demand for the Gigamon Deep Observability Pipeline, the company’s overall recurring revenue grew over 20 percent YoY and is now over 70 percent of total revenue.

The latest quarter brings the total to 38 consecutive quarters of profitability, underscoring the growth and momentum in the company’s fast-growing cloud business, as organisations continue to choose Gigamon to secure and manage hybrid cloud infrastructure.

Gigamon celebrates its 20^th anniversary this year and as the deep observability market continues to expand globally, forecast to reach $2B by 2027, it again expanded its leadership position with 67 percent market share in the first half of 2023, according to a new report by 650 Group.

Nearly every organisation is embracing hybrid cloud infrastructure to maintain a competitive edge. However, various considerations around hybrid cloud security have emerged as top priorities for IT and security leaders and their teams, given the sharp rise in cloud-based security threats and breaches.

The Gigamon 2023 Hybrid Cloud Security survey of 1,000 IT and security leaders revealed that while 90 percent of respondents admitted to having suffered a data breach in the past 18 months, one in three breaches are going undetected by traditional security and observability tools.

The survey also revealed that 70 percent of the organisations lack awareness around blind spots and the dangers concealed in encrypted traffic, admitting they let encrypted data flow freely.

“IT organisations continue to be challenged with the complexity of multi-cloud environments and the rapidly evolving threat landscape,” said Alan Weckel, founder and technology analyst of 650 Research. “Deep observability is a game-changer for operations teams, tangibly reducing that complexity by providing the network-derived insights needed to optimise their security and performance tool stack, eliminate blind spots and proactively address issues.

“As a result, the deep observability market is one of the fastest growing market segments, expected to grow 100 percent in 2023 and approach $2B by 2027. Gigamon is in a unique position to capitalise on this growth trajectory due to their market share leadership and innovative, value-added capabilities like Precryption™ technology and Application Metadata Intelligence.”

Gigamon uniquely addresses hybrid cloud security challenges with its deep observability pipeline that efficiently delivers network-derived intelligence to traditional cloud, security, and observability tools, helping to eliminate security blind spots and enabling organisations to better secure and manage their hybrid cloud infrastructure.

“The threat is more pernicious than ever, and the attack surface has dramatically increased, making it so that no organisation – large or small – is immune to cybersecurity breaches,” said Shane Buckley, president and CEO of Gigamon.

“As a result, we continue to see organisations prioritising security for their hybrid cloud infrastructure as part of ongoing digital transformation initiatives, despite some of the challenging economic headwinds over the past 12 months. This year, hybrid cloud security will remain a top budgeting priority, and we believe our deep observability pipeline is the most cost-effective, efficient approach to securing hybrid cloud infrastructure.”

The company’s continued momentum in securing hybrid cloud infrastructure for its global customer base is underscored by the following milestones in 2023:

• Gigamon Precryption™ Technology – The company launched a breakthrough approach to gaining visibility into encrypted traffic with Precryption technology. Revealing previously concealed threat activity, including lateral movement, malware distribution, and data exfiltration, Precryption technology’s innovative approach – automated for the first time – delivers plaintext visibility, capturing traffic before encryption or after decryption.
• Key Customers – Gigamon realised strong growth across all industries globally, with notable growth in the U.S. public sector, as those organisations seek to comply with the Zero Trust mandate.

The company achieved a customer satisfaction rating of 4.8, with new customers including Comgas, Palladin Technologies, and Micron Technologies adding to the more than 4,000 global customers served by Gigamon. As of January 12, 2024, Gigamon has an Overall Rating of 4.7 out of 5 in the Network Performance Monitoring market, based on 70 reviews Gartner® Peer Insights™.

• Ecosystem and Channel Growth – The company continues to deliver on its channel-first strategy, empowering global channel partners with its deep observability solutions.

In 2023, global distributor TD SYNNEX joined the company’s award-winning Catalyst Channel Program. Further broadening its ecosystem with key technology integrations, such as Amazon Security Lake from AWS, and participation in the Microsoft Security Copilot Partner Private Preview, Gigamon continues to expand the number of uses cases for its Deep Observability Pipeline.

• Company Recognition – Citing the value of the Gigamon Deep Observability Pipeline, Frost & Sullivan recognised Gigamon with the 2023 Global Company of the Year Award. Gigamon also was named to the 2023 Fortune Best Medium Workplaces, the 2023 Fortune Best Workplaces in Technology, and 2023 Singapore Best Workplaces in Technology lists, as well as winning the inaugural Technology & Services Industry Association^® (TSIA) DEI STAR award.

At the 2023 VMware Explore conference, Gigamon received a Best of VMware Explore for its Application Metadata Intelligence product, and ended the year by winning the InfoSec Top Innovator award for Precryption technology.

To learn more about the Gigamon Deep Observability Pipeline, visit our website here; to learn about award-winning Precryption technology, visit our website here.

Gigamon® offers a deep observability pipeline that efficiently delivers network-derived intelligence to cloud, security, and observability tools. This helps to eliminate security blind spots and reduce tool costs, enabling organisations to better secure and manage their hybrid cloud infrastructure.

Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, 9 of the 10 largest mobile network providers, and hundreds of governments and educational organisations worldwide.

Cyber resilience and data protection giant Commvault has released a new report in conjunction with futurum that found the traditional silos between ITOps and security teams are beginning to break down, as ‘organisations realise the importance of increased collaboration to combat the onslaught of more sophisticated cyber attacks’.

The research also suggests that the rise of AI is a determining factor for this closer collaboration.

The report is titled “Overcoming Data Protection Fragmentation for Cyber-Resiliency,” and was conducted after a global survey of mainly c-suite executives including Asia-Pacific.

The research suggests that nearly all respondents feel the relationship between ITOps and security has grown more connected over the past 12 months.

‘For those who described the relationship between ITOps and security as “connected,” 64% stated they now have shared goals for maintaining the company’s security and 70% stated they have joint processes and procedures in place for daily operations. However, there is still work to do. For example, only 48% stated they have established joint processes and procedures in place to mitigate or recover from an incident’.

“Synergies between ITOps, security teams and the C-suite has never been more crucial as cyber criminals are deploying more sophisticated attacks powered by AI,” said Javier Dominguez, Chief Information Security Officer, Commvault. “But, with 19 cyber attacks every second, breaches are inevitable. It’s critical that ITOps and security teams jointly think about recovery as part of an end-to-end security practice tied to the NIST framework.”

More insights from the media release:

Using AI to Advance Security 

AI is expected to be a major theme in 2024 with more than two-thirds (68%) of respondents indicating the technology will boost their security efforts by identifying and responding to threats more quickly and accurately. Respondents identified several ways AI could improve their organisation’s security posture, including:

• Augmenting and automating employee training and security awareness (67%)
• Increasing efficiency by automating day-to-day operational processes associated with data protection (66%)
• Augmenting user authentication and access control (57%)
• Augmenting compliance monitoring and reporting (52%)

Data Fragmentation Creates Cyber Resilience Challenges 

Organisations continue to grapple with fragmented data protection solutions, which not only creates management complexities but cyber resilience challenges. More than 90% of respondents say fragmentation of data protection tools has a direct, negative impact on their organisation’s cyber resiliency and 54% indicated that fragmentation hinders their organisation’s cyber resiliency efforts.

“Utilising a host of fragmented data protection products can drive up costs, create management nightmares, give bad actors more avenues to exploit, and slow down recovery,” said Krista Macomber, Research Director, The Futurum Group. “This research serves as a good reminder that organisations should consider a modern platform that can reduce fragmentation, protect a vast array of workloads across any location, predict threats faster, and speed up response and recovery times.”

To review the full survey results, click here.