When it comes to cybersecurity in 2023, the name of the game is proactivity.
Proactive cybersecurity relies on technologies that actively prevent breaches from occurring, as opposed to reacting to a breach after the fact. At a basic level, proactive cybersecurity includes relatively mundane but important tasks like immediately patching vulnerabilities and performing upgrades. However, proactive security technologies are growing more sophisticated, which is why experts believe the approach to be a major 2023 cybersecurity trend.
So, why now? Rik Turner, a principal analyst at Omdia, said it’s due to a culmination of factors over the past several years. The best reactive cybersecurity technologies, such as endpoint detection and response (EDR), network detection and response (NDR), cloud workload protection platforms, and inbound email security, haven’t stemmed the explosion of sophisticated cyberattacks. Even extended detection and response, a popular and more recent security technology, is reactive in nature.
While Turner doesn’t recommend jettisoning these technologies – they still have plenty of value – he believes that the next wave of proactive cybersecurity technologies are an important complement to them.
“Instead of aiming to identify the breach and remediate it as quickly as possible, proactive security can reduce the addressable targets within an organization and enable detection and response activities to focus on what is still getting through,” Turner said.
8 Proactive Cybersecurity Technologies
In addition to implementing a zero trust, security-conscious organizations are evaluating or adopting these eight proactive technologies.
1. Security posture management (SPM)
In general, SPM automates the identification and remediation of risk across the environment, helping with risk visualization, incident response, and compliance monitoring.
There are several flavors of SPM today. These include cloud security posture management, which focuses on cloud infrastructures (including IaaS, SaaS and PaaS), and data security posture management, which identifies sensitive data and ensures that it remains secure during access and use.
But perhaps the most important SPM technology today, Turner said, is SaaS security posture management (SSPM). SSPM works to detect and remediate misconfigurations and other issues in SaaS apps.
Turner said SSPM is one of the most important innovations in SaaS security since the development of cloud access security broker (CASB) technology. While CASB is reactive, SSPM seeks to impose the strictest security policies possible while still enabling the application to remain workable for the organization, he said.
2. Attack Surface Management (ASM)
ASM technology continuously monitors a spectrum of digital and physical assets – from applications, digital certificates, and code to mobile and IoT devices – to maintain visibility of known and unknown assets. It’s a big job: Currently, 52% of IT organizations manage more than 10,000 assets. Gartner considers ASM an important and growing technology, and other industry watchers clearly agree.
“We see ASM as a progression of security analytics, and as an extension of the concept of EDR and NDR,” said Scott Crawford, research director for information security at S&P Global Market Intelligence.
“[ASM] takes the trend of increased awareness of malicious activity manifested in threat detection response and extends it even further,” Crawford explained. “It answers questions like, ‘Where might we be targeted where we don’t have visibility, and what does our attack surface look like as a whole? What aspects of it do we not have telemetry on? Or even worse, are we lacking defenses we should have?’”
3. Cloud Security Posture Management (CSPM)
CSPM technology inspects workloads in IaaS and PaaS environments and recommends mitigation actions. Some offerings also perform the remediation.
4. Cybersecurity Performance Management (CPM)
Cybersecurity performance management products monitor the performance of an organization’s security tools. Products may track policies like multifactor authentication and metrics like the time it takes to patch vulnerabilities. This creates a fuller picture of ongoing risk and compliance management practices.
5. Breach and Attack Simulation (BAS)
BAS tools, or which Omdia calls incident response and testing, inspect an organization’s IT infrastructure to identify all routes threat actors could exploit for an attack.
6. Cyber Asset Attack Surface Management (CAASM)
This emerging technology provides visibility of cloud and on-premises assets via API integrations in existing tools. CAASM can help security teams identify vulnerabilities and gaps in security tools and speed up remediation and incident response.
7. Cloud Permissions Management (CPM)
CPM technology discovers the extent of access rights within an organization and enforces the principle of least privilege, which grants users the minimal privileges required to perform the job. For example, CPM can detect over-permissioned access to cloud resources. Once identified, many CPM tools can make suggestions and even carry out required changes.
Cloud infrastructure entitlement management is Gartner’s term for CPM.
8. Security as a Service (SECaaS)
As cybersecurity monitoring and mitigation becomes more complicated and security talent remains scarce, more organizations are expected to turn to security as a service. SECaaS, offloads cybersecurity management to an experienced third-party firm, such as a managed security services provider (MSSP). SECaaS can range from maintaining broad security functions to overseeing specific systems, such as security information and event management, CASB, and secure access service edge.
“Navigating all of the solutions, capabilities, and threats can be difficult,” said Max Shier, CISO of Optiv, which provides SECaaS. “It’s easy to go to a MSSP or SECaaS provider that can identify any security gaps and get a solution that can satisfy … your specific use cases at a reasonable cost compared to a disparate or legacy … on-premises solution.”