In this blog

Following a two year absence, InfoSecurity Europe, the UK's premier cybersecurity trade show, is back! To say we were bursting with excitement to get onto the exhibition floor is an understatement, and no rail strike was going to stop us. 

Arriving at Prince Regents station was a site to behold! There was only one brand to be seen as we walked across the platform – WWT had achieved station domination! Seeing this level of presence form WWT was something to be proud of, and seeing people scan the links to articles was very fulfilling. WWT covered key themes such as SASE (secure access service edge), observability, zero trust, XDR (extended detection and response) and cyber resilience and acted as a perfect introduction for what was to come.

Cloud and cybersecurity tooling

The main theme for of the event appeared to be the maturity of "the cloud" for the delivery of cybersecurity tooling. Gone are the days when security tools must be on site, and even toolsets that were traditionally associated with being only on premises in the past, like NAC (network access control; Portnox, for example), are now available as SaaS (software-as-a-service) offerings. 

The main drivers are speed to value and removing the need for user organizations to provide staff to actually run the tools. Two hyperscalers (Google Cloud and Azure) were present showcasing their security offerings, and in particular their SIEM (security information and event management) and SOAR (security orchestration automation and response) capabilities – Chronicle/Siemplify and Sentinel, respectively. Google was also showcasing its $50-million investment in Cyberreason; tying this to Chronicle and Siemplify would signal their move into the XDR market.

Vendor consolidation

There has been a lot of talking at recent events like the Gartner and RSA conferences about vendor consolidation and customers wanting to rationalize their supplier base from, say, 45-70 vendors now to 15 security vendors. We continued to see the major players in the market expanding out from their existing offerings to either organically or inorganically expand into other markets. 

Securonix has segued from IDAM (identity and access management) into SIEM and SOAR through organic development of their product set (and making a very good job of it), while Google has made acquisitions and investments in order to expand its offerings (Siemplify, Cyberreason and Mandiant). 

Talking to an ex-colleague, he predicted in five to 10 years' time, we'd be looking at a handful of mega-vendors that provide a coherent and integrated platform play in the security tooling space. For my money this would be Microsoft, Google, Palo Alto Networks and Fortinet.

Operational technology protection

Keeping with the theme of partner consolidation, expect to see the continuing emergence of operational technology (OT) protection over the next year. Importantly, however, organizations will be looking for consolidation of this within an internet of things (IoT) strategy. Where organizations have looked to address NAC over the last few years, OT has been slow to follow and now poses a critical security risk. Organizations such as Armis look well-equipped to deal with this.

Conversely, we're seeing more niche players making alliances to create ecosystems of integrations via APIs (application programming interface) – both Beyond Identity's passwordless authentication and AppGate's ZTNA offering are capable of connecting to endpoint protection players like CrowdStrike to gain posture information to better inform the decisions made by their products.

Email security

The important attack path into an organization is its email system for phishing, spear phishing and BEC (business email compromise) based attacks. For too long email security has, in my opinion, been neglected. We had the pleasure of a demo and overview of Abnormal Security. This is getting rave reviews from industry players, and we can see why. If email is a major threat vector, then it has been missing "proper" security for some time. The Abnormal product is SaaS based and uses Natural Language Processing to analyze emails' content and "web of trust" information (whom do you normally communicate with) to determine whether a message is benign or malicious. This provides particularly useful protection for the BEC use case, where Abnormal, as part of one proof of concept, has picked up that an email requesting payment of a $1.25 million is malicious even when the finance team have said that it is legitimate!

Another area which looks set for vigorous transformation is threat management. The Exabeam stand was a hive of activity and for good reason as they look set to shake up the SIEM market as well as EUBA (user and entity behavior analytics). Equally, Crowdstrike were as prominent as ever and while EDR (endpoint detection and response) remains their stronghold, diversification into cloud protection and the ability to greatly compress syslog feeds into the SIEM via their Humio acquisition look set to add to the evolution of this space.

Stay in the know

If you're looking for a way to stay informed about what matters to you and your organization, follow our Security Transformation page.