This year’s RSA Conference in San Francisco saw the IT security sector moving on in a couple of ways. Firstly, there were a multitude of vendors proposing technology to go beyond security incident and event management (SIEM), and secondly, detection and response capabilities are now offered as a managed service.
Some ongoing trends from previous years included the use of artificial intelligence and, more specifically, machine learning (ML) to improve threat detection.
This can be in platforms such as endpoint detection and response (EDR), where ML algorithms are applied to network traffic, or in user and entity behavioral analysis, where a system learns what constitutes normal behavior, then watches to detect anomalies that may indicate that a security exploit is underway.
In identity services, an ongoing trend is the zero trust model in privileged access management, where privileged users such as sysadmins must authenticate every time they start a new task and are therefore granted access rights only for the specific task they are performing, rather than gaining general access rights across the organization.
This year Ovum investigated the emerging sector of managed detection and response (MDR) in particular, where EDR and/or network detection and response (NDR) are offered as a service. We see this as an important development that can broaden the “xDR” market beyond the large enterprise market.
We also tracked the evolution of SIEM. Either the SIEM vendors themselves will address the shortcomings of their technology by adding functions, or newer players will enter the market with products that are initially complementary but may ultimately replace SIEMs altogether. These shortcomings include the fact that they
don’t work well across hybrid on-premises/cloud environments
cannot address the requirement for integrated detection and response
charge customers to store data, making their cost more onerous as the amount stored increases.
Rik Turner, Principal Analyst, Infrastructure Solutions