I recently revisited Gartner’s 2022 Hype Cycle for Security Operations and found a lot of themes that were well-aligned with the customer conversations I’ve had over the past six months with security operations leaders and practitioners.

One view of the security operations landscape

Gartner Hype Cycles provide a view into the maturity and adoption of various technologies in a given domain. They are a great reference for vendors (like Query) and an equally valuable resource for security operations leaders & end users. Hype Cycles are right up there with Magic Quadrants as some of the most downloaded Gartner research. While Hype Cycles don’t have the competitive nature of the Magic Quadrant that plots vendors on a 2X2 chart (coveted upper right quadrant anyone?), they do put technologies into provocatively-named, time-bound stages: innovation trigger, peak of inflated expectations, trough of disillusionment, slope of enlightenment, and plateau of productivity. 

If you follow the Hype Cycle for a given domain for enough years, you’ll see that not every technology will make the full journey from left to right through the stages. Some will implode and disappear (euphemistically referred to as ‘retired’), some will be subsumed by related technologies, and some will morph into something else altogether over time.

While there is a lot of debate (and criticism) about Gartner’s category names, definitions, and acronyms, it is generally accepted that understanding and educating about the state of the market is something Gartner does very well. An in-demand Gartner analyst for a popular category like Security Operations will field hundreds of client inquiries and vendor briefings over the course of a year. The result is an interesting information stream that makes its way into research publications that are a strong representation of what is on the minds of both security buyers and the vendor community in the present moment. 

The more things change, the more they stay the same

The 2022 Hype Cycle for Security Operations calls out a few core themes that are persistent challenges in our industry: 

  • An ever-changing and expanding attack surface
  • Difficulty in finding security skills; and 
  • Security & risk teams being asked to do more with less

These challenges will not read as a surprise to anyone who makes their living working as a security professional. The Hype Cycle also discusses familiar concepts such as managed security services, consolidated security platforms, and increased demand for extended detection and response (XDR) solutions; especially among smaller, less mature security organizations. Gartner positions XDR, along with Breach & Attack Simulation (BAS) and Digital Forensics and Incident Response (DFIR), at peak market interest. Interestingly, they call out an increase in profiles in the Innovation Trigger time frame addressing the shift in attack surface. New offerings related to exposure management such as External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), Penetration Testing as-a-service (PTaaS), and IT Threat Detection & Response (ITDR) are called out, along with a note that these categories may see consolidation in coming years. 

One to keep an eye on…

An interesting call-out in 2022’s Hype Cycle for Security Operations is the adoption of what Gartner refers to as Cybersecurity Mesh Architecture (CSMA). It is defined as: “a composable and scalable approach to extending security controls, even to widely distributed assets. Its flexibility is especially suitable for increasingly modular approaches consistent with hybrid multicloud architectures. CSMA enables a more composable, flexible, and resilient security ecosystem. Rather than every security tool running in a silo, a cybersecurity mesh enables tools to interoperate through several supportive layers, such as consolidated policy management, security intelligence, and identity fabric.”

CSMA is not a product — or even a category — but rather it’s an approach to enable and ensure a consistent security posture across diverse and changing technology environments. Its appearance in the Hype Cycle is consistent with conversations I’ve had with dozens of CISOs in recent months. Few have expressed it as CSMA. Instead, they’ve identified a challenge and frustration with “getting all this stuff to talk and work together.” Security teams are starting to take a critical look at how much incremental security value they get from each additional tool they deploy. They rightfully expect vendors to deliver capabilities that play well with other solutions in their architecture.

I’ve also started to see security leaders place more focus on data architecture, especially at large organizations with many security tools in place. They are wisely considering how well their teams and processes will be able to operationalize the capabilities that are added when bringing a new tool onboard. I believe this focus will become even more prevalent in the coming years. 

If you’d like to dig a little deeper, you can download a copy of the Gartner Hype Cycle for Security Operations here.