ISG Provider Lens™ Cybersecurity - Solutions & Services - Data Leakage/Loss Prevention (DLP) and Data Security - U.S. 2021
Major Trends Witnessed in U.S.
The U.S. is becoming a lucrative target for cyberattacks from a host of threat actors. While some sophisticated attacks have been state-sponsored to undermine the government’s capability in protecting citizen privacy and state intelligence, most of them have used ransomware and malware for ransom payouts. The recent attack on SolarWinds has set a new precedence to formulate and enact stricter cybersecurity regulations and mandates to prevent such events of massive breach and spread across sectors. SolarWinds, an IT firm in the U.S., was the subject of a cyberattack that spread to its clients and went undetected for months, allowing hackers to spy on private companies including cybersecurity firm FireEye and the top strata of the U.S. government such as the Department of Homeland Security and Department of the Treasury.
The recent pipeline hack, on Colonial Pipeline, is another evidence of the lack of security protocols and measures against sophisticated ransomware attacks. Hackers and attackers are unrelenting with their methods and strategies in identifying vulnerabilities that not only create backdoors to critical systems but expose other weaknesses that could exploit connections with a larger ecosystem of channels, partners and customers. These advanced persistent threats require significant improvements in several areas and cannot be addressed by any single solution or platform. Enterprises need to rethink their security strategy with investments directed toward security solutions, including identity management, endpoint protection, and advanced data leakage and protection.
The demand for these solutions has contributed to the growth of service providers that offer advisory, implementation and managed services, leading to strong partnerships with solution vendors. Service providers are realizing that the complex demands of end-user organizations can only be met with best-of-breed technologies creating the need for forging alliances, partnerships and co-innovation among security providers. Investments have been pouring in to build centers of excellence (COEs), intelligence labs, global security operations centers (SOCs), playbooks and frameworks, and these efforts emphasize the need for a collaborative approach to successfully mitigate advanced threats as well as prevent the spread across the ecosystem. End-user organizations and security providers are leveraging standardized approaches from trusted agencies including National Institute of Science and Technology (NIST), MITRE and several regional and country agencies. They have begun active collaborations with each other and with the vendor ecosystem. These initiatives and investments have resulted in strong growth for security solutions and services, especially for providers with a robust portfolio and distinctive competitive capabilities.
Cloud Security, Zero Trust Architecture and Treat Intelligence Gaining Traction
The growing sophistication from attackers as well as threat actors have necessitated the formulation of new strategies to reduce intrusion, with the need to authenticate and verify even trusted sources. According to the approaches from National Institute of Science and Technology (NIST), zero-trust architecture is a cybersecurity plan that utilizes zero-trust concepts and encompasses component relationships, workflow planning and access policies. Organizations across the U.S. are realizing that a “trust but verify” approach should become the de facto policy to better secure against internal and external threats, especially in scenarios with complex and advanced persistent threats looming. Security service providers and solution vendors are increasingly leveraging this architecture as a foundational element for providing secure access to enterprise applications and services.
In addition, the growth of data within businesses and the ability to identify risk posture from this data has been spurring the interest for advanced threat intelligence. Organizations are no longer relying on reactive measures but demand a proactive, preventive stance to protect their data assets against treats and attackers. Enterprises that heavily invested in intellectual property (IP), patents, critical systems in healthcare, financial services and utilities are ramping efforts to isolate and deflect cyberattacks with error-free security measures. Real-time threat detection, enhanced visibility across the network and improved behavioral analysis of threat actors are being combined to provide advanced threat intelligence. This will further bolster the preparedness and awareness among enterprises and users to thwart cyberattacks.
Aggressive Initiatives from Federal Agencies
Based on the recent targeted attacks on U.S. enterprises, the Biden administration issued its "Executive Order on Improving the Nation’s Cybersecurity" that prioritizes cloud and zero-trust security architectures, as well as prompting a reassessment of the U.S. federal government’s cybersecurity policy. The new administration's comprehensive cybersecurity directive mandates new practices, workflows, architectures and deadlines. It further calls for "bold changes and significant investments" for government IT and operational technology (OT).
The U.S. Cyber Command and the National Security Agency works with the U.S. government, private industry, academia and international partners to achieve and maintain cyberspace superiority. This will be achieved by building resilience at home, implementing proactive defense strategies, and contesting adversaries' campaigns and objectives. These partnerships and collaborations will make it increasingly difficult for adversaries to operate. Furthermore, the Department of Homeland Security has decided to regulate cybersecurity in the pipeline industry. Such key infrastructure companies are expected to report cyber incidents to the federal government.
The success of these programs is based on the development of extensive new partnerships between public and private sector organizations.
Identity and Access Management Software Market Trends
Identity and access management (IAM) has taken centerstage across enterprise initiatives and investments, with the realization that secured access and authentication will be the foundational step for protecting their information and technology assets. With the increase in digital and cloud-enabled environments, CISOs and IT teams should ensure seamless management of increased identities that humans and machines require for supporting the digital ecosystem. Although password management has predominantly been the scope of the IAM, the evolution of technology and solutions have extended the capabilities to include advanced features and functionalities. Solution vendors are offering different flavors of IAM, with a focus on identity management, identity governance and administration (IGA), identity lifecycle management (ILM), privileged access management (PAM), customer IAM and access directory among other areas.
Customers are witnessing several benefits with cloud-based IAM. The service provides a single sign-on (SSO) to software-as-a-service (SaaS) solutions such as Microsoft 365, Google G-Suite, Salesforce and other SaaS-based enterprise resource planning (ERP) and human capital management (HCM) options. Cloud-based federated SSO provides secure identification for authorized data access in one place while serving as a proxy to all other applications. IAM solutions can eliminate the sprawl of privacy data to multiple applications and thereby reduce the risk of data breaches.
Data Loss Prevention Software Market Trends
Most enterprises consider data loss prevention (DLP) as an essential element of their data protection programs. A comprehensive DLP solution provides complete visibility into all data on the network whether the data is in motion, at rest or in use. DLP offers another venue to identity and comply with relevant data regulations such as HIPAA, GDPR and PCI-DSS. The ITAR is a U.S. DLP regulatory compliance that restricts and controls the exporting of technologies associated with defense and military. With such regulatory restrictions becoming stricter and severe with substantially higher fines for non-compliance in the event of breaches, DLP has earned a place at the top of the list in data protection investments from executives. GDPR non-compliance can cost a company up to 4 percent of global revenue, making data loss much more expensive than breach notifications and recovery.
These enhancements offer capabilities to detect and respond data exfiltration, irrespective of whether the actions were intentional or accidental. The infusion of artificial intelligence (AI) and machine learning (ML) technologies have given rise to the much-needed context, delivering on context-aware management to address previously undetectable leakages. This is also exacerbated due to the increased need to shift enterprise focus beyond the traditional perimeter, requiring visibility and context of the data as well as the user. The increased perimeter also means that the DLP functionality has been enhanced to cover newer use cases, including endpoint devices, storage, network devices, virtual systems and cloud environments.
Advanced Endpoint Threat Protection, Detection and Response Trends
Endpoint protection has gained even more critical importance with mobile devices, laptops, Internet of Things (IoT) gaining pervasiveness in today’s business environment. Endpoint security solutions have evolved over the last three to five years, shifting away from limited antivirus software into a more advanced, comprehensive defense. This includes next-generation antivirus, threat detection, investigation, response, device management, DLP, and other considerations to face evolving threats. Endpoint security is available on-premises (client server) as well as cloud-based (SaaS) options and in some cases as a hybrid model. Vendors are offering endpoint protection platforms (EPP) that can be deployed on the endpoint to protect against file-based, fileless and other types of malware through prevention, investigation and remediation capabilities. There are other vendors offerings systems that integrate EPP systems with endpoint detection and response (EDR) platforms to focus on threat detection, response and unified monitoring.
Technical Security Services Trends
The U.S. market is fragmented with hundreds of security providers that offer services for integration, system stress-testing and training. However, most of them do not have the adequate expertise or delivery capacity for enterprise-level engagements.
Many security solutions and technical security service providers compete in the U.S. market, covering all aspects of IT and business. These providers should determine how best to integrate all these vendor solutions with customer systems and business processes.
Several service providers are offering technical security services, including attack-surface reduction, digital identity management, cloud/infrastructure security, data security and others. Providers with a digital portfolio are adding advanced analytics capability and automated intelligence to provide security for application, cloud, digital identity, risk and threat operations services. Several others are pursuing platforms that are data-driven, AI-powered and digital to combine human intelligence with applied intelligence and digital technologies to drive intelligent operations. They are also investing in cutting-edge technologies, such as security and cloud automation, AI and analytics, and data and threat intelligence, in addition to enhancing their know-how of security products in order to recommend the best security products with protection and security supervision capabilities.
Strategic Security Services Trends
The market dynamics surrounding the advisory and consulting security services in the U.S. is driven by the technical and managed services capability of service providers. Traditionally, pure-play advisory and consulting firms with a specialization in security have gained foothold in the market. However, enterprises are no longer depending on powerhouses, including the Big Four consulting firms, but are scouting for service providers that can help them shift from consulting to actual implementation and management of their environment.
Enterprises expect consulting firms to advise on specific cyber risks and to benchmark clients against their peers. Strategic service providers are building knowledge centers and experience centers for employee training and skill enhancements. The aim of these centers is to learn from the experiences and implement unique cases with a set of pre-deployed and integrated industry tools. Extended team members, including those from managed and technical services, are expected to leverage these new use cases for training and upskilling themselves.
Several service providers are relying on the strength of their advisory capabilities to engage with customers on an outcome-focused approach with clear maturity milestones and outcomes that are to be delivered at each stage. Service providers are expanding their global presence, allowing for a wide range of competences as well as a deep understanding of threat actors’ tactics, techniques and procedures (TTPs). They apply this knowledge to get a holistic view of the entire supply chain and clients’ security architecture.
Managed Security Services Trends
Managed security services are evolving from traditional monitor-and-react models to a more proactive one that includes both defensive and offensive capabilities. As advancements and sophistication have increased from both the protection and attack fronts, it has become increasingly difficult for organizations to handle these complexities on their own. Moreover, as several organizations are working remotely with a distributed workforce, the situation demands for more efficient security services.
New security services are critical as configurations change how day-to-day business is conducted across all permutations of LAN, WAN, the cloud and the web. Many applications that were traditionally in-house and on-premises are now hosted, managed or used as a service. Portfolio offerings such as managed (digital) identity (IDaaS), threat hunting, counterintelligence and cloud security for private, public and hybrid designs are increasingly available. Bundled service packages are now common add-ons; for example, managed detection and response (MDR), EDR and security and compliance packages or generalized security hygiene packages. Specialized security operations center services exist for industries such as automotive or financial services, as well as for other areas such as operational technologies and connected devices (IoT, IIoT and ICS/SCADA).
Access to the full report requires a subscription to ISG Research. Please contact us for subscription inquiries.