For what seemed like the first time in a long time, cybersecurity industry professionals from around the world recently got together at two leading events on opposite sides of the U.S.: RSA Conference 2022 in San Francisco and the Gartner Security & Risk Management Summit 2022 in National Harbor.
To recap the major themes and observations from these events, Erin McLean, our Chief Marketing Officer, caught up with three eSentire experts who were right in the mix:
- Tia Hopkins, Field CTO & Chief Cyber Risk Strategist
- Greg Crowley, CISO
- Mark Gillett, VP of Product Management
So, how is the cybersecurity market shifting and more importantly, how are cybersecurity leaders and practitioners adapting? Here’s what our eSentire experts had to say about key takeaways from both events:
Takeaway #1: Outcomes are driving the conversations
Compared to years past, when the questions were focused more on features and technologies, the conversations at RSA this year were much more centered on achieving meaningful outcomes like reducing cyber risk and gaining 24/7 eyes on glass visibility across the entire IT environment. In fact, when specific tools and technologies were discussed, it was in the context of driving business benefits—so less of the “what?” and “how?” and more of the “why?” and “so what?”
Perhaps the most common specific outcome cybersecurity leaders are looking for is to strengthen cloud security. Increasingly, IT and cybersecurity leaders recognize that traditional cybersecurity measures just aren’t well-suited to the cloud because their visibility is limited, and they lack the controls needed to safeguard against today’s advanced threats.
With most businesses several years into their cloud migration programs—and learning the hard way that some previously held beliefs are actually misconceptions—we expect cloud security capabilities to be a major topic for the rest of the year.
Takeaway #2: Cyber risk management is increasingly a board-level issue
The CISO role is relatively new—both to the individuals who wear the hat and to the organizations they’re a part of. To that end, many of the discussions at the Gartner Security & Risk Management Summit were around the expectations of the role and how to make the organization successful. For example, there’s still a misconception that the CISO position is very hands-on and tactical, rather than one focused on executive-level strategic leadership.
Business outcome-based cybersecurity conversations are making their way into executive boardrooms with increasing frequency and urgency. This should be unsurprising considering more and more IT/Security professionals are looking to direct finite funds in the most effective manner while keeping the executive leadership and board team in the loop.
As a result, these “cyber-savvy boards” are beginning to discuss topics like cyber risk appetite, cyber risk tolerance, cyber risk quantification, and the risk-based approach to cybersecurity with increasing frequency.
Takeaway #3: Questions abound—particularly around MDR and XDR
Surprisingly, the concept of Managed Detection and Response (MDR) remains poorly understood by many organizations. On more than one occasion, our team was asked to explain how we deliver 24/7 detection and response capabilities.
What’s perhaps more shocking is how many security leaders only staffed their cybersecurity teams during businesses hours, as if adversaries need more than a few hours to significantly disrupt a business or are polite enough to only attack businesses on Monday to Friday, between 9am - 6pm.
Fortunately, once the concept of MDR was clarified, the questions shifted to more practical issues such as, “Can you work with my existing controls?” and “How do you work with my security team?”
In addition to confusion around MDR, there was also a lot of confusion over Extended Detection and Response (XDR). In this scenario, cybersecurity leaders and practitioners were most eager to learn:
- How is your XDR platform different?
- Do I need to supply my own?
- What can you see?
- What tools do you have and is your XDR “open”?
These questions demonstrate that decision makers are finding it hard to distinguish between true XDR solutions and those that are taking liberties with the label.
Understandably, another frequent question also arose: “How are XDR and MDR different?” This only speaks to confusion in the cybersecurity marketplace. Although the abbreviations are similar enough, MDR and XDR aren’t the same thing. As we mentioned in our XDR: The Secret to Highly Effective Managed Detection and Response (MDR) Services eBook, the distinction is quite clear:
MDR is a comprehensive service offering that’s built upon this technology foundation, but it also includes access to human experts, taking intuitive, manual actions to respond & remediate threats, and optimize security operations, when an automated action is not possible.
XDR is a technological approach that enables high-fidelity detection, faster and more accurate investigations and automated responses.
Wrapping Up
Cybersecurity is hard, and it’s only getting harder as threats evolve and adversaries become more sophisticated at the same time as IT environments grow vastly more expansive and digital transformation continues.
After all, it’s a challenge even for cybersecurity experts to choose and implement the technologies needed to manage cyber risk.
Fortunately, one thing Tia, Greg, and Mark all agreed on was that the conversations are maturing:
And perhaps most importantly, security leaders are thinking more about outcomes and less about specific tools, demonstrating a recognition that cybersecurity isn’t an IT problem to solve, but a business risk to manage.
To learn how eSentire can help put your business ahead of disruption and build a robust security operation, book a meeting with one of our cybersecurity specialists now.
