Disclaimer: Opinions expressed are solely my own and do not express the views or opinions of my employer or any other entities with which I am affiliated.
I’m taking some time off this holiday to recharge. A lot of exciting things happened this year, including the incredible growth in the number of people subscribing to my blog! It’s what keeps me writing. Anyway, I'm doing an end-of-year sale for those who have been looking for an excuse to support me! You get 50% off an annual subscription.
This repost feels relevant as I prepare to publish my predictions for 2025. It seems that things are trending based on what I predicted, and of course, nothing in cybersecurity happens as fast as I would like.
It does seem a bit too late for cybersecurity predictions for 2024 but late is better than never. However, it is somewhat apt given recent announcements from security companies about their strategy going forward. I did something similar last year, and it seems that some of the predictions will likely continue to apply and/or become accelerated, so that’s worth checking out first.
My overarching theme for last year was that there will be a greater push for efficiency. I believe this will continue, but it’ll be more well-defined. I mean that companies will start figuring out specific and sophisticated strategies to be more efficient in their cybersecurity practices.
Cybersecurity companies will focus on platforms, leading to acquisitions and consolidations
Historically, there’s been a trend in security to focus on best-of-breed tooling, and that’s led to a crowded market with various solutions advertising themselves as the “best” in some dimension. This has resulted in many point solutions. Although these solutions might be good, companies are realizing that they are creating more problems. Although they might be good at detecting attacks, they make remediation harder and slower. This is the realization that Nikesh Arora, CEO of Palo Alto Networks, had and described in this LinkedIn post. Here’s a snippet of it:
Near time resolution is hard for customers with many products stitched together and who are constantly looking to hire security talent, on the other hand - attackers will use AI to analyze the attack path they should take and analyze every vulnerability that our customers have, so we really can't avail of the luxury of time. There is a growing mismatch between speed of an attack and the speed of resolution. […]
What if you have one management and policy pane, one in-line device and one way of deploying this solution and AI constantly validating your configuration - and it had all those features in one product and not just that - all those features were "individually the best of breed in the magic quadrant "? - With stitched data, you remediate faster!!
Palo Alto Networks has led security companies in the public markets, so I can see many companies following this strategy. It also justifies the numerous acquisitions and convinces customers to consolidate vendors, which allows for better operational efficiency. Companies don’t have to spend all their time both managing and procuring vendors, but instead, it allows them to focus on security. I’m a bit skeptical that the best-of-breed can exist all on one platform, but I don’t think that’s necessary to have a great platform. Either way, I believe this trend will allow for better security efficiency in the future.
Cybersecurity will do more building and software engineering
I’m starting to see a lot more of the posts like the one below. There’s an evolution of security away from operations to more engineering-like efficiency that scales.
Security will move away from buying tools and solutions and assume they will solve problems out of the box. I don’t believe products solve most security problems, but they are a “tool” to help solve a problem. With the influx of tools on the market, the attitude has overrotated to “just buy this tool” and assume it’ll solve a problem. Cybersecurity will go back into actually building solutions that will scale. If anything, it will be done out of necessity, which is related to the next prediction.
Cybersecurity will need to adopt reasonable metrics
I talked about this in my previous post: security is starting to embrace data. I do think it’s starting to be a necessity because security has operated too often on just FUD alone.
My past prediction in 2023 is that cybersecurity budgets will stay the same or decrease. I believe that will continue to happen. However, cybersecurity will be able to secure more funding if it’s able to justify it through the use of reasonable metrics. More specifically, if they can show that resourcing specific projects will lead to a meaningful change in metrics that are aligned with the executive team. As security leaders try this, they will find this to be effective and will work closely with data teams like most other parts of the business. I talk about why this shift is positive and will empower security in the newsletter above.
We will see an increase in high-profile attacks/breaches
As stated in the first prediction, attackers are becoming smarter and more efficient. Unfortunately, security organizations are being forced to change in a time like this. Companies are becoming more efficient with technology changes, and security teams are figuring out how to do more with less. Unfortunately, these changes introduce windows of risk and opportunities for attackers. Attackers, in many ways, have become better at figuring out how to measure time to value, and ransomware attacks fit that “sweet spot.” I won’t be surprised to see attacks focused on legacy systems. Security will have to find a way to be efficient and manage changing risks. That’s going to be a hard feat!
Cybersecurity will finally figure out how to use AI effectively
Initially, the cybersecurity community was split when ChatGPT came out. In my opinion, we spent too much time debating the risks of AI and trying to limit its capabilities rather than embracing it and figuring out how to get it to work for us.
It’s become clearer that AI is going to stay around and be a fixture of our technology stack. Security shouldn’t spend effort to limit but find ways to embrace it. Currently, most of the AI applications for security have been around making the SOC more efficient because it tends to be an operationally heavy part of most security organizations. It’s also a place where context can lead to faster resolution and make analysts more efficient. As many people know, I’m not sure of the exact problem that’s being solved here, but as more functions outside of security adopt AI, security will start to notice patterns that will work for them. This might lead to new security products, or it might just be making current AI products work for security. It’s already starting to make progress in other fields, and the pace of use case creation and adoption is outstanding. Security will figure it out this year, and it’ll surprise no one that they will be one of the latest adopters.
Takeaway
The theme still seems to be efficiency this year, but it’s the year that security “figures it out.” Rather than talking about strategy, security has found the right projects and tactics to dedicate resources. Blank checks in security are gone, and security will be forced to be more disciplined. It might lead to some mistakes and mishaps, but overall, we’ll see positive change in the industry and less exhausted security leaders.