BlogCrowdStrikeAristaCybersecurity Risk & StrategySecurity Transformation
Blog6 minute read

2022 Gartner Security & Risk Management Summit Recap

WWT's Chris Konrad and Kent Noyes provide their key takeaways and notable insights from Gartner's annual Security & Risk Management Summit.

In this blog

After a long wait, it was great to be back in person at the annual Gartner Security & Risk Management Summit held this year at beautiful National Harbor just outside of our nation's capital. There were over 150 sessions with 281 speakers full of the latest Gartner research specifically designed to help security and risk management leaders meet the demands of the future. Each track had a particular area of focus to help deliver on what matters most to you and your organization. A whopping 224 exhibitors were represented in the showroom, and it was really good to see them LIVE!

Things got off to a hot start with a keynote that focused on mapping the evolution of the cybersecurity leader over the next 10 years and the importance of AI, which is interesting as WWT has developed a very innovative approach to AI Model Security. The presentation was entertaining while occasionally diving deep to touch on very technical topics such as homomorphic encryption.

A common theme for the event seemed to be focused on integrating, orchestrating and automating.

It was stated that digital acceleration is rewriting CEO and board of directors' priorities, which is in line with what we are seeing in our business. We'll add security transformation is right there too.  

Really interesting trends and priorities dominated the afternoon, highlighted by Crowdstrike taking the house down on the topic of e-crime and some very alarming stats from these adversaries.

Jay Heiser, a well-known VP analyst at Gartner, walked us through Gartner's perspective on the leadership vision for security and risk management. One concept he stressed, consistent with the theme of reframing, is an evolving definition of the responsibilities of a security risk manager. This responsibility is starting to be more distributed into the lines of business while maintaining central guidelines and governance. This is the only path to keep pace with exponential growth in attacker sophistication and speed.

Our day two keynote was delivered by former CIA Director and Senior National Security and Intelligence Analyst John Brennan. Serving six successive U.S. presidents, Brennan was deeply involved in the decision-making for an array of complex international issues. He really doubled down on the importance of public and private cooperation and the investments the government has made in places like the Cybersecurity Infrastructure Security Agency (CISA) under the direction of Jen Easterly.  

Day two was filled with innovative strategy sessions and interesting product demos on the showroom floor from innovative cyber companies such as NoName and established veterans like Arista.  

We also heard a lot about transforming security buying—a topic that is near and dear to our hearts as we see so many organizations with so many tools, but nothing optimized. Remember the theme we mentioned about integrating, orchestrating and automating?  

One major takeaway is the emphasis on formalizing incident response plans and practicing them. We could not agree more. With the explosion of ransomware and nation-state attacks, and the speed and scale at which these adversaries move, this focus is much needed.

Gartner Distinguished VP Analyst Leigh McMullen provided a passionate glimpse forward with a session on the top eight predictions for the next three years. Here are three predictions we found particularly interesting:

  • 80 percent of enterprises will unify web and cloud services from a single SSE platform.
  • 60 percent of organizations will use cyber risk as a primary determinant in conducting third-party transactions and business engagements.
  • 70 percent of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather threats, civil unrest and political instabilities.

The ongoing theme of solution consolidation and simplification was emphasized in an Endpoint Security Outlook segment that also stressed a swing back toward and emphasis on protection as opposed to the last several years of extreme focus on detection and response. Security orchestration, automation and response (SOAR), extended detection and response (XDR) and challenges with a steadily increasing volume of non-windows endpoints were also topics covered in this session.

In another great session conducted by Jay Heiser, some of the top security trends were explained along with the challenges that drive them. Some of these included digital supply chain risk, identity threat detection/response, and a concept called "beyond awareness" that requires building upon traditional awareness training and moving toward a complete strategic shift in culture.

Day three, and the last day for us, started with a keynote address by world-famous, best-selling author Maria Konnikova. She was brilliant as she told her story and spoke about a range of subjects involving decision making, creativity, learning, and the psychology behind everyday life challenges and applying that to cyber security.  

Gartner legend Paul Proctor gave us 10 key security metrics and just as many you should not be using. But one that stood out to us was the metric for ransomware readiness and third-party blind risk.  

Three emerging security and risk technology areas were highlighted: zero trust, cloud-native security and securing increasingly expanding attack surfaces.

Gartner stated that 80 percent of organizations cannot trace attackers across systems in a single console. This is where the value of XDR comes in with its accelerated response, easy integration and lower maintenance. But just be aware that XDR is still new and thriving in incident response use cases only.  

Also on Day three, Gartner held a fascinating panel session, run by two distinguished analysts along with two respected public sector cyber leaders, titled "The Future of War is Cyberwarfare: We're all on the Battlefield." In a tight 30-minute window, they explored the collaboration of public and private cyber entities, appropriate levels of cyber info sharing, and the legality of private sector defensive and offensive tactics.

The highlight was the session on the outlook for operational resilience, which really emphasized the challenges of building a resilient organization, including using right terminology, scoping, commitment of organizational rigidity and business operations limitations. The importance of business impact analysis, exercising, technology to use and metrics were also discussed. The speaker really emphasized that resilience must be deliberately designed.  

For fun, here are some notable quotables:  

  • Hackers think in graphs not in lists, but professionals think in lists
  • Friction creates awesome
  • We are NOT 10 years away from cyber terrorism becoming real; we are already at cyber war
  • Take a strategic approach and look for products that can strengthen each other instead of products that will stretch out your capabilities too far

 Summary  

As we have said for years, cyber has changed a lot over the decades, but much has remained the same. We still have a patching problem, visibility problem, availability concerns, too many tools, and the cyber landscape is changing daily. It's still a team sport that requires everyone participating, from digital citizens to private employers, to our federal government. For the first time in our lifetimes, we think the broader community recognizes this and is responding in a positive manner.  

Technologies