Analysis of Gartner Hype Cycle For Security Operations 2021

Rapid adoption of emerging technologies continues to make businesses more efficient. It also makes the businesses prone to a large number of cyberthreats and exposes them to more vulnerabilities and must use security operations technologies to protect from external risks. Gartner Analysts explore the capabilities and benefits of these emerging technologies and solutions in the 2021 Hype Cycle for Security Operations. It offers key insights for security teams and leaders to develop & improve their security strategies.

Listen To The Podcast

Part 1: Overview of New Category Entrants to the Gartner Hype Cycle Security Operations 2021

Majority of the technologies in innovation trigger are focussed on continuous assessment-and-exposure-based approach. With greater adoption of cloud-based services and a focus on detection and response, a continuous assessment-and-exposure-based approach is emerging and are the majority of the new entrants to the Hype Cycle feature in this area.

External Attack Surface Management (EASM)
EASM helps organizations to identify risks from known and unknown external-facing assets and systems. Security leaders can use EASM capabilities to discover and manage the risks from their internet exposed assets.  

EASM supports organizations in identifying risks from known and unknown internet-facing assets and systems”

Ruggero Contu (Research Director), Mitchell Schneider (Research Analyst) & Elizabeth Kim (Principal Analyst) from Gartner.

Gartner logo

Autonomous Penetration Testing & Red Teaming

With Autonomous Pen Testing & Red Teaming, organizations can take advantage of penetration testing and red teaming capabilities without having to hire expensive experts for internal testing capability. Continuous testing of infrastructure and cybersecurity defenses is possible with this solution and helps organizations to find and mitigate weaknesses, gaps and operational deficiencies faster.

Security testing, like network penetration testing and red teaming, plays an important role in an organizations’ capabilities to identify exposures, vulnerabilities and weaknesses in their defenses

Toby Bussa, Gartner Analyst

Gartner logo

Cyber asset attack surface management (CAASM)

CAASM enables security teams to improve basic security hygiene by ensuring security controls, security posture and asset exposure are understood and remediated across the environment. Organizations that deploy CAASM reduce dependencies on homegrown systems and manual collection processes, and remediate gaps manually or through automated workflows.

Pen Testing as a Service (PTaaS)

PTaaS helps in on-demand and continuous scanning on internal and external infrastructure, optimizing the cost by improving the quality of output. It will enable faster treatment of vulnerabilities by Integrating in DevOps and access to real-time findings through the platform.

Part 2: Three categories that got removed & why?

  • Network sandboxing has now evolved from a product to a feature of other products like secure web gateway (SWG) & firewall.
  • IoT security has changed focus to a development-centric approach and therefore no longer aligns with the aims and capabilities associated with security operations.
  • Endpoint protection platforms (EPP) are not able to address the nature of modern threats as it is not practical to focus on achieving 100% prevention and protection.

Part 3: Security operation technologies covered in the Gartner report

 

Gartner details the maturity, business impact, market penetration, drivers and obstacles of 21 different technologies and services that mitigate threats and reduce risk. The report includes a priority matrix, which presents a timetable for adoption for the security operations solutions and gives readers an idea of where organizations are prioritizing their current IT security budgets and how long it will take for these technologies to go mainstream.

Hype Cycle for security operations report focuses heavily on consolidation of security operation technologies and  continuous assessment & exposure-based approach technologies. The key trend across all technologies in the security operations space is greater API interactivity and availability. Continuous & exposure based technology services like External attack surface management (EASM), autonomous security testing, and threat intelligence provide an inward-looking viewpoint toward an organization’s infrastructure from the outside.

Part 4: Cybersecurity Mesh Architecture

 

A Cybersecurity Mesh involves designing and implementing an IT security infrastructure which not only focuses on building a single perimeter around all devices or nodes of an IT network, but also establishes smaller, individual perimeters around each access point.

 Cybersecurity mesh is a distributed architectural approach to scalable, flexible, and reliable cyber control. The mesh changes the focus from protecting a traditional IT perimeter to a more modular approach that centralizes policy orchestration but distributes enforcement of cyber security policy.

Gartner predicts that by 2025, the cybersecurity mesh will support over half of digital access control requests.

Part 5: Why External Attack Surface Management (EASM) is Added as a New Entrant

 

Gartner Hype Cycle report emphasises on continuous assessment and exposure based approach technologies. These technologies provide an inward-looking viewpoint toward an organization’s infrastructure from the outside. These emerging technologies are the majority of new entrants in this Hype Cycle report.

Key drivers for External Attack Surface Management:

EASM tools help security leaders in understanding and reducing the unnecessary exposure to the internet and the public domain that could be exploited, to prioritize the most critical risks to be remediated. Few main reasons why security leaders need to implement EASM tools are

  • Most of the businesses are shifting to cloud infrastructure and SaaS services
  • Remote working due to covid pandemic
  • Adoption of IoT Technologies 
Why is it Important?

External Attack Surface Management (EASM) helps in identifying unknown assets and provides information about your systems, cloud services and applications that are publicly available & visible to an attacker or an adversary.

EASM tools provide capabilities like Continuous Monitoring of Attack Surface, External-facing assets discovery, Identify potential risky assets, prioritize those risks based on criticality and provide remediate guidelines. These capabilities are overlapping with existing services like DRPS (Digital Risk Protection Services), Threat Intelligence, Third Party/Vendor Risk Assessment and Vulnerability Assessment.

Business Impact of EASM Tools:
EASM tools play an important role in identifying risks from known and unknown external-facing assets. EASM tool capabilities help security leaders to understand and manage the risks of their attack surface.
  • Discovery of unknown assets that belong to organization (like IPs, Domains, Applications, Cloud services, 3rd party saas services..)
  • Identify internet exposed infrastructure vulnerabilities, exposed databases, misconfigured assets, risky open ports ..etc
 
 
 
Sample Vendors:
FireCompass is recognised as a Sample Vendor in Gartner Hype Cycle for Security Operations 2021 for External Attack Surface Management.

 

 

>> Download The Complimentary Report To Find Out More

 

Part 6: Why Autonomous Pen Testing & Red Teaming is Added as a New Entrant

 

Autonomous Pen Testing & Red Teaming solution is a new entrant to Gartner Hype Cycle for security operations report. Penetration testing and red teaming activities have traditionally been heavily dependent on human testers and a combination of commercial and proprietary tools. These autonomous security testing solutions are helping to fully or semi automate continuous infrastructure pen testing and red team activities.

Key drivers for Autonomous Penetration Testing & Red Teaming:
  • Traditional red teaming is costly and it is hard to find right experts
  • Traditional red teaming is done annually. There is a need to do it continuously which can only be achieved through automation.
  • Traditional red teaming requires set of processes, internal expertise and tools which will be expensive to develop

Why is it Important?

Security Testing (Red Teaming & Pen Testing activities) helps organizations to identify exposures, vulnerabilities and weaknesses in their security defenses. Most of the organizations only tests once in a year or with less frequency due to lack of internal expertise or due to the cost. Services like Autonomous Pen Testing & Red Teaming provide organizations with capabilities that will help in continuous monitoring and testing of their digital attack surface with semi or fully automated testing capabilities.
 
 

Business Impact of Autonomous Penetration Testing & Red Teaming:

  • Continuous testing of infrastructure and security defenses of an organization to mitigate risks and weaknesses
  • Organizations can take advantages of Red Teaming capabilities and Pen Testing capabilities without hiring expensive security experts
  • Organizations doesn’t have to rely on testing firm for scheduling for executing tests
 



Sample Vendors
FireCompass is recognised as a Sample Vendor in Gartner Hype Cycle for Security Operations 2021 for External Attack Surface Management.  

>> Download The Complimentary Report To Find Out More

 

Part 7: Concluding Thoughts

 

Gartner Hype Cycle for Security Operations 2021 focuses heavily on consolidation of security operation technologies and continuous assessment & exposure-based approach technologies. These technologies will provide an inward-looking viewpoint toward an organization’s infrastructure from the outside. We are sure that this report will positively impact the decision making process for security leaders across industry in near future.

About FireCompass:

FireCompass is a SaaS platform for Continuous Automated Red Teaming (CART) and Attack Surface Management (ASM). FireCompass continuously indexes and monitors the deep, dark and surface webs using nation-state grade reconnaissance techniques. The platform automatically discovers an organization’s digital attack surface and launches multi-stage safe attacks, mimicking a real attacker, to help identify breach and attack paths that are otherwise missed out by conventional tools.