Part of my role as a security ninja is to stay up-to-date with industry trends, so I regularly follow the observations Gartner receives from security managers and vendors around the world and review strategies on how security teams can address them.
It’s impressive how accurate Gartner is with its predictions. Similarly remarkable is how advanced Splunk customers and users have been by addressing these trends with Splunk technology today.
Most of the time, people see Splunk as a tool for SIEM or SOAR… then realize that there's so much more to it! It’s a true platform to build and modernize security operations to perform real security that suits their needs, and matures with their organization.
In this 3-part blog series, I want to take a closer look into this year’s Gartner Security and Risk Trends, through a Splunk lens. I’ll be exploring each trend which should help you in case you’re wondering what’s next and how you can address these security and risk trends in practice.
Let’s take a look at the trends.
|TREND NO. 1: Leading SRM leaders are creating pragmatic risk appetite statements linked to business outcomes to engage their stakeholders more effectively.|
|Best Practices From Top Organizations||How Splunk & Partners Can Help|
Rasha M. Abu AlSaud, SVP - Chief Information Security Officer from a leading Saudi Bank talked at the Gartner Security and Risk Management Summit 2018 in Dubai, highlighting how the organization aligned its information security strategy and business priorities.
Rasha explained how she gained a seat at the boardroom table. She then mapped business objectives to the security program using the business objective of customer trust as an example, requires secure digital services. Customer satisfaction requires high availability of services, more digitization requires new diverse applications to protect and more compliance regulations demand more adherence to them. If you want to learn more, you can find the blog writes up here: “How a Leading Saudi Bank matured security to better partner the business”
Everyone talks about aligning security with the business but this is easier said than done as many security experts come from a firewall & endpoint protection background.
Our article “SIEM: The Steps Before "The First Steps" doesn’t only focus on risk appetite statements, but also on how to pragmatically get the overall business aligned with security goals. Moreover, we describe in detail how alignment can be achieved through a security steering committee and what its responsibilities are. Therefore creating a pragmatic risk appetite statement could potentially turn into a great task to put on the agenda of that security steering committee.
There are many partners in our ecosystem, providing management consulting and strategy design for information security risks - such as are Accenture, Deloitte or Booz Allen Hamilton.
|TREND NO. 2: There is renewed interest in implementing or maturing security operations centers (SOCs) with a focus on threat detection and response.|
|TREND NO. 3: Leading organizations are utilizing a data security governance framework to prioritize data security investments.|
|TREND NO. 4: “Passwordless” authentication is achieving market traction, driven by demand and the availability of biometrics and strong hardware-based authentication methods.|
|TREND NO. 5: Security product vendors are increasingly offering premium services to help customers get more immediate value and to assist in skills training.|
|TREND NO. 6: Leading organizations are investing in and maturing their cloud security competency as it becomes the mainstream computing platform.|
|TREND NO. 7: The strategic CARTA approach to security is starting to appear in more traditional security markets.|
Thanks for reading! Stay tuned for part two where we look into the second and third trends of 2019, and for those of you attending Gartner’s Security and Risk Management Summit in London this September, I look forward to seeing you there!