Last year at this time, we forecast a bumpy ride for infosec through 2017, as ransomware continued to wreak havoc and new threats emerged to target a burgeoning Internet of Things (IoT) landscape. ‘New IT’ concepts – from DevOps to various manifestations of the impact of cloud – seemed poised to both revolutionize and disrupt not only the implementation of security technology, but also the expertise required of security professionals as well.
Our expectations for the coming year seem comparatively much more harmonious, as disruptive trends of prior years consolidate their gains. At center stage is the visibility wrought by advances in data science, which has given new life to threat detection and prevention – to the extent that we expect analytics to become a pervasive aspect of offerings throughout the security market in 2018. This visibility has unleashed the potential for automation to become more widely adopted, and not a moment too soon, given the scale and complexity of the threat landscape, as well as of IT, and the strain this complexity continues to place on security professionals – people who are becoming increasingly challenging to find, train and retain.
Together, these advances can help break down longstanding silos that have held security back from doing a better job, and relieve practitioners overwhelmed by security’s demands. We first described this much-needed coming together of data, analytics and automation in early 2016 in a concept we called the Actionable Situational Awareness Platform (ASAP), shown in the figure below.