• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Contact Sales
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Why Us
    • Why Cisco Umbrella
      • Why Try Umbrella
      • Why DNS Security
      • Why Umbrella SASE
      • Our Customers
      • Customer Stories
      • Why Cisco Secure
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Global Cloud Network Activity
    • Unmatched Intelligence
      • A New Approach to Cybersecurity
      • Interactive Intelligence
      • Cyber Attack Prevention
      • Umbrella and Cisco Talos Threat Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco Umbrella and SecureX
  • Products
    • Cisco Umbrella Products
      • Cisco Umbrella Cloud Security Service
      • Recursive DNS Services
      • Cisco Umbrella SIG
      • Umbrella Investigate
      • What’s New
    • Product Packages
      • Cisco Umbrella Package Comparison
      • – DNS Security Essentials Package
      • – DNS Security Advantage Package
      • – SIG Essentials Package
      • – SIG Advantage Package
      • Umbrella Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Cloud Data Loss Prevention (DLP)
      • Cloud-Delivered Firewall
      • Cloud Malware Protection
      • Remote Browser Isolation (RBI)
    • Man on a laptop with headphones on. He is attending a Cisco Umbrella Live Demo
  • Solutions
    • SASE & SSE Solutions
      • Cisco Umbrella SASE
      • Secure Access Service Edge (SASE)
      • What is SASE
      • What is Security Service Edge (SSE)
    • Functionality Solutions
      • Web Content Filtering
      • Secure Direct Internet Access
      • Shadow IT Discovery & App Blocking
      • Fast Incident Response
      • Unified Threat Management
      • Protect Mobile Users
      • Securing Remote and Roaming Users
    • Network Solutions
      • Guest Wi-Fi Security
      • SD-WAN Security
      • Off-Network Endpoint Security
    • Industry Solutions
      • Government and Public Sector Cybersecurity
      • Financial Services Security
      • Cybersecurity for Manufacturing
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
  • Resources
    • Content Library
      • Top Resources
      • Cybersecurity Webinars
      • Events
      • Research Reports
      • Case Studies
      • Videos
      • Datasheets
      • eBooks
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Security Definitions
      • What is Secure Access Service Edge (SASE)
      • What is Security Service Edge (SSE)
      • What is a Cloud Access Security Broker (CASB)
      • Cyber Threat Categories and Definitions
    • For Customers
      • Support
      • Customer Success Webinars
      • Cisco Umbrella Studio
  • Trends & Threats
    • Market Trends
      • Hybrid Workforce
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
    • Security Threats
      • How to Stop Phishing Attacks
      • Malware Detection and Protection
      • Ransomware is on the Rise
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
      • Global Cyber Threat Intelligence
    •  
    • Woman connecting confidently to any device anywhere
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Person looking down at laptop. They are connecting and working securely
  • Blog
    • News & Product Posts
      • Latest Posts
      • Products & Services
      • Customer Focus
      • Feature Spotlight
    • Cybersecurity Posts
      • Security
      • Threats
      • Cybersecurity Threat Spotlight
      • Research
    •  
    • Register for a webinar - with illustration of connecting securely to the cloud
  • Contact Us
  • Umbrella Login
  • Cloudlock Login
  • Free Trial
Security

Four standout trends at the Gartner Security and Risk Management Summit

Author avatar of Umbrella TeamUmbrella Team
Updated — March 5, 2020 • 3 minute read
View blog >

blog-gartner-security-summitLast week Gartner held its annual Security and Risk Management Summit outside of Washington, DC. The event draws hundreds of CIOs, CISOs, and decision-makers in IT and security from organizations all over the world. The conference schedule was aggressive, covering a broad range of important and controversial topics in security and risk management. We attended both high-level and prescriptive “how-to” sessions, and saw four important themes emerge. Here’s a closer look our top takeaways from the event:
1. There’s no such thing as a perfect security solution.
In almost every session we attended, Gartner analysts were sure to make one thing clear: There’s no magic bullet for fighting off threats. If a business purchases every security solution on the market, it’s still no guarantee that its data will be protected from APTs or hackers. While this concept alone isn’t new to IT, Gartner’s suggestion for how to respond to it was enlightening.
Instead of working to check off boxes on a list of security layers (firewall, secure web gateway, antivirus, etc.), or rushing out to buy the latest and greatest solution, IT and security teams would be more effective if they focused more on understanding business objectives and introducing stakeholders to the risk continuum. Raising key decision makers’ awareness of the chance of a security event, and the impact it could have on those business objectives, is an essential step toward getting a budget for a new security solution.
2. Legacy security vendors and enterprises alike are looking to startups to fill the innovation gap.
We’ve talked often on this blog about how legacy security vendors are struggling to keep pace with today’s technological changes. During his keynote on Tuesday, Symantec CEO Steve Bennett explained that the future innovation path of the security giant is dependent on partnerships and integrations. When pressed further, he was candid, saying, “We bought growth. We never asked our engineers to be innovators.”
So who will innovate? During a panel discussion later that day, leaders of security start-ups like Bromium and CrowdStrike shared insight on why startups are more equipped to serve the current and future needs of the market. Put simply, these agile young companies aren’t held back by history. There’s no innovator’s dilemma keeping them from building and adapting products to solve new problems. And the analysts are now hearing more enterprises ask which companies beyond the old guard they should be evaluating.
3. Securing BYOD is really hard, and no one has all the answers.
Putting an effective security strategy in place for corporate-owned mobile devices is hard enough, so attempting to apply universal policies to employee-owned devices can seem downright impossible. Acknowledging that it’s an uphill battle, Gartner Analyst John Girard suggests scoping the initial mobile device policy first from the perspective of what’s possible for BYOD, and concentrating policy around the platform that the majority of users choose today (for many organizations this is iOS).
Analysts suggest that using application control and MDM will become increasingly effective for securing devices owned by the business. Securing employee-owned devices, on the other hand, requires a solid investment in educating and partnering with end users. And of course, making trades. Analysts also suggest educating users on the broad impact of lost data or productivity, and shaping security in the context of employee rights and responsibilities.
4. Whether threats are advanced and persistent, or just annoying, we need to adjust the way we secure against them.
Many are guilty of broadly describing cyber attacks as Advanced Persistent Threats, when perhaps we more accurately mean to say malware distribution networks or botnet infections. So it was great to see several of the presenters at the summit exploring a deeper analysis of the much-hyped phrase. Dave Monnier, Security Evangelist at Team Cymru, suggested we shift from focusing on the idea that these attacks are advanced (they’re not, he says) and start focusing on their persistence. He explained, “You can put in multiple layers of prevention technologies, but you need to spend more time on detection and mitigation. No matter how tall a wall you build, something will eventually scale it.”
Gartner Analyst Lawrence Orans expanded the conversation, suggesting that as a security community we’ve got to do better than complacently expecting traditional security solutions to universally protect against threats. The issue isn’t the evolution of the threat itself, it’s where the threat makes an attack – opportunistically leveraging our once-clean device supply chain, and our massive cloud networks. Orans suggested we’d be well served to prioritize securing mobile devices that leave the secure corporate environment and heighten security for cloud networks.
What are your thoughts on security at large, legacy security vendors vs. startups, BYOD, and advanced persistent threats? Leave them in the comments or share with us at @getumbrella on Twitter.

Suggested Blogs

  • Cisco Umbrella Delivered Better Cybersecurity and 231% ROI February 21, 2023 2 minute read
  • Cisco Listed as a Representative Vendor in Gartner® Market Guide for Single-Vendor SASE January 26, 2023 3 minute read
  • How to Evaluate SSE Vendors: Questions to Ask, Pitfalls to Avoid June 23, 2022 5 minute read

Share this blog

FacebookTweetLinkedIn

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2023 Cisco Umbrella