6 MSSP leaders reveal their emerging vendor and technology tips for 2023
Leaders from Saepio, Sapphire, Bridewell, Integrity360 and Perfomanta reveal which emerging cybersecurity vendors and technologies they are tipping for take off this year
All eyes are on the cybersecurity market in 2023 amid analyst predictions that cybersecurity growth will accelerate this year and in years to come. Gartner, for one, sees the growth of global information security and risk management spending rising from 7.2 to 11.3 per cent in the 12 months ahead.
But what emerging cybersecurity vendors, technologies, and threat trends are those at the coalface betting on?
We caught up with senior leaders at six top UK MSSPs and cybersecurity consultancies to find out.
Rob Pooley, solutions director, Saepio
Which cybersecurity start-up or emerging vendor are you tipping for take-off in 2023, and why?
There are a number of domains in cyber that look set for growth in 2023, such as API security, breach & attack simulation, automated security validation and password-less; but the tech here sits in the ‘advanced controls' bucket and is most relevant to organisations with a mature security posture.
The ‘essential controls' are much more widely applicable and help to continually improve foundational security. Automox is our tip for take-off in 2023 and sits in the vulnerability discovery and Remediation space - an essential control. Their cloud platform helps reduce the operational time associated with fixing vulnerabilities and empowers organisations to meet basic cyber hygiene targets like those set by CE+ (14 days to address critical and high vulnerabilities).
More broadly, what cyber technology, service or approach are you expecting more of your customers to adopt in 2023?
We expect to see further uptake of SASE solutions helping organisations mature their zero-trust principles. The cyber skills shortage and the current global economic conditions are motivating customers to reduce the cost and complexity of their security ecosystems. At the same time, common goals are to increase cyber resilience and improve employee experience accessing business systems. For these reasons we expect platforms like Netskope to shine given their key role in building a zero trust architecture. Their technology integrations with other essential security controls allow point products to share telemetry and work together to grant conditional access to data and applications, but only when user, identity, device and location are all verified as trustworthy.
How do you expect the threat landscape to evolve in 2023?
There will be a continued shift from malware to identity-based attacks, where attackers often bypass the traditional cyber kill-chain and directly leverage compromised credentials to launch more sophisticated and catastrophic attacks. Similarly, we expect to see a continued rise in supply-chain attacks, using trusted relationships to infiltrate bigger, better protected, large ticket targets.
6 MSSP leaders reveal their emerging vendor and technology tips for 2023
Leaders from Saepio, Sapphire, Bridewell, Integrity360 and Perfomanta reveal which emerging cybersecurity vendors and technologies they are tipping for take off this year
David Lannin, CTO, Sapphire
Which cybersecurity start-up or emerging vendor are you tipping for take-off in 2023, and why?
Check out Menlo Security. Content security has been an issue for years and the cyber security industry has, in many ways, let down users by not solving the issue in an elegant way; we are burdened with agents, gateways, SaaS solutions, or a combination of all the above. Menlo take a fresh approach to this with their isolation platform, and I like the innovation they've shown in achieving it.
More broadly, what cyber technology, service or approach are you expecting more of your customers to adopt in 2023?
Making smarter decisions faster, before malicious attacks can happen, is where we will see large gains in 2023. This can be achieved via customer-relevant threat intelligence being integrated into a cyber security strategy. Many vendors are already offering these types of integrations, thus making their solutions more proactive in protecting against potential threats, as well as re-enforcing long-standing defensive and protective capabilities.
How do you expect the threat landscape to evolve in 2023?
I anticipate it to have more divergence in threat execution, as the world has firmly adopted diverse working practices. With the attack surface now broader than ever, combining multiple attack vectors will be on the agenda. This is going to be seen with remote workers continuing to be victims of sophisticated (and some less sophisticated) phishing campaigns, as well as the exploitation of unpatched systems - these are low complexity techniques, yet low hanging fruit for a cybercriminal. In truth, this isn't an evolution of the 2022 threat landscape, but rather, more of a repetition.
6 MSSP leaders reveal their emerging vendor and technology tips for 2023
Leaders from Saepio, Sapphire, Bridewell, Integrity360 and Perfomanta reveal which emerging cybersecurity vendors and technologies they are tipping for take off this year
Richard Ford, CTO, Integrity360
Which cybersecurity start-up or emerging vendor are you tipping for takeoff in 2023, and why?
It's difficult to name just one, but as customers strive for more visibility to understand their exposure, risks and attack surface to mitigate threats well before they happen - I see vendors such as XM Cyber tipping the scales in terms of being able to meet these challenges.
Adjacent to this, as prevention is far better than cure, and the cyber security industry has been too peri/post-incident detection orientated, vendors that can provide solid proven prevention at the earliest stages of the kill chain will become increasingly important. Deep Instinct are definitely one to keep an eye on this year.
More broadly, what cyber technology, service or approach are you expecting more of your customers to adopt in 2023?
MDR is now a cybersecurity essential from our perspective and we are addressing this with all existing and new customers to enable them to gain full visibility and actively respond to threats. We expect to see an increase in adoption where customers don't already have an existing SOC capability and for those that do, MDR will release the pressure on internal teams.
How do you expect the threat landscape to evolve in 2023?
I expect ransomware to remain the #1 risk/threat, but the threat from insiders will grow this year as the economic conditions and cost of living crisis bites. I expect that we will see at least one globally affecting supply chain compromise like SolarWinds/Sunburst and a new game changing vulnerability such as Log4J/Log4Shell. Whilst Log4J has driven better vulnerability detection and remediation, the risk of similar occurrences is extremely high. This is because most organisations still lack the visibility required to detect malicious activity from a compromised, trusted, third party - whether this is compromised software or a service provider.
6 MSSP leaders reveal their emerging vendor and technology tips for 2023
Leaders from Saepio, Sapphire, Bridewell, Integrity360 and Perfomanta reveal which emerging cybersecurity vendors and technologies they are tipping for take off this year
Anthony Young, co-CEO, Bridewell
What cyber technology, service or approach are you expecting more of your customers to adopt in 2023?
In 2023, the predominant approach is likely to be the consolidation of security products - particularly in the Microsoft space. Many organisations across sectors have heavily invested in their technologies and are ‘Microsoft houses' that utilise a wide array of their products - such as Microsoft 365, Azure, Defender, and so on.
With many cyber security decision makers seeking to consolidate their technology stacks and reduce the number of tools they use, it is likely that we will see even further uptake of other Microsoft capabilities as they look to get the maximum value out of their existing licensing. Our recent research found that 62 per cent of UK cyber security decision-makers said the number of security tools within their organisation is ‘unmanageable'. Therefore, uptake of Microsoft capabilities could be expected in order to help salvage the issue of security teams being spread too thinly, whilst also reducing the complexity of managing their technology stack.
In particular, it is likely there will be greater uptake of Sentinel as organisations look to build out their Cloud SIEM. While there are other SIEM platforms that will also see greater adoption this year - notably Google Chronicle - Sentinel is very much the leader in this space.
How do you expect the threat landscape to evolve in 2023?
With the current recession and cost of living crisis, we can expect the insider threat landscape to mature over the next year. Criminal groups are expected to take advantage of these vulnerabilities, exploiting individuals in the form of blackmail or potential financial gain - all in return for sensitive information. Our research found that over a fifth of IT decision-makers believe that internal threats, such as data theft and employee sabotage, could land amongst its highest threats. Coupling these concerns with the continued financial pressures, we expect this is an area which will expand over 2023.
6 MSSP leaders reveal their emerging vendor and technology tips for 2023
Leaders from Saepio, Sapphire, Bridewell, Integrity360 and Perfomanta reveal which emerging cybersecurity vendors and technologies they are tipping for take off this year
Karen Bolton, CEO, Nettitude
What cyber technology, service or approach are you expecting more of your customers to adopt in 2023?
Customers are looking for their cybersecurity problems to be solved and complexity to be reduced.
It is often a challenge for many organisations to fully understand and prioritise the various security options available to them. Modular service offerings, delivered as a package that speaks to the main pain points of an organisation, make it easier for customers to make effective buying decisions. The good thing is that demand and education around cybersecurity continues to grow, which demonstrates increasing business priority for this area. However, it also means that the demand for skilled cybersecurity professionals is growing, making it more difficult to gain access to talent. Consequently, the consumer focus has been on the search for trusted specialists delivering managed services.
Previously, organisations may have been in a position where they had taken bits of security service from different providers. Today, owing to economic pressures and the need for operational efficiency, priorities have shifted. We're seeing demand for value for money and a desire from organisations to streamline their security requirements to one trusted provider with the right blend of skilled professionals and services. Demand for broad packages of cybersecurity services, which measurably fulfil cyber strategy goals, will continue to grow.
How do you expect the threat landscape to evolve in 2023?
World events, such as conflicts and regional economic outlooks, will continue to shape the cybersecurity industry in 2023. So too will the escalating threat of ransomware, where we can expect to see the complexity of attacks continue to evolve.
Further, you can also expect cyber insurance to remain a hot topic.
Cyber insurance will continue to evolve and is an important component of a cyber risk management plan, however it cannot be the number one strategy. Underwriters are increasingly adding to coverage requirements and cost, as well as carving out larger exclusions.
Organisations need to be able to anticipate the direction their business will move in (for example, adopting a cloud-based approach) and therefore anticipate the way these changes will impact relevant threats to the organisation. In other business contexts, you can use insurance as a sole or primary driver to mitigate risk. When it comes to cybersecurity, insurance cannot be your number one strategy. It gives a level of comfort, but it must be surrounded by a broader strategy of how you prioritise your assets for protection and how you are going to become more mature within your cybersecurity capability.
6 MSSP leaders reveal their emerging vendor and technology tips for 2023
Leaders from Saepio, Sapphire, Bridewell, Integrity360 and Perfomanta reveal which emerging cybersecurity vendors and technologies they are tipping for take off this year
Guy Golan, CEO, Performanta
Which cybersecurity start-up or emerging vendor are you tipping for take-off in 2023, and why?
I am a little biased (but who isn't when providing an opinion). EncoreASM.com [Performanta's own security platform] is definitely an emerging vendor. The ASM (attack surface management) market is crucial to achieve a safe state. In the UK the ASM market is just starting while in the US it is in full force. What EncoreASM does so well is the ability to connect external attack surface with the internal preparedness of their security controls (EASM and CAASM). This approach is revolutionary. As an MSSP we have discovered that the time to remediate dropped immensely (over 75 per cent). The visibility is absolutely crucial to make the right decisions and the ability to generate reports in minutes (as opposed to 40 hours per client before) make a huge difference in clients' safety and clients' protection.
More broadly, what cyber technology, service or approach are you expecting more of your customers to adopt in 2023?
As per the point above, I truly believe a combined ASM (EASM and CAASM) are the areas where clients will adopt in 2023. Think about it this way: a CISO without a combined ASM can only guess what their state of security controls (which is the layer of defence they need) really looks like. The reporting is always in a hindsight. And the execs look at information that is too technical rather than valuable and insightful. The combined ASM with proper enablement of the client will make their life much easier in protecting their environment and better communication with the board.
How do you expect the threat landscape to evolve in 2023?
Just like water, the threat landscape always looks for the easier path to take. Right now it is all about ransomware. We see the usual uptick in ransomware but at the same time we see a change in the nature of the ransomware. While the traditional way is to encrypt the data and ask for money; the new approach copies the data and gives the client, or anyone else the chance to buy the data at a said amount. Some attackers give the ransomed client first option and some just open it to the highest bidder. This type if action brings massive topic to the front - the value of data.
As such, I believe elements of data security (where leakages and breaches hurt the most) and identity and access management will become high on clients' agenda.