Hype Cycle for Security Operations, 2021 Published 23 July 2021 - ID G00747546 - 82 min read By Pete Shoard, Shilpi Handa Security operations technologies and services defend IT systems from attack by identifying threats and exposure to vulnerability — enabling effective response and remediation. The innovations included in this Hype Cycle aim to help security and risk management leaders strategize effectively. Analysis What You Need to Know The acceleration in digital transformation has, over the past 12 months, affected organizational relationships with IT. Increases in remote work, use of mobile devices and cloud services have been notable, and they have facilitated a significant change in the way businesses need to function. Changes have brought about a shift in the types of threats that organizations are subject to and there is an emerging need to increase visibility to previously unmonitored third-party systems and services. It remains true that a large part of setting a security strategy for an organization is simply understanding the available security capabilities in the marketplace and their potential applications, and aligning these with risk-based requirements. Security and risk management leaders are unable to prepare for every eventuality and, therefore, must make intelligent, businessdriven decisions about which security operations technologies they choose to manage the risks to their organization. Security operations is not simply a department, team or set of technologies. It is a group of well-executed processes performed by personnel aiming to protect the organization from harm. Security operations personnel require modern security technologies to quickly detect and mitigate threats and reduce exposure. It is not always easy to find the skill sets or know which solutions to implement first. Organizations must therefore look to a range of managed security services (MSS) and cloud-delivered security technologies. Outsourcing and “as a service” offerings can provide levels of competency that can quickly be grafted into the organizations’ own operations. For more security-mature organizations that have established a dedicated team and have invested in a portfolio of security controls, constant enhancement is required to ensure that they are equipped effectively to fight external adversaries. Technologically, the security domain has continued to be siloed, with much focus being directed toward specific domains, such as network detection and response (NDR) and operational technology (OT) security. At the same time, capabilities such as breach and attack simulation (BAS) join domains together, providing visibility and verification of that visibility, as well as response planning and effective response testing (see Top Security and Risk Management Trends 2021). The key trend across all technologies in the security operations space is greater API interactivity and availability. This extends the requirement for a set of technologies and services that can join together the findings from multiple systems. Gartner refers to this as the “cybersecurity mesh architecture” (see Top Strategic Technology Trends for 2021: Cybersecurity Mesh). Although, as a product, a single multiecosystem security control plane has yet to materialize. Security and risk management leaders focused on network security controls with a greater alignment to prevention should read the sister document to this Hype Cycle, Gartner’s Hype Cycle for Network Security, 2021. 1 The Hype Cycle Architectural complexity in corporate infrastructure is widening as organizations try to navigate their way through traditional IT infrastructure deployments, cloud-based deployments and hybrid approaches. Security operations technologies are designed to meet the diverse needs of modern organizations across these architectural challenges — providing greater visibility of threats and exposures, greater control, and faster response capabilities that work universally and cohesively. The desire for a single platform to consolidate security capability continues to be prevalent in the market (see Security Vendor Consolidation Trends — Should You Pursue a Consolidation Strategy?). Extended detection and response (XDR) partially meets this challenge; however, it does so within the limitations of a single ecosystem. Therefore is best suited to greenfield infrastructure projects rather than organizations with broad, existing security investments. Continued use of art