Five Takeaways From The 2019 Gartner Security & Risk Management Summit
We are back in Cupertino after a productive week at the 2019 Gartner Security & Risk Management Summit, held at the beautiful Gaylord National Resort just outside Washington, DC. We enjoyed meeting with Gartner analysts, CISOs, security and risk professionals, customers, and prospects at the conference sessions, and at our booth in the exhibit hall.
What was valuable was hearing from cybersecurity stakeholders about their strategic and pressing needs. Here are some of our key takeaways from the event.
Automation as a Continuum
The theme at the 2019 Summit was Automation. Katell Thielemann, Beth Schumaecker and David Mahdi gave an engaging opening keynote address describing the key trends in cybersecurity this year. They view cybersecurity automation as a continuum with applicability for security professionals, business stakeholders, and application developers.
While we have already seen process automation tools that reduce repetitive tasks, and predictive analytics that can provide early warnings of risks, Gartner sees a wave of Adaptive Automation making its impact on cybersecurity. AI-enabled Autonomous Response systems will simplify incident response cycles for a wide variety of issues, reducing the burden on SOC teams, and shortening response times. AI-enabled Augmented Analytics will surface richer insights from the data deluge, enabling better strategic policy decisions around cybersecurity.
The Security Event Data Deluge
Peter Firstbrook also provided a useful summary of the top trends in 2019 and beyond. Cloud adoption continues at a brisk pace with 49% of organizations expecting to store the majority of their data in the public cloud by 2020, and 71% reporting that the majority of this data is sensitive. Passwords continue to be a pain point, with 83.9% of phishing attacks attempting to steal credentials.
The other key trend that stood out for us is that 70% of organizations are unable to process more than 60% of their security event data. Staffing remains a major challenge for many cybersecurity teams.
Technical Controls Against Phishing Fail
Another theme that stood out is the rise in Business Email Compromise attacks across organizations of all types and sizes. This was clearly top of mind for many visitors to our booth, and according to Neil MacDonald, this is one of the Top 10 security projects for 2019.
… discussions on email security revolve primarily around inbound risks, leading to a gateway-centric approach, but internal risks are just as prevalent, and rerouting internal messages through Secure Email Gateways (SEGs) is not an acceptable solution. We couldn’t agree more …
Mario de Boer gave a very detailed technical overview on Mitigating Phishes That Your Email Gateway Misses. He highlighted the value of solutions like Armorblox for assisting end-users in analyzing messages and preventing compromise.
Neil Wynne also presented an excellent talk about Redefining Your Email Security Strategy for 2020. The CARTA approach provides a good framework for developing an effective strategy encompassing Prediction, Prevention, Detection and Response. A key point Neil highlighted is that many discussions on email security revolve primarily around inbound risks, leading to a gateway-centric approach, but internal risks are just as prevalent, and rerouting internal messages through Secure Email Gateways (SEGs) is not an acceptable solution. We couldn’t agree more. With email moving to the cloud – predominantly on Microsoft Office 365 – API-based controls provide adequate near real-time protection from inbound, as well as insider threats, without slowing down internal communication.
Employee Engagement Matters
Neil raised another pertinent issue. Most organizations have some form of phishing education and reporting framework in place. But how many actually follow up with the users with an action report?
If you report fake profiles to Twitter or Facebook, they actually respond to you after a few days with the status of your request. However, most organizations don't have an effective feedback loop for phishing email submissions. If users feel like their submissions are going into a black hole, they are less likely to continue that behavior.
Another challenge is that security analysts don't have enough context to determine if a suspicious email is indeed malicious. Spear phishing emails are increasingly sophisticated and hard to distinguish from legitimate communication. They need a triage process that involves the sender and/or the recipient of the email.
Organizations need more user engagement in their cybersecurity processes if they are to fight phishing and social engineering successfully.
Phishing Moves to the Cloud
Which brings us to the cloud. With core business applications, like email and collaboration, moving to the cloud, Cloud Access Security Broker (CASB) controls are increasingly important in securing enterprise communication. While traditional tools might be looking for phishing links in the body of the email, we are increasingly seeing emails with links to documents stored in Dropbox or Google Drive. The phishing links are actually inside those documents, and without the API hooks to retrieve, scan, and quarantine these documents, it’s impossible to detect such threats and protect the users.
NLU Provides the Missing Context
Cybersecurity continues to be a challenging discipline, but help is here. The latest advances in deep learning and Natural Language Understanding (NLU) are enabling better detection accuracy and AI-enabled autonomous response workflows at a level not seen before. Armorblox’s own NLU Platform can analyze enterprise communication across multiple channels and identify threats with a dramatic reduction in false positives. Schedule a demo today to learn more, and check out our resources page for additional information.
We hope you enjoyed this recap of the 2019 Gartner Summit, and stay tuned for details about our next event!