Tag: cybersecurity

Cyber Resiliency Strategy: Key Themes and Pricing Trends for 2023 | Webinar

on-demand Webinar

Cyber Resiliency Strategy: Key Themes and Pricing Trends for 2023

Gone are the days when cybersecurity was solely the concern of IT departments. Today, the C-suite recognizes the criticality of cyber resiliency programs, which prioritize comprehensive threat advisory, holistic monitoring, and swift response mechanisms.

In this webinar, our experts will explain the differences in cyber resiliency and cybersecurity, outline key enterprise investment themes for cyber resiliency, explore opportunities and associated challenges for service providers, and cover the pricing and solution themes underlying the cybersecurity and cyber resiliency market.

What questions will the webinar answer for the participants?

  • What is cyber resiliency, and what is the enterprise adoption roadmap?
  • Why are service providers so gung-ho about cyber resiliency?
  • How should a cyber resiliency deal be structured commercially? 

Who should attend?

  • CIOs, CISOs, CTOs, and CDOs
  • IT and BPO department heads
  • Sourcing leaders
  • Strategy leaders
  • GBS leaders managing IT and BPO outsourcing contracts
  • Security product heads
  • Cybersecurity offering leads
  • Cybersecurity service line heads
Kumar Avijit Light Grey
Practice Director
Shukla Vinamra
Practice Director
Sundrani Ricky

Generative AI Heralds a New Era in Cybersecurity | Blog

In today’s ever-evolving threat landscape, generative Artificial Intelligence (GAI) is becoming an increasingly popular technology tool to defend against sophisticated cyberattacks. Read on to learn about the latest investments in GAI-powered security products, the potential benefits and drawbacks, and the ramifications for the cybersecurity workforce and industry. 

Learn about the latest pricing trends in cyber security in our webinar, Cyber Resiliency Strategy: Key Themes and Pricing Trends for 2023.

GAI has grabbed worldwide interest with its ability to create unique and realistic images, text, audio, code, simulations, and videos that previously were not thought to be possible. Lately, GAI has been applied in many industries, such as the creative arts, healthcare, entertainment, and advertising. Let’s explore the latest cybersecurity industry trends and how GAI can help security teams stay one step ahead of the latest threats.

Cybersecurity vendors are leaving no stone unturned to deliver the power of GAI

In recent years, advanced Artificial Intelligence (AI)- and Machine Learning (ML)-based technologies have been rapidly adopted across the cyber industry, providing intelligent automation capabilities and also augmenting human talent.

The vast use cases of AI/ML in cybersecurity include proactive threat detection, prevention, intelligence, user and entity behavior analytics (UEBA), anomaly detection, vulnerability management, automated incident investigation and response, and more.

With the release of ChatGPT (GPT-3.5/GPT-4), DALL-E, Midjourney AI, Stable Diffusion, and other developments, the hype around GAI is accelerating faster than ever, and vendors are racing to harness its power to develop new products and solutions leveraging this technology.

Key GAI vendor announcements

Picture1 5

Here are some examples of suppliers adopting GAI technology in the past four months alone:

  • SlashNext launched Generative HumanAI, an email security product aimed at combating business email compromise (BEC), in February
  • Microsoft introduced Security Copilot, a solution to help security professionals identify and respond to potential threats using OpenAI’s GPT-4 GAI and Microsoft’s proprietary security-specific model, in March
  • Flashpoint expanded its partnership with Google, incorporating GAI into its intelligence solutions for improved threat detection in April
  • Among other announcements last month, Recorded Future integrated OpenAI’s GPT model into its AI, Cohesity integrated with Microsoft’s Azure OpenAI for anomaly detection, and Veracode developed a tool utilizing GAI to address security code flaws

Generative AI captured massive attention at RSAC

At the recently concluded RSA Conference 2023 in San Francisco, GAI was a fascinating theme that was widely discussed and showcased in many innovative security products. These include SentinelOne’s announcement of Purple AI, which will leverage GAI and reinforcement learning capabilities to not just detect and thwart attacks but also autonomously remediate them.

Also at the event, Google Cloud launched its Security AI Workbench powered by a security-specific large language model (LLM), Sec-PaLM, aimed at addressing the top three security challenges – threat overload, toilsome tools, and the talent gap. The offering incorporates VirusTotal Code Insight and Mandiant Breach Analytics for Chronicle to augment efforts to analyze incidents and detect and respond to threats.

Foreseeable advantages stemming from GAI in the cybersecurity world

The advantages of using GAI for this industry can include:

  • Enhancing threat and vulnerability detection, response, and automated remediation

Its ability to analyze enormous amounts of data and insights from multiple sources enables GAI to detect malicious or anomalous patterns that otherwise might go unnoticed. This can lower alert fatigue and improve the mean time to detect or discover (MTTD), mean time to restore (MTTR), and threat coverage, and enhance overall risk management strategies while reducing total security operations costs. GAI can be employed for machine-speed triaging, predictive remediation, and automated response and action for low-risk incidents. Other potential applications are leveraging the technology to detect malicious URLs and websites and AI-powered phishing campaigns run against enterprises. Furthermore, it can be utilized in Infrastructure as a Code (IaaS) security for detecting and hardenings flaws and for auto-remediation of security misconfigurations and vulnerabilities in applications.

  • Bridging the cybersecurity talent gap

The cybersecurity skills shortage is widely recognized, with enterprises finding it daunting to hire and retain talent to effectively run internal programs. More than 3.4 million skilled cybersecurity professionals are currently required globally, according to the 2022 (ISC)² Cybersecurity Workforce Study.

GAI can create phishing/cyberattacks and stimulate threat environments or security awareness programs to test security professionals’ skills and knowledge, accelerating the learning curve and quickly upskilling and reskilling employees. The technology also can be applied to generate automated workflows, playbooks, use cases, and runbooks for enhanced security delivery capabilities.

  • Powering virtual assistance, enhanced collaboration, and knowledge sharing

GAI can lessen the burden on analysts of mundane tasks by analyzing, visualizing, and summarizing complex security data into comprehensive reports and charts that previously were created manually. GAI also can help build robust assistants for coding, chat, security, or investigation. It potentially can facilitate effective communication, and serve as a centralized knowledge repository, making it easy to share and manage data from one place. This can help enterprises augment knowledge management and foster a culture of continuous learning and engagement.

Watch out for offensive capabilities of GAI in cybersecurity

Major companies, including Apple, Samsung, Amazon, Accenture, Goldman Sachs, and Verizon, have either banned or restricted employees’ use of GAI-powered utilities to safeguard data confidentiality. Data breaches are a primary risk associated with GAI. Models use massive data sets for learning, and that data could contain enterprises’ sensitive information including Personal Identifiable Information (PII) and financial data. If carelessly handled, it could lead to unauthorized access, unintended disclosure, misuse, and even IP or copyright infringement. GAI also exposes enterprises to regulatory compliance risks, especially those subject to strict data protection laws like the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA), etc.

The use of GAI for malicious practices in social engineering, spear phishing, and other scams has been on the uptick. Another potential offensive aspect is that GAI can be employed to create advanced malware strains capable of evading signature-based detection measures.

Malicious actors could use GAI to create sophisticated exploits and other invasive codes to bypass security systems and exploit vulnerabilities in touchpoints. Considering its power to generate new content, brute-force attacks for password theft can be easily facilitated via GAI.

In addition, hackers can utilize deepfake technology to impersonate individuals, leading to identity theft, financial fraud, and the proliferation of misinformation. The efficiency and accuracy of an ML-based security system can be sabotaged if a hacker automates the creation of false positives, wasting analysts’ time and resources while ignoring the real threat.

GAI – A boon or bane?

In the words of Abraham Lincoln, “The best way to predict the future is to create it.” GAI is doing just that. The heavy investments in GAI are a double-edged sword. While the technology can strengthen enterprises’ cyber shield arsenal, adversaries can use it to thwart their defensive attempts. GAI is here to stay and its adoption will accelerate even with security threats, making it pressing for cyber leaders to quickly determine their response and adoption strategies.

Cyber leaders may find a path to expand their roles and become protectors of enterprises by actively taking actions to address GAI’s use. These proactive initiatives can include robust data loss prevention and governance; usage guidelines, policies, and frameworks; workforce education; thorough vulnerability and risk assessments; comprehensive identity and access management; and incident detection and response plans.

Everest Group will continue to follow this growth area. To discuss cybersecurity industry trends, please contact Prabhjyot Kaur and Kumar Avijit.

Continue learning about cybersecurity industry trends in the blog, Now is the Time to Protect Operational Technology Systems from Cyber Risks.

Computer in Russia Breached Metro System amid Security Concerns, Report Says | In the News

A personal computer in Russia was used to breach Metro’s computer network this year after the transit agency repeatedly was warned that cybersecurity deficiencies left its systems open to information theft and national security threats, according to a report released Wednesday.

Nitish Mittal, Partner at Everest Group, said continuing to maintain ties with Russia, after it invaded Ukraine, presented reputational and security risks after the war began, noting that it was relatively easy for IT companies to leave. Mittal said companies are increasingly looking to ensure their outside technology teams are in friendly countries, a concept he referred to as “ally-shoring.” “Going forward, we do see clients trying to future-proof how they source talent,” Nitish added.

Read more in The Washington Post.

RSA 2023 Conference Sizzles with Focus on Artificial Intelligence for Cybersecurity | Blog

Generative Artificial Intelligence, threat detection and response, simpler cybersecurity solutions, attack vectors, and identity and access management were among the key cybersecurity industry trends grabbing attention at the RSA Conference in San Francisco. Read on to learn the main takeaways from our analysts who attended the recent event.

You can also reach out to us to learn more.

The annual RSA Conference (RSAC) lived up to the expectations of being one of the industry’s largest cybersecurity events, with 40,000-plus attendees packing the Moscone Center over four active days. The energizing atmosphere showed the cybersecurity community’s eagerness to meet and socialize again post-pandemic.

Here are the main cybersecurity industry trends we saw at RSAC 2023.

Generative Artificial Intelligence (GAI)

Generative AI stole the show with widespread discussion on the technology in every corner of the trade show floor that continued at social gatherings. Among the many new products launched at the event was Google Cloud’s Security AI Workbench, based on its propriety security large language model (LLM) Sec-PaLM that includes data sets from Chronicle VirusTotal and Mandiant threat intelligence.

In the past few years, advanced AI and Machine Learning (ML)-based technologies and use cases have swept the cyber industry. But we have never seen such a level of hype as garnered by Microsoft’s announcement of Security Copilot, based on  OpenAI’s GPT-4 Generative AI. This security analysis feature is aimed at helping security professionals understand threat landscapes and quickly detect and respond to potential threats.

Generative AI’s many benefits outweigh security concerns, especially in the talent-crunched cyber market. It can play a defining role in bringing efficiencies in security operations and scaling talent readiness.

Among potential areas we see Generative AI playing a larger role are summarizing incidents and findings, generating clear and concise reports and presentations, and augmenting human analyst capabilities by tailoring responsibilities to the organization’s landscape and enhancing the analyst experience.

Threat detection and response

Managed detection and response (MDR) and extended detection and response (XDR) providers had one of the largest presences at expo booths. As detection and response emerges as a primary shield by enterprises to protect and defend against cyber attacks, demand is increasing for MDR services.

Further, enterprises demand extensive telemetry coverage across not only traditional touchpoints such as endpoints and networks but also across next-generation touchpoints such as cloud, SaaS applications, and Internet of Things/operational technology (IoT/OT).

Our recent analysis of 27 MDR service providers in the Managed Detection and Response (MDR) Services PEAK Matrix® Assessment 2023, found OT and IoT monitoring and response are key differentiators within enterprises.

Shift from best of breed to ease of integration and management

Cybersecurity point solutions have grown 13 times in the past decade, increasing complexity and slowing enterprise decision-making. Enterprises are demanding a shift from best-of-breed solutions to future-proof solutions that are easy to integrate and manage.

This is creating opportunities for providers to approach the enterprise cybersecurity landscape with a consolidation mindset, drive simplification, and reduce the total cost of ownership.

Attack vectors remain a constant

Vulnerabilities, cyber-attacks, ransomware, supply chain security, software bill of materials (SBOM), and breaches remained the buzz at RSAC 2023. Aggravated by the ever-changing and never-ending regulations, the C-suite is in the middle of cybersecurity action, and cybersecurity providers must focus on boardrooms for budget approvals.

Year of identity

Will 2023 be the year of identity? Identity and access management has risen as an area getting maximum budget allocations and missing the CFO’s axe in the current macroeconomic headwinds. Enterprises are looking to get started with identities to fortify their cybersecurity posture, kickstart the zero-trust journey, enhance customer experience, and drive business outcomes from cyber investment.

Everest Group will continue to investigate this growth area. Stay tuned for our inaugural Identity and Access Management PEAK Matrix Assessment.

To discuss RCA and cybersecurity industry trends, please reach out to [email protected] and [email protected].

Dive further into the current Generative AI discussion in our webinar, Welcoming the AI summer: How Generative AI is Transforming Experiences.

Oracle Adds Free Confidential Computing Option to Cloud Service | In the News

Oracle today added a confidential computing capability to its Oracle Cloud Infrastructure service at no extra cost. The service is based on AMD Secure Encrypted Virtualization (SEV) or AMD Secure Memory Encryption (SME) processors.

It’s not clear whether confidential computing will ever become the default option for deploying application workloads in the cloud, but a recent report by Everest Group forecasts the total addressable market for confidential computing could grow to US$54 billion by 2026, up from roughly US$2 billion last year.

Read more in Security Boulevard.

Securing Cloud Tech Stacks with Zero Trust Will Drive Growth of Confidential Computing | In the News

For enterprises to realize the potential that real-time datasets can deliver, cloud tech stacks need more security with zero trust. Confidential computing is essential to securing data at rest, in transit, and in use.

Compliance, privacy, and security use cases, particularly on public cloud, have gained the most significant traction, accounting for 30 to 35% of the worldwide market, according to Everest Groups’ report Confidential Computing: The Next Frontier in Data Security. And the confidential computing market is predicted to grow to US$54 billion by 2026.

Read more in Venture Beat.

Four Steps to Improve Cybersecurity Pricing and Feel More Secure with your Spend | Blog

Investing in cybersecurity can be costly for organizations but is essential in today’s risky environment. With a myriad of confusing pricing models, determining your cybersecurity spend shouldn’t be another threat. Learn some simple steps to feel more secure in negotiating cybersecurity pricing. 

Contact us to further discuss this topic or for questions.

With demand for cybersecurity services skyrocketing in recent years, budgeting decisions have moved beyond IT discussions to C-level conversations by the boards of the largest enterprises.

This focus at the highest levels, along with the rapid evolution of cybersecurity technologies and services, has brought an unintended pain point – unwieldy cybersecurity pricing structures with a great deal of overpricing by providers.

The problem is exacerbated by a few practical issues, including:

  • Vendors using different pricing models for the same service: For instance, pricing for Managed Detections and Response (MDR) solutions varies with CrowdStrike and Red Canary having per endpoint pricing, Sophos offering per user pricing, and Rapid7 following an asset-based pricing model
  • Inconsistency in defining unit-based pricing metrics: Even for seemingly commonplace services such as security information and event management (SIEM), some vendors consider peak values of events per second (EPS) while others consider average values
  • Semi-asset heavy pricing nature: Pricing is frequently a bundled black box with provider-financed licenses for cybersecurity platforms

It is not surprising that most enterprises we spoke with in the last twelve months were unsure whether they had struck the right deal with providers for their cybersecurity spend. Let’s explore this further.

Steps to achieve clearer cybersecurity pricing

Despite the nebulous structures, transparency in cybersecurity pricing can and should be achieved by following these four simple steps:

  1. Break the black box fee into logical components such as transformation costs, license costs, run fees, and project management office (PMO) charges
  2. Break the run fee to the lowest unit level, such as per endpoint for antivirus or per IP address for vulnerability management
  3. Benchmark the run fee pricing at this unit level
  4. Benchmark pricing of transformation costs, license costs, and PMO charges to achieve maximum benefits

The potential savings that can be realized by going through this process can be substantial, as illustrated in this example of a large natural resources company that had a standalone cybersecurity services relationship with a Tier-1 IT service provider.

The relationship had comprehensive coverage across the security value chain (including endpoint security, host intrusion prevention, endpoint detection and response, identity and access management, cloud security, firewalls, email gateways, network intrusion prevention, security information, and event management).

The provider financed licenses for CrowdStrike and Netskope, while the client financed licenses for other platforms such as Symantec and Palo Alto Networks. The contract had a black box fee model for a defined range of volumes (number of endpoints, firewalls, gateways, EPS, etc.).

Working closely with the client through the four-step process described above, we benchmarked the current cybersecurity spend. As a result, the client locked in a 16% spend reduction at renewal, even though the general pricing trend in the industry was clearly inflationary.

For more cybersecurity pricing tactics to increase contract efficiency and competitiveness, please reach out to [email protected] and [email protected].

Hear from our pricing experts as they discuss recent pricing trends, key tactics enterprises use to keep their software spend in check, and the outlook for software and cloud pricing in 2023 in this webinar, Software and Cloud Pricing and Contract Negotiations: Keep Spend in Check.

How can we engage?

Please let us know how we can help you on your journey.

Contact Us

"*" indicates required fields

Please review our Privacy Notice and check the box below to consent to the use of Personal Data that you provide.