Organizations are staring down a total transformation in how they approach cyber security. As they move the last of their core services to the Cloud, brace for the Internet of Things (IoT), and grapple with a growing security skills shortage, it has become clear that yesterday’s approach to securing the enterprise will not sufficiently protect against tomorrow’s threats.
Further complicating matters, various emerging technologies—including AI, Machine Learning, advanced analytics, and blockchain—are transforming the fundamental architecture of technology services, and producing new defensive strategies for security staff...and attack vectors for cyber criminals.
To help cyber leaders address this challenging new landscape, Gartner recently hosted their 2018 Security & Risk Management Summit. Taking place between June 4th-7th in National Harbor, MD, the Summit connected over 3000 security professionals to answer today’s most pressing questions about how to secure the new digital business. As a proud sponsor of this Summit, we were lucky to gain a front-row-seat to many of the event’s most compelling moments
A Few of Gartner SEC’s Highlights
The event’s opening keynote was delivered by three of Gartner’s research VPs (Craig Lawson, Ramon Krikken, and Katell Thielemann), and tackled a provocative topic: “Scaling Trust and Resilience—Cut the Noise and Enable Action”. The keynote covered a wide range of important topics, revolving around a critical, intuitive takeaway: namely, that trust is the primary objective of many security activities. According to the keynote, anyone involved in security is continuously working to maintain the confidence in their organization, people, process, and technology.
Many factors go into building—and maintaining—this trust, according to the keynote’s speakers. But perhaps the most important element of delivering on trust is derived from deploying a credible risk management strategy. Any credible risk management strategy must focus on continuously asking, and answering, three core questions: What’s important? What’s real? What’s dangerous? While the keynote included some very tactical explorations as well, attendees walked away with a keen understanding that this mindset shift, and these three core questions, are required to first adjust perceptions of security, and to lead to important security activities.
This approach continued throughout the Summit. While there were plenty of tactical and technology-focused discussions throughout, speakers regularly raised their head above “the weeds” to take a broader, “softer” perspective on cyber security.
- Guest Key Note Speaker James Stavridis, Retired Admiral from the United States Navy explained the need to maintain balance between speeding up our security while fixing problems at the same time.
(Gartner Security & Risk Management Summit, Sailing the Cyber Sea: The New Realities of 21st Century Security, James Stavridis, June 4-7)
- Anton Chuvakin and Toby Busa cut through the noise on security analytics and AI in their session State of Security Operations, Monitoring, and Analytics, 2018. The questions to ask your AI vendor is something that will help all buyers of AI.
- Sid Deshpande in a special session on MDR warned that the market is overhyped with many providers falsely claiming to offer MDR. I recommend readers to review Gartner’s Market Guide for Managed Detection and Response and the Representative MDR vendors listed in it if you are considering MDR. Paladion is one of the Representative Vendors in this list. (Gartner, Market Guide for Managed Detection and Response Services, 11 June 2018)
- The Summit’s “Ask a Hacker” panel provided the entertaining, unique perspective—from real hackers—on which security strategies work, and which don’t
Did the Summit Deliver?
With such a wealth of security thought leaders, vendors, and professionals, the four day summit was a rush to be a part of. Attendees reported meeting hundreds of their peers, and have already begun to share their own key takeaways from the event.
One attendee noted that “Cloud security emerged as one of the central themes of the conference,” and that they learned how “More clouds means more security exposure.
Another attendee took away the importance of identity in cyber security. As they noted, “With large breaches (Equifax), data protection (GDPR), and data privacy (Cambridge Analytics) in the recent news, identity plays an important role in modern cyber security. Without an identity you have NO visibility to a device, person, or server that needs protection.”
And as a vendor showcasing our new AI-driven MDR service, we had our own unique takeaway— that the challenge of IT security is not a single-variable equation. We spoke with countless attendees and noted how the problem of cyber security is now a problem that spans people, processes, and products. It encompasses everything from culture to infrastructure to leadership. And, perhaps most important of all, any effective solution to tomorrow’s cybersecurity challenges must be as comprehensive—and cutting-edge—as the problems themselves.
With that, we wish to thank the event’s speakers, its many attendees, and Gartner, for providing a forum to confront the complexities of tomorrow’s cybersecurity challenges and solutions. We are looking forward to the 2019 Security and Risk Summit.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Sachin Varghese is EVP AMERICAS & CMO at Paladion. He has over 18 years of experience in Cyber Security, and has helped several leading enterprises in North America and Europe build resilient cyber security frameworks.