Thousands of people in the cybersecurity community converged upon National Harbor, Maryland last week for Gartner’s annual Security & Risk Management Summit. For many of us, it was our first in-person industry conference since February 2020, and our excitement was palpable. Between this event and RSA Conference 2022 in San Francisco, the SentinelOne team had an exciting week connecting with our fellow cybersecurity professionals and reflecting on the latest developments in the cybersecurity landscape.
The theme of this year’s summit was “Reframe and Simplify,” a mantra that was reiterated in keynotes and breakout sessions throughout the week. “Reframe” signifies the need for security professionals to transform the conversations we have with our business leaders in order to help them understand what we do not do. As Gartner’s VP analyst Jay Heiser put it, “We can’t eliminate security failure. But we can help you understand risk and how to get back up again.”
“Simplify” is, well, simple: Only do what’s most important to mitigate risk for your business, and focus security modernization on composable security tools, like ones built with APIs that give you the flexibility to add more capabilities in the future.
Missed out on the fun? Here are some notable takeaways from the summit.
Ask five different vendors what XDR is, and you’ll get five different answers. Ask five different analyst firms the same question, and you’ll get the same result. While certain Gartner analysts estimate that we’re about 18 to 24 months out from landing on a consistent answer, one common point of agreement among vendors and analysts alike seems to be that identity security and endpoint protection, detection and response are critical building blocks for an XDR platform.
As modern attack surfaces expand and evolve, security experts continue to define and refine capabilities for addressing the threat vectors that follow. This is reflected in a never-ending list of industry acronyms—EASM, CAASM, xSPM, _DR, just to name a few. According to Gartner VP Analyst Pete Shoard, Managed Detection and Response (MDR) is the only “DR” that’s a service and not a technology.
Speaking of technologies, we’ve now reached the dawn of Threat Detection and Incident Response (TDIR), a SaaS-based evolution of managed services designed for maturing security practices. It is not to be confused with Identity Threat Detection and Response (ITDR), a term coined by Gartner less than a year ago to describe the collection of tools and best practices to defend identity systems.
Heiser identified ITDR as the most forward-looking trend in his talk, “Top Trends in Security and Risk Management.” An action plan for implementation starts with prioritizing the security of your identity infrastructure with tools to monitor, protect, detect, and remediate threats. Other keys to success include using the MITRE ATT&CK framework to correlate ITDR techniques with common attack scenarios, investing in foundational identity and access management (IAM) security best practices, and modernizing your IAM infrastructure with current and emerging standards.
In a fireside chat with conference chair Patrick Hevesi, guest keynote John Brennan shared learnings from his experience as CIA Director and Senior National Security & Intelligence Analyst during the Obama administration. His key takeaway for the audience: Most of your leaders are less technical than you, so stay out of the weeds and present the facts in a way that helps them understand the impact to their business.
In “Outlook for Cloud Security,” Gartner Senior Director Analyst Charlie Winckless outlined the limitations of a lift-and-shift migration from on-premises to the cloud versus a born-in-the-cloud approach. Lifting and shifting will work to a certain degree, but you’re going to need to rethink your strategy pretty quickly. He cautioned that not all clouds are the same and pointed out that identity is now the control plane for security. He explained that “identity is a perimeter” — or in SentinelOne’s terminology, a surface — and that Cloud Infrastructure Entitlement Management (CIEM) facilitates automation of complex auditing.
This week’s conference marked our first opportunity to showcase the Singularity XDR platform’s new identity security capabilities following our acquisition of Attivo Networks. Our combined forces spent the week demonstrating how Singularity Ranger AD, Singularity Identity, and Singularity Hologram can help organizations reduce their Active Directory and Azure AD attack surfaces, protect identity infrastructure, and detect in-network attacks and insider threats, respectively.
Finally, we observed many of the same trends as our fellow Sentinels in attendance at RSAC 2022; whether pulling from firsthand practitioner experience or observing the industry at a macro level, consolidation of vendors and tools, strategic technology integrations and growing partner ecosystems, and a huge focus on gaining visibility across every segment of an expanding attack surface seem top of mind for all.
We didn’t have Incubus perform at a FOMO party. We didn’t have a giant purple tree calling to people from across the expo hall floor to come learn about autonomous threat defense. But with SentinelOne-branded lanyards slung around the neck of nearly every attendee, we enjoyed our own sense of omnipresence.
More importantly, over the course of a private dinner with CISOs, one-on-one meetings with Gartner analysts, and three days in the exhibit hall, we had countless meaningful conversations with people who, just like us, are deeply passionate about helping to defend organizations against cyber attacks with speed, scale, and accuracy.
We look forward to continuing these conversations and to starting new ones as we hit the road to the next show.
Singularity RANGER | AD Assessor
A cloud-delivered, continuous identity assessment solution designed to uncover vulnerabilities in Active Directory and Azure AD