During this time, security technology vendors have responded to these problems with many technical solutions such as next-generation SIEM systems, SOAR, XDR, and UEBA, however these problems persist, leading to market volatility and chaos.
Recently, Cisco acquired Splunk, Exabeam merged with LogRhythm, and IBM and Palo Alto Networks partnered to migrate QRadar cloud customers to XSIAM. Some sellers are in deep trouble, looking for a way out, and are probably far from the end of the line.
All this predicts major changes in security operations. To be clear, I’m not talking about incremental product tweaks or performance gaps addressed by manufacturing AI. I’m talking about significant structural changes.
Large organizations must transition to an architectural security approach
In the next few years, large organizations must shift from a product focus to an architecture approach to security operations. To be clear, no vendor will deliver the entire enchilada. Therefore, CISOs should focus their teams on structural components, such as those listed below:
Cloud scale
Unless you’re Amazon, Google, or Microsoft, you won’t have the networking, networking, or storage capacity to handle the operational needs of security. This means that organizations with on-premises systems must plan for cloud migration as quickly as possible. Note that I am not talking about “lift and shift.” Instead security operating systems should be built on modern cloud-native technologies such as containers, serverless operations, infrastructure as code, and APIs, which can scale continuously over the next few years.
All things data
There’s a lot to take away from here. First, the idea of moving all data to one place is completely outdated due to the volume of data and its constant change. Future security operations must conform to the integrated data model.
Source link