
So, to counteract this they’re looking at security vendors to see how they can stop always being one step behind threat actors, and ultimately that is why we’re seeing a large proportion of these emerging solutions focused on assessing and validating security posture and protocols. Whilst members of the board might not always have the best technical knowledge, they will certainly be aware of the 46% of businesses that paid a ransom to the adversaries that encrypted their data, and more than likely they will have peers who have been on the wrong side of a ransomware attack. Whilst it’s probably frustrating for IT/Cyber Security professionals to see more acronyms surfacing, it’s something that shouldn’t be overlooked as there’s definitely some value to be had from these new solution areas, even if it’s just basic knowledge that might be able to help change their current approach.īut why are we seeing more assessment tools enter the frame I hear you ask? Well, it’s likely that because of the increase in targeted cyber-attacks that I mentioned earlier in this article that cyber security professionals are being driven by senior leadership to become PROACTIVE rather than REACTIVE.

One of the key differences that I did notice was the number of solutions that are centred around assessment! A third of the solution areas on the report itself seem to be assessment focused (these are Exposure Management, Automated Pen Test and Red Teaming, CAASM, External ASM, PTaaS, Breach and Attack simulation, Data Discovery and Management, Vulnerability Assessment). However, I don’t want to talk too much on the solutions that have already peaked as we’ve been speaking about these for a long time now, (like EDR and XDR as mentioned above, so enough of that) I’d like to focus on the left side to describe what’s up and coming and why you should be aware of it. One of the more obvious changes is that XDR (Extended Detection and Response) has moved from Innovation Trigger to Peak of Inflated Expectations, meaning it is now at its peak of being purchased and deployed, this isn’t surprising by any stretch as businesses are more eager than ever to actively detect and mitigate cyber-attacks, whilst having less time to investigate logs from their SIEM, NDR (Network Detection and Response), and Endpoint Detection and Response (EDR) which are all located in the 4th phase of the Hype Cycle report “Slope of Enlightenment”

When you look at the two most recent Hype Cycle for Security Operations reports from 2021 & 2022 side by side there doesn’t seem to be too much difference at first glance. 2022 has been a crazy year for everyone and that’s no exception for the cyber security industry, with a sharp increase of over 15% in targeted attacks on both the UK’s private and public sector businesses, but with over 4000 solutions in the market it’s a continued uphill battle for cyber security professionals to decide what technology, solution, and approach they should deploy to protect their organisations data, reputation, and even their own job.Īs more and more new technologies begin to appear in the ever growing cyber security market by making bold claims to solve this and stop that, Gartner introduced the “Hype Cycle for Security Operations” so that cyber security professionals are able to get a true representation of both the maturity and the adoption of the latest “hype” in the cyber security industry.
