Heading into 2023 Palo Alto Networks published its What’s Next in Cyber survey based on responses from more than 1,300 C-suite leaders. The report found that the threat landscape has grown more intense, as 96% say they experienced at least one breach in the last year and in response, 68% expect their security budgets to increase up to 10% in the year head.
SC Media recently spoke with Anand Oswal, senior vice president and general manager of network security at Palo Alto Networks to discuss the survey’s findings. Oswal laid out how organizations can set priorities for the year ahead, get started with zero trust, and use the power of AI and ML to thwart today’s more sophisticated attacks.
The What’s Next in Cyber survey said 62% of security pros think the board has recognized the importance of cybersecurity as they go through their digital transformations? It's an OK number, but how can it improve?
Business transformation has affected every industry and organization during the pandemic and has led to some good results. I agree with you that the number is lower than what we would expect, but I think some of it is education and I’m confident that the number will increase. In talking to customers, cybersecurity is now an important topic. It may not be as high as we’d like it to be, but it is increasing.
Ransomware, malicious insiders and DDoS attacks were the top three threat vectors cited for North America. Do you think that will continue in the year ahead?
Those three will continue worldwide. Attackers are growing more sophisticated using the power of AI. The average ransomware payment has gone up significantly. It’s around money, reputation and being in the news — all negative impacts. On DDoS, we’ve seen that the attackers are getting more sophisticated, so with DDoS this is also the case as more and more tools are available.
With 77% saying they are "highly likely" to reduce the number of security solutions and services, what do you think those numbers will look like? Today they are at 13.39 vendors and 31.58 security tools/solution.
These numbers will continue to decrease. Organizations are looking to consolidate. They are also looking at best-of-breed capabilities. Having more and more vendors increases the organization’s complexity, it’s not cost-effective, and not sustainable in the long-term. Many customers are looking to consolidate on a single platform.
The vast majority of security pros expect their security budgets to go up next year. What will be the major priorities?
I think people will focus on all aspects of data security, cloud security, and IoT security. You’re seeing more connected devices come into enterprises and they are adding significant risk, especially in health care and industrial environments. We are also seeing investment in securing 5G networks. Not just securing service providers, but as those providers look to give services to enterprise customers, making sure they are providing those services securely as well.
Some 98% say implementing zero trust is challenging because of lack of internal expertise, not knowing where to start, and the lack of qualified vendors. How do security teams get started?
We have to think of zero trust as a journey, it’s not an end-to-end product. There four pillars to zero trust. The first is around authenticating the user. Second, just because we authenticate, we still have to make sure we can trust the device, that it’s not infected with malware, so the focus is on identity. The third pillar is access. Do you have the right permissions? Are the apps sanctioned? The fourth pillar is around transactions: when you are downloading information, does it have any malware?
Customers have to make zero trust a mindset transformation. And while we have to be on this journey, it will take some time to get to the end state, but we have to start. Companies can start by looking at the four pillars of zero trust as a guide across users and devices and then work with their own internal teams and partners to chart out what makes sense for their organization.
Why are almost half of security pros saying they plan to invest in software firewalls on both public and private clouds?
When you think about the traditional use case of hardware-based firewalls, they were used to protect applications in a data center and provide segmentation in campus environments. As apps go into the cloud, organizations want to secure these apps. Software firewalls both as virtual machines or containerized form factors are now used to bring security as close to the app as possible. If you are in the public cloud, it sits on an AWS or Azure app. If in private cloud, it sits on-prem. Organizations want to have the convenience of the cloud, the ability to bring software firewalls up and down at scale.
About half are high on AI for threat detection? Can you detail how AI can help security teams identity threats or better yet, predict potential threats before they happen?
The days of doing all the alerts manually in the SOC are gone — today we use the power of AI to do that. The question you didn’t ask me is how AI can help teams better protect against threats, malware or phishing? In the past, to protect against phishing we used to build a database of all the rules. We’d group the databases into categories then go to each of the URLs and set polices based on the tolerance level for what you want to allow and what to block. The problem is that this approach does not work anymore. As the attackers have gotten more sophisticated, the phishing attacks have increased. The URLs come up and down in seconds. Before I can build a database, it’s gone. With AI, we can look at the content and block the attacks in-line in real-time. In the future, we’ve got to use the power of AI, and not a signature-based approach.