Gartner, Inc. | G00810451 Page 1 of 81
Hype Cycle for Security Operations, 2024
29 July 2024 - ID G00810451 - 92 min read
By Analyst(s): Jonathan Nunez, Andrew Davies
Initiatives: Security Operations; Meet Daily Cybersecurity Needs
Security operations technology and services defend IT/OT
systems, cloud workloads, applications and other digital assets
from attack by identifying threats, vulnerability and exposures.
This Hype Cycle helps security and risk management leaders
strategize and deliver SecOps capability and functions.
SRM leaders continue to sharpen their threat detection and response efforts. This year’s
Hype Cycle features significant movement for identity threat detection and response
(ITDR), extended detection and response (XDR) and co-managed monitoring services.
SRM leaders are called to action to fortify digital identities and identity infrastructure
using ITDR products and services. Those that have already implemented these
technologies should look to integrate ITDR outcomes into the SOC for improved threat
detection (see 5 Initiatives to Move Toward Security Operations Excellence).
A substantial subset of organizations face challenges with organizing their threat
detection, investigation and response (TDIR) function. Security information and event
management (SIEM) is a mature technology, and recent market shake-ups have created
uncertainty (see Quick Answer: How to React to Recent SIEM M&A Announcements).
Smaller organizations aim at preconfigured technologies that accelerate time to value,
using a predefined set of analytics, prebuilt automation and some out-of-the-box response
capabilities. XDR providers promise to deliver that, and are adding AI assistants to make it
even easier for anyone to get information from the tools.
Enterprises look for partners that can help them handle greater customizability. Co-
managed monitoring services providers offer more flexibility in terms of technologies and
service augmentation, allowing customers to directly contribute to operational
performance and outcomes. Managed detection and response (MDR) providers add
managed incident response for organizations that cannot — or are not willing to —
support this function internally.
This research note is restricted to the personal use of liuyang17@qianxin.com.
剩余85页未读,继续阅读
资源评论
