back caretBlog

Trendspotting in the 2018 Gartner Hype Cycle for Threat-Facing Technologies

The movers, the shakers, and the Sisyphus of this year's enterprise security scene

When Gartner releases a Hype Cycle or Magic Quadrant, I like to do a compare/contrast with the previous report before I read the write-ups. I find it's like a gossip column. Many of the categories are ones I've worked with over the last 15 years, and it's fascinating to see how technologies are faring. I also get more value from the writeups when I do read them.

Hype Graph

On July 13, 2018, Gartner released the Hype Cycle for Threat-Facing Technologies, 2018. My key takeaways from comparing this year with last are as follows:

The Movers:

  • User and Entity Behavior Analytics (UEBA) plunged from the peak of inflated expectations toward the bottom of the trough of disillusionment, which is the point, according to Gartner, where "interest wanes as experiments and implementations fail to deliver. Producers of the technology shake out or fail. Investments continue only if the surviving providers improve their products to the satisfaction of early adopters." Since this function seems to be merging rapidly into the SIEM, I question if it will even exist next year.
  • Network Traffic Analysis (NTA) advanced in both placement and time horizon – from the peak of expectations to the trough of disillusionment, and from five to 10 years to two to five years. In my view, NTA has moved from concept to thought leader adoption, and the next year will see leaders and laggards shake out.
  • Software-defined Security took a big leap forward, blowing past the trough to land on the cusp of the slope of enlightenment. I confess this isn't my comfort zone, and this big of a shift toward tangible value means I'm going to go read that section carefully.

The Shakers:

  • Security Orchestration, Automation, and Response (SOAR) made its first Hype Cycle appearance at the peak of inflated expectations. I'm almost surprised Gartner anointed this category, as SOAR is already sedimenting into SIEM. Perhaps there is still room for innovation and disruption as IT Ops and SecOps jointly embrace DevOps and the cloud.
  • Endpoint Detection and Response (EDR) was also added. Perhaps this was a recognition that EDR hasn't sedimented into the Endpoint Protection Platform as quickly as Gartner originally predicted. In terms of placement, I was surprised to see that EDR is positioned just a skosh ahead of UEBA in the Hype Cycle. I thought EDR was far more mature and broadly adopted than UEBA, with more successful implementations. Another one to read.
  • Managed Detection and Response also debuted in the Hype Cycle on its way up the innovation curve, which I think reflects the expansion of customers interested in these technologies and the recognition that there aren't enough people to do the work.

The Sisyphus:

  • Security Incident and Event Management (SIEM) seems to be reinventing. It moved backwards, returning from the plateau of productivity to the slope of enlightenment and earning a two- to five-year timeline. I think this recognizes the continuing data and process management pressures on security operations, and the cry for reduced complexity and increased speed. Let's also hope SIEMs get on a trajectory to augment logs with more complete and timely data sets from agents and the network.

That's it for trendspotting. I'm off to dig into the details of these movers and shakers.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

ExtraHop Reveal(x) Live Activity Map

Stop Breaches 87% Faster

Investigate a live attack in the full product demo of ExtraHop Reveal(x), network detection and response, to see how it accelerates workflows.

Start Demo

Sign Up to Stay Informed