What’s hot and what’s not? In the recent heat, it seems like the answer has been “everything” and “nothing” respectively!
So, as the air-con went into overdrive, we decided to cool down with a quick summer straw poll of some of our resellers, MSPs, staff and consultants on what they believe to be the security trends of the season.
“Layered security is smokin’!”
This is how one partner responded, and his opinion is echoed by commentators in the industry media.
This CSO Online article, for example, urges businesses to “create multiple layers of security in order to address a wide variety of security concerns.”
IT ProPortal, for its part, includes in its predictions for IT changes in 2018 “the urgent need for continuous visibility and layered security…”.
The reason layered security is moving rapidly up the temperature gauge is because it’s being driven by unstoppable usage that puts many day-to-day IT processes outside the traditional security perimeter (cloud applications, home and mobile working, the use of often unauthorised personal devices, etc.)
So, there now has to be dedicated defences and threat analysis at the level of each IT layer - including web gateway, endpoints, email, applications, and more.
It’s worth mentioning that within this layered security space, we’ve seen a pronounced emphasis on the Endpoint Detection and Response (EDR) element recently.
Bitdefender alone has launched two new endpoint protection platform solutions for resellers that feature EDR components (GravityZone Ultra Suite and GravityZone Elite), with MSP variants (GravityZone EDR and GravityZone ATS) also available.
Machine learning: red-hot and very cool
As a human, when it’s hot, the last thing you need is large volumes of unnecessarily repeated activity.
Yet this is how many security solutions have typically functioned.
Got multiple layers you need to secure? Then investigate the threats to each one in isolation, using a layer-specific security solution, every time.
Want Endpoint Detection and Response? Then manually sift through a constant tidal wave of alerts and false positives.
None of this is fun, which is why machine learning scored so highly as a hot topic in our poll. It introduces intelligence that simply makes security easier, and that’s cool.
Take the example of a threat or malware variant that can target multiple layers simultaneously. What machine learning makes possible is the sharing of security information across those layers, so that the characteristics of attacks that move between layers can be spotted early on, in one single, efficient process across the entire business or enterprise (Trend Micro’s Smart Protection Suites – SPS - are a great example).
Machine learning has revolutionised EDR, too, enabling it to neutralise even unknown threats at pre-execution stage (Bitdefender again). This vastly reduces the traditionally ‘noisy’ levels of alerts, essentially making EDR usable at long last!
Protecting data: an incendiary topic!
GDPR has made many businesses’ blood boil in recent times, so it’s not surprising that our poll respondents thought this topic to be an on-trend firestarter on many fronts!
Smouldering amongst the responses were how to protect data in email, how to stop sensitive data exiting an organisation, how to get data back when it’s been hacked or held hostage by ransomware, and how poor patching affects data security.
Perhaps the greatest issue of all, at least as seen by some of our contacts, is that no one security vendor appears to have an all-encompassing data compliance offering.
However, there are some interesting and effective solutions now available, as we recently explained in our GDPR Knowledge Brief series.
Ease of management: a burning priority for MSPs
Finally, when it comes to business performance, the heat is always on – which is why many of our MSP respondents wanted to raise the issue of how easy (or otherwise) it is to actually manage security solutions as a service.
From where we’re sitting, the trend here is encouraging. Security vendors are increasingly offering a ‘single pane of glass’ approach, in which their security services can all be managed, and in some cases deployed, from one centralised management console.
For service providers, this means less management and admin time needed, and therefore keener margins, as well as better quality of service delivery and, ultimately, higher customer satisfaction levels.
This article explains more, and draws the conclusion that “A unified platform that can manage all enterprise endpoints – virtual or physical – should be more than just ‘nice to have,’ but an actual ‘must have.’”
Plenty there, then, to stoke up a real security debate, whatever the weather!
But if you don’t agree with any of it, don’t get all hot under the collar – just get in touch and talk to us about it.
(We’re a pretty chilled bunch here…)