Next Phase of Cybersecurity: Budget Consolidation, Security Data Lake and the Impact of AI

There’s no doubt that digital transformation is a challenge. Enterprises need to meet the changing demands of consumers while protecting private information, data and networks from breaches and cybercrimes. Technology evolves and improves, but so do the tools and tactics of cybercriminals. Furthermore, enterprises are constrained by budget consolidation, evolving data challenges and the rapid adoption of AI. However, we remain optimistic that innovation will outpace adversaries and overcome these challenges.

Budget Consolidation

Enterprises continue to spend on cybersecurity, but 2023 budget growth has slowed as reported in a recent IANS report published in CSO Online that surveyed 550 CISOs. 6% had a budget increase, and 37% have reported flat or declining budgets. Regardless, CISOs have sharpened their focus on key priorities and are not willing to spend on solutions that provide little differentiation. Budget adjustments can drive longer sales cycles for security vendors and result in vendor consolidation from CISOs. However, this is easier said than done as modernization is a long, slow process.

CISOs are eager to work with early-stage companies that show quick time to value. The notion of vendor consolidation might be more of a marketing pitch from one-stop-shop platform security vendors trying to grab a share of wallet from best-of-breed points solutions. At Intel Capital, we’ve heard first-hand from our CISO community that “to effectively address vendor sprawl is a heavy lift, one must take the time to re-evaluate individual vendors, the overall security architecture, processes, and people”. To help CISOs identify the most effective solution, security startups are now offering dedicated functionality that provides visibility into the effectiveness of cyber programs and solutions within the context of a company's tooling stack.

While the ability to "moneyball" your security vendor roster based on results is still a work in progress, data generated on program performance is becoming an invaluable asset. This process offers a compelling one-two value proposition, as it not only helps offset the costs associated with vendor optimization but also contributes to a more effective overall threat management strategy. In a world where every dollar counts, the data-driven approach to cybersecurity vendor selection may become the game-changer that organizations need to maintain their security posture and ensure their budgets are well-spent.

Data for Security

The data deluge has become a double-edged sword in the realm of cybersecurity. On one hand, it has evolved into a significant cost center and a sprawling attack surface for teams to manage. On the other, it has opened up a significant opportunity for using data to make an organization more secure – a value prop that has yet to be unlocked to its fullest potential. Cisco’s recent acquisition of Splunk highlights the growing importance of data in cybersecurity. Nevertheless, there’s a growing echo of frustration among security leaders regarding the cost-effectiveness of their Security Information and Event Management (SIEM) technology.

While SIEM is a cornerstone of the tooling stack, forward-thinking security leaders within the Intel Capital network are taking it to the next level by re-architecting their security data strategy to not necessarily replace SIEM, but to complement it. Some of the largest and most well-funded security teams are utilizing the symbiotic structure of a security data lake with SIEM as an input. Next-Gen SIEMs are advanced and cloud native: they present a unified platform of capabilities - from log management, User and Entity Behavior Analytics (UEBA) and Identity & Access analytics, to SOAR, ML/AI and threat intelligence - while also reducing alert noise. We see next-generation SIEM as a broader opportunity on the horizon that will enable security teams to thrive.

Security and Artificial Intelligence

With the buzz around GenAI, we’ve been asking two questions – what can advancements in AI do for security teams, and what do security teams need to do to empower AI across the enterprise?

AI for Security – there is a massive talent shortage in the security industry, with some recent estimates showing a global gap shortage of four million workers. AI-powered capabilities can help address this talent shortage by equipping security teams with tools to enhance their efficacy through automation, prioritization and code/content generation. While these enhancements are likely to be seamlessly integrated into existing toolsets rather than introduced as a separate offering, we are optimistic about their ability to provide security teams with the superpowers needed to improve effectiveness. In our network, we’ve already seen CISOs take advantage of AI to support level 1 SOC analysts, automate third-party risk questionnaires and generate threat report summaries.

Security for AIthis topic is worthy of its own blog, but let’s start by outlining the foundation for what seems to be a high-stakes game of hot potato. Similar to how The White House issued guidance on security for the software supply chain last year - on October 31, 2023, the Biden-Harris Administration issued an Executive Order around setting new standards for AI safety and security while in development and production. For those players in the AI space, you may have a laundry list of requirements making its way to your plate. But, in the evolving landscape of AI, embracing cutting-edge security measures can be a strategic advantage as you speak to customers. If AI is integral to your operations, we anticipate the burden of ensuring security falls on the vendors providing the services.

Looking Ahead…

It’s no secret that AI will enhance human threat actors’ ability to discover vulnerabilities and evade detection. It will augment existing attack vectors, while GenAI creates new, novel ones. The popularity of AI assistants will lead to security vulnerabilities in software development which may contain more errors and misconfigurations. Today, it is more critical than ever for enterprises and security vendors to continue developing their techniques and improve their tools to address these ongoing and sophisticated threats.