So, how are the more engineering levels of tech evolving – security, networking, and management? We spoke to some of our experts in these areas – lead analysts Andrew Green and Paul Stringfellow, operations lead Ron Williams, head of research Ben Stanford, and CTO Howard Holton. Let’s see what they had to say.
1. Security categories are evolving, but this is causing more confusion than clarity
Andrew: Security vendors no longer know what products are what and how to position themselves – and it will get worse before it gets better. We’re seeing this across security market categories. There’s a kind of mishmash – like Network access controls (NAC) and extended detection and response (XDR), or security incident and event management (SIEM) versus security operations and automation response (SOAR). Zero-trust network access (ZTNA) is a genuinely confusing term right now, because too many vendors are using the term to mean different things.
2. Networking vendors with their own infrastructure can pivot
Andrew: I’m seeing how networking vendors with their own infrastructure are becoming better positioned to deliver new products and services. If you have your own network backbone and operate stuff like data centers or points of presence, you can pivot into different products more easily. For example, consider the NaaS vendors doing multicloud networking – it’s all because they have the pipes. This is also about capacity – if you have your own hardware deployed already, you can just use the overhead capacity or reallocate some of that capacity to develop new products.
3. Vendors are bolting AI chat interfaces onto their security and management software tools
Paul: It’s a risk that people assume that having a chat interface will make security problems disappear or give junior analysts the resource and information that senior analysts might have. The reality is you’re still going to need people who absolutely understand the space, security or otherwise.
Ron: Management tools vendors will want to say they’ve done something with generative AI. However, the process of going from monitoring to observability, to where you have predictive AI, then to intelligence, where you have generative AI and can ask questions about the entire business or the way in which the business operates, is two years out.
4. AI is having an impact on social engineering attacks
Ron: AI is empowering the hacking community to get more creative in how they can disturb the business. For example, one of the casinos in Vegas was hacked because of voice cloning. Someone heard the voice, they knew who it was and they did something, and it was wrong.
Ben: Phishing attacks are getting way better. Already, bad actors can make them sound much more plausible in multiple languages, at scale. They can nuance and refine them much quicker. A/B testing of their effectiveness has gone up as well.
Ron: We’ll see vendors coming out with tools that use AI to attack the AI attacks. I know, this sounds weird. We could have an AI attack hallucinate, and then tools deliver hallucinatory responses.
5. Businesses need to rethink their communications in the light of Spam
Ben: If I get a message now, I don’t trust it; I assume it’s spam. Businesses need to think about a strategy for how to communicate if end users are mistrustful of corporate communications.
Howard: We have to start restricting the information that gets put into an e-mail and shift it to something else. Chat is the logical place, especially as it’s become increasingly valuable to organizations.