Takeaways from the Gartner Hype Cycle for Security Operations, 2022

Cybersecurity is a high-stakes game—and the opponents, today's advanced threats, aren't predictable, and they never play by the rules. To adapt to today's threats, security teams have to continually evaluate new and established tools and technologies. In response, cybersecurity vendors are scrambling to innovate to stay relevant against today's threat landscape—but innovation in a high-stakes environment inevitably leads to hype.

Security budget holders are under pressure to implement the right mix of technology to prevent breaches while minimizing the impact on budget and resources. Unfortunately, separating value from a market full of hype can be a long, confusing process. To help, Gartner® published Hype Cycle for Security Operations, 2022. Gartner Hype Cycles provide a graphic representation of the maturity and adoption of technologies and applications, and how they are potentially relevant to solving real business problems and exploiting new opportunities.

SecOps Top Challenges in 2022

In this year's report, Gartner sums up today's SecOps challenges by saying "Organizations need to support a complex and sometimes competing array of approaches to security, while also supporting the growth of the organization via traditional IT infrastructure deployments, cloud-based deployments and hybrid approaches. Security operations technologies are designed to meet the diverse needs of modern organizations across these architectural challenges, while also trying to align to your specific organization's threat landscape. Gartner expects that there will be an increasingly diverse set of exposures and risks that organizations need to gain better visibility and control over. This is driven by the fast-paced development in consumer IT, hybrid scenarios for those with established infrastructure and the use of third-party SaaS platforms. Security operations technologies and concepts must enable this greater visibility and control through decentralized management of security technologies and faster response that works cohesively across multiple vendor solutions to reduce risks for businesses."

It can be argued that the answer to successful security operations is a paradox: simple complexity. To achieve this, security teams require security architecture and supporting technology that is both complex and comprehensive enough to take on today's threats, yet streamlined and easy enough to manage for today's resource-limited security organizations. The emerging trends naturally toe the line between offering disparate data sources and diverse security tactics while streamlining, automating, or outsourcing the work of detection and response.

Notable Trends from the Gartner Hype Cycle for Security Operations, 2022

Extended Detection and Response (XDR) as a Strategy

XDR is placed on the Peak of Inflated Expectations on this year's Hype Cycle, with a high benefit rating. While XDR's position as an emerging cybersecurity trend is hardly surprising, we found Gartner's explanation of XDR's importance far more telling. According to the Hype Cycle, "XDR products can be seen as evolutions and amalgamations of some of the security operations tools that preceded them. However, XDR products have higher levels of integration, automation, ease of use, and focus on threat detection and incident response. They also include security controls for, among other things, endpoint detection and response (EDR), cloud access security brokers (CASBs), firewalls, identity and access management, and intrusion detection systems."

In other words (as we see it) Gartner is defining XDR as not a single solution, but as a strategy of integrated best-of-breed solutions. While Gartner doesn't outright advocate against single-vendor solutions, they note among XDR obstacles that "although the list of vendors that offer a holistic XDR product on their own is short, committing to a single-vendor XDR approach could lead to tie-in."

Taking this advice into account, this year's hype shows us why integrated security toolsets are becoming necessary to meet the balance between the sophistication of defenses and simplicity of use for security teams.

Cybersecurity Mesh Architecture (CSMA) is on the Rise

In response to the need for simplified security tool management and greater flexibility, cybersecurity mesh architecture (CSMA) has emerged on this year's Hype Cycle at Innovation Trigger, with a benefit rating of Transformational.

What is CSMA?

As defined by Gartner, "Cybersecurity mesh architecture (CSMA) is an emerging approach for architecting composable, distributed security controls that improve overall security effectiveness. It offers an approach to enabling secure, centralized security operations and oversight that emphasizes composable, independent security monitoring, analytics and enforcement, centralized intelligence and governance, and a common identity fabric."

We see the Gartner inclusion of CSMA as another step toward a more integrated best-in-class approach to cybersecurity tooling—an idea that broadens and diversifies the concept of best-in-class XDR even further. The challenge for security teams, however, is finding solutions with robust out-of-the-box integrations that help streamline and automate otherwise complex processes. Gartner says that "creating a collaborative ecosystem of security tools will address inconsistency and help understand and minimize the exposure that is consistent with business expectations. Addressing inconsistency is a key driver, but understanding impact and likelihood alongside vulnerability creates an understanding of exposure that is crucial in making probusiness security decisions."

We'd argue that, in order for organizations to successfully create an ecosystem of tools, security vendors must first work together to meet the inevitable market demand for integration.

NDR as a Complementary Solution

As a solution that is climbing the slope of enlightenment, the 2022 Hype Cycle for Security Operations labels NDR as "Low Risk — High Reward," saying that "Enterprises that implement NDR solutions as a proof of concept (POC) often report high degrees of satisfaction because the tools provide much-needed visibility into network traffic. The POC projects often result in the customer buying the solution, because they see value in the traffic visibility."

As security trends require increased diversification and integration, behavior-based network detection fills visibility gaps, and pairs well with existing security technology. According to the report, "NDR complements traditional preventative controls by catching activities based on deviations from baseline. This allows the security team to investigate inside activities resulting from breaches without relying on having observed a previous occurrence of the same activity."

As security teams are increasingly searching for more efficient workflows, the report also adds "The automated response capabilities help to offload some of the workload for incident responders. The threat hunting functionality provides valuable tools for incident responders."

Given the potential for NDR to pair well with existing toolsets and streamline incident response, we see even more value in including integrated NDR solutions as part of a best-in-class XDR strategy or CSMA.

A Shifting Approach to SecOps

As we see an added focus on integration and diversified technology solutions in the Gartner Hype Cycle for Security Operations, 2022, the report also notes that "Security operations is not simply a department, team or set of technologies. It is a group of well-executed processes performed by personnel aiming to ensure a high level of resiliency. Security operations personnel require modern security technologies to quickly detect and mitigate threats and reduce exposure. It is not easy to find the skill sets or know which solutions to implement first. There is an expanding attack surface, and increasing consolidation of tools that organizations must evaluate and support."

To enable resiliency, new security solutions are mandated to rise above hype and competition and offer real, tangible benefits to today's security operations, especially when the goal is combating a common opponent: advanced threats. According to the report, "Security operations technologies and concepts must enable this greater visibility and control through decentralized management of security technologies and faster response that works cohesively across multiple vendor solutions to reduce risks for businesses."

We see that as a clear answer to making simple complexity a reality: Complementary solutions must work with each other, not against, making the work of using diverse security tactics and datasets to secure complex environments a simple, streamlined process.

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartners research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

GARTNER and Hype Cycle are registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.