This is part of an ongoing 2021 predictions series. We’ve asked top cyber experts to contribute their insights and expertise to provide a look ahead at what the new year may bring to cybersecurity.
Gorka Sadowski, chief strategy officer, Exabeam:
“Cybersecurity vendors need to be ready for a seismic shift. Clients are tired of buying monolithic SIEM solutions with questionable ROI, based on some vague promise of value down the line. Clients are now demanding an outcome-based approach, where every dollar spent is directly tied to demonstrable high-value insights that are critical to an organization’s security posture. To align with their prospects and current customers, cybersecurity companies, including SIEM vendors like us, must provide clear, concise messaging and use cases on how their solution not only combats these attack vectors -- but is worth the cost.”
Andy Skrei, VP, worldwide sales engineering, Exabeam:
“Analysts will identify major gaps in their threat hunting tools and techniques and move to quickly modernize their security posture. Protecting businesses from security threats on an ongoing basis is essential, but many organizations have continued to use outdated threat hunting procedures that put them at greater risk. The key to steering toward a proactive security posture is to look at tactics, techniques, or procedures, also known as TTPs.
Instead of waiting for an incident to happen and setting off alerts or relying purely on IOCs, TTP monitoring looks for certain behaviors that are telltale signs of an impending attack. TTPs are all about attacker behavior, and the only way to move to a TTP based approach is to leverage analytic capabilities.
In 2021, we’ll see a steep rise in security analysts adopting this approach. By introducing analytics to the equation and pairing them with TTPs, security professionals will be able to filter out those everyday activities. Instead of monitoring for specific risks, analytics watch for changes in patterns, which can help prevent alert fatigue that comes from too many false positives. When a business is aware of the activities happening across its network, it’s better prepared to protect itself against security breaches.”
Steve Moore, chief security strategist, Exabeam:
“To aid in the fight against sophisticated digital adversaries, CISOs will empower their SOC teams to be more open on staffing and technological shortcomings. Analysts are tasked with combing through thousands of security alerts a day, which is exacerbated by the fact that over half of their time is spent on data collection and chasing false positives. Leadership should be concerned that analysts are at a severe risk of becoming overwhelmed and consistently feeling that the odds are stacked against them.
CISOs are ultimately responsible for developing and maturing the security program and reevaluating what tools are missing. With SOCs being distributed in the remote work environment, CISOs must empower their teams to report staffing and technological shortcomings to develop and enhance security programs. When security teams express issues that may be heavily affecting their work, it lessens the burden on the CISO to evaluate from the top down.
A CISO acts as a bridge between the security analysts and stakeholders such as the CFO, CEO and board of directors. By empowering their analysts to be vocal, a CISO can cite personal anecdotes and evidence to the leadership team. This proof can help to expedite approval to purchase and implement new, advanced security controls, such as behavioral analytics, and even hire new personnel, in order to combat risks and lessen burnout. Streamlining communication between the CISO and their security teams will become critical in 2021 in order for enterprises to stand a chance against advanced adversaries and beat the odds.”
Trevor Daughney, VP, product marketing, Exabeam:
“We will see credential-based attacks continue to rise in 2021 and beyond. Unsurprisingly, we know login credentials still carry significant value because of how often they are stolen. Usernames and passwords remain critical to helping us get work done, or pursue personal matters like online shopping, banking or connecting with friends and family. In 2019, billions of credentials were exposed in data breaches. This trend continued in 2020. These stolen credentials fuel the underground economy and enable credential stuffing attacks. People around the world have come to just accept this as a way of life.
We also know that hackers are not concerned with being detected on the network, and will ‘live off the land,’ mimicking typical user activity, because it is extremely difficult for administrators to catch. What complicates matters further is that most organizations don’t have the staff, tools, or bandwidth to detect unusual activities among users. Lateral movement combined with account switching (using a different account when targeting a different host) is even more challenging to sniff out. Organizations across industries can invest in machine learning-based user and entity behavior analytics (UEBA) to ensure that malicious activity by attackers is not overlooked. Further, UEBA can identify when a legitimate user account is exhibiting anomalous behavior, providing greater insights into both compromised and malicious users to SOC analysts.”