Posts tagged ‘cybersecurity’

Dec 30

AI Security market 2025 funding data, top startups, and the ServiceNow factor

ServiceNow dropped $11.6 billion on security acquisitions in 2025 alone. Armis for $7.75 billion. Moveworks for $2.85 billion. Veza for roughly $1 billion. In 2025, just one company, ServiceNow, spent more on acquiring security startups than 175 startups raised in two years. Meanwhile, the entire AI security startup ecosystem raised $8.5 billion across 175 companies over 24 months. That single data point should reshape how security leaders think about vendor consolidation and how AI builders think about their exit paths.

I analyzed Crunchbase data covering every AI security startup that raised Series A, B, or C funding between January 2024 and December 2025. The patterns are striking.

The acceleration is real

Q1 2024: $274 million across 8 deals. Q4 2025: $2.17 billion across 28 deals. That’s 8x growth in quarterly funding over two years.

The full-year numbers tell the story more clearly. 2024 saw $2.16 billion in total funding. 2025 hit $6.34 billion, nearly tripling. Average deal sizes jumped from $34 million to $54 million. This isn’t a gentle upward trend. The market is restructuring in real time.

Where the money flows

Network and Zero Trust infrastructure captured $1.9 billion across 44 companies. Tailscale‘s $161 million Series C reflects what enterprises already know. VPN architectures are dying. Identity-based access is replacing them.

Threat Detection and SOC automation drew $1.2 billion across 28 companies. 7AI‘s $130 million Series A stands out as one of the largest A funding rounds in this category. The bet: AI agents can handle the full security operations lifecycle at a scale human analysts cannot match.

Identity and Access Management pulled $990 million. But here’s what matters: that money went to just 6 companies. Saviynt‘s $700 million Series B dominates the category. When one company captures 71% of a category’s funding at Series B, investors see platform consolidation ahead. ServiceNow’s Veza acquisition, three weeks later, validated that thesis.

Insights into deal sizes

Median tells a different story from average deal sizes. Series A median: $20 million. Series A average: $28 million. The gap widens at later stages. Series C median: $85 million. Series C average: $119 million.

Translation: mega-deals skew the data significantly. Eighteen companies raised $100 million or more. Those 18 deals represent 10% of companies but 40% of total funding. For every Saviynt raising $700 million, dozens of startups are raising $15-25 million Series A rounds.

The AI/LLM security gap

Only 13 companies focus specifically on securing AI systems, LLMs, and agentic applications. Total funding: $414 million. That’s less than 5% of the $8.5 billion total. For context: ServiceNow paid more for Veza alone than the entire AI/LLM security category raised in two years.

The players building in this space:

• Noma Security ($100M, Series B). Unified AI and agent security platform.

• Credo AI ($21M, Series B). AI governance and compliance automation.

• Lakera ($20M, Series A). Real-time GenAI security against LLM vulnerabilities.

• Prompt Security ($18M, Series A). Enterprise generative AI adoption platform.

• GetReal Security ($17.5M, Series A). Deepfake and AI-generated impersonation defense.

• Jericho Security ($15M, Series A). Training against generative AI-powered attacks.

Enterprises are deploying AI systems at unprecedented rates. Shadow AI breaches cost $4.63 million per incident. That’s $670,000 more than standard breaches, according to IBM’s 2025 Cost of a Data Breach Report. Model Context Protocol vulnerabilities. Prompt injection attacks. Data exfiltration through AI assistants. The attack surface expands while protection lags.

Either these 13 companies scale rapidly, established players acquire their way into the space, or CISOs face a protection gap without commercial solutions.

How spending breaks out geographically

The U.S. captured $6.1 billion across 119 companies. That’s 71% of total funding. Israel remains the second hub: 15 companies, $738 million. Germany, the UK, and Canada trail with single-digit percentages.

Within the U.S., California dominates: $2.7 billion across 62 companies. That’s more than all non-U.S. markets combined ($2.4 billion). Texas ($865M), New York ($667M), and Colorado ($295M) round out the top states.

The concentration creates vendor risk. Regulatory fragmentation between the U.S. and EU markets. Geopolitical tensions affecting Israeli companies. Single-region dependency in security infrastructure. These are fundamental considerations for enterprise security architects.

ServiceNow’s acquisitions signal large-scale consolidation

ServiceNow’s 2025 acquisition spree warrants its own analysis. Armis brings cyber-physical security and OT/IoT visibility. Moveworks adds agentic AI capabilities. Veza delivers identity security for the AI era. The company calls it an “AI control tower.” A unified security stack that sees, decides, and acts across the entire technology footprint.

The driver: ServiceNow’s Security and Risk business crossed $1 billion in annual contract value in Q3 2025. They expect Armis alone to triple their market opportunity. When a platform vendor invests $11.6 billion in its own security workflows, point solutions become acquisition targets or competitors.

What this means for 2026

For security leaders: Map your vendor portfolio against both funding momentum and M&A activity. Startups with strong backing will survive consolidation. Others won’t. Audit your AI deployment pipeline against available protections. The gap between AI adoption and AI security is widening. Accelerate zero-trust adoption while solutions mature.

For AI builders: Security isn’t a feature to add later. The $414 million flowing into AI/LLM security represents smart money recognizing that unprotected AI systems are enterprise liabilities. Build with guardrails or build vulnerabilities.

Analysis based on Crunchbase data covering 175 AI security startups that raised Series A, B, or C funding between January 2024 and December 2025. ServiceNow acquisition data from the company’s press releases dated December 2025.

Nov 26

15 fastest-growing security categories in Gartner’s 3Q25 Information Security Forecast

Cloud Security Posture Management is growing at a 31.23% CAGR. Zero Trust Network Access at 23.25%. Threat Intelligence at 22.17%. The overall security market? Just 10.55%. Fifteen categories are outpacing the market by two to three times, collectively capturing $106 billion in new spending by 2029. Enterprise security budgets aren’t just expanding. They’re being redirected.

And the driver? Brutally simple.

Gartner estimates 99% of cloud security failures through 2025 will be the customer’s fault, primarily due to misconfigurations. Organizations are responding by investing aggressively in technologies that automate what humans simply can’t manage manually across hundreds of cloud accounts, thousands of APIs, and millions of potential attack vectors.

What these growth rates say about Gartner’s view of the market

These fifteen categories represent $106.4 billion in new spending by 2029, growing from today’s baseline. What do they have in common? Three characteristics that explain why enterprises are pouring money into them:

Automation at Scale. Every high-growth category automates processes that break when done manually, whether it’s scanning cloud configurations, managing consent across jurisdictions, or detecting behavioral anomalies in network traffic. There’s no other way to keep pace.
Proactive vs. Reactive. These technologies prevent problems rather than clean up after them. CSPM catches misconfigurations before breaches. ZTNA eliminates the attack surface that VPNs create. Tokenization protects data even if systems are compromised. Security teams are finally getting ahead of the threat curve instead of playing catch-up.
Measurable ROI. IBM’s 2025 Cost of a Data Breach Report shows organizations using AI and automation extensively save $1.9 million per breach and reduce breach lifecycle by 80 days. With U.S. breach costs hitting $10.22 million, these investments pay for themselves with a single prevented incident.

The 15 categories reshaping security architecture

1. Cloud Security Posture Management (CSPM) | 31.23% CAGR | $2.5B → $13.0B

CSPM tools continuously scan infrastructure across AWS, Azure, and Google Cloud. With 82% of misconfigurations caused by human error and organizations managing 100+ cloud accounts, CSPM automates what’s mathematically impossible to do manually. The market will reach $15.6 billion by 2032.

2. Cloud Access Security Brokers (CASB) | 25.82% CAGR | $1.5B → $5.8B

Here’s a reality check. Enterprises average 112 SaaS applications, but shadow IT, or unauthorized apps, accounts for 42% of all applications. IT remains unaware of one-third of the apps on its networks. The damage? 65% of shadow IT companies suffer data loss, and 52% experience breaches. CASBs transform this chaos into visibility and control.

3. Zero Trust Network Access (ZTNA) | 23.25% CAGR | $1.6B → $5.6B

ZTNA kills the VPN model. Instead of network access, it provides application-specific connections verified for every request. Gartner predicts 70% of new remote access deployments will use ZTNA by 2025. With 65% of companies planning to replace VPNs, this shift represents a wholesale rethinking of secure access. The perimeter-based model is dying. Good riddance.

4. Cloud Workload Protection Platforms (CWPP) | 22.78% CAGR | $3.9B → $13.5B

CWPP platforms secure everything from traditional VMs to containers that exist for milliseconds. Legacy endpoint security can’t protect ephemeral containers or serverless functions—it wasn’t designed for workloads that appear and disappear in seconds. The shift to microservices demands purpose-built security.

5. Consent and Preference Management | 22.39% CAGR | $0.5B → $1.7B

GDPR fines reached €5.88 billion by January 2025, according to the DLA Piper GDPR Fines and Data Breach Survey. California’s CCPA penalties continue climbing; the California Privacy Protection Agency fined Todd Snyder $345,178 for inadequate opt-out and privacy request processes. Manual handling can’t meet regulatory deadlines. Automation prevents massive fines.

6. Threat Intelligence | 22.17% CAGR | $1.8B → $5.8B

IBM data shows threat intelligence reduces detection and escalation costs by $1.63 million while cutting incidents by 30%. Modern platforms aggregate data about bad actors and vulnerabilities, transforming raw threat data into automated responses across security stacks. The days of threat feeds sitting in dashboards, unused, are over.

7. Subject Rights Request Automation | 16.53% CAGR | $0.8B → $2.1B

When users demand “delete my data,” these platforms automate the process across all systems. Manual handling doesn’t scale, not when you’re managing requests across multiple jurisdictions with different requirements and tight deadlines.

8. Tokenization | 14.26% CAGR | $1.0B → $2.2B

Tokenization replaces sensitive data with meaningless tokens that can’t be mathematically reversed. Why the urgency now? NIST standardized quantum-resistant algorithms, including ML-KEM (formerly CRYSTALS-Kyber), in August 2024. Organizations are preparing for quantum threats expected within five to ten years.

9. Network Detection and Response (NDR) | 14.05% CAGR | $1.6B → $3.5B

NDR platforms use AI to establish behavioral baselines and detect anomalies signaling compromise. Here’s the mindset shift: rather than hoping to prevent all attacks, innovative organizations invest in rapid detection that minimizes damage when sophisticated attackers inevitably get through. Prevention isn’t enough anymore.

10. Vulnerability Assessment | 13.98% CAGR | $2.6B → $5.7B

Cloud infrastructure changes constantly. Quarterly scans are obsolete before they finish. Modern platforms provide continuous scanning in CI/CD pipelines, prioritizing based on real-world exploit data. DevOps teams deploying daily need vulnerability detection that keeps pace. Anything less is theater.

11. Endpoint Protection Platform (EPP) | 13.61% CAGR | $13.5B → $29.1B

The largest category doubles to $29.1 billion as ransomware attacks surge. According to Cyble analysis cited by TechTarget, U.S. ransomware attacks increased by 149% year-over-year in the first five weeks of 2025. Manufacturing led targets with 638 attacks in 2023, per Statista data compiled by Fortinet. Next-gen EPP uses behavioral analytics to stop ransomware before encryption begins—catching what traditional antivirus misses.

12. Secure Web Gateway (SWG) | 13.26% CAGR | $3.3B → $7.0B

Malicious sites appear and disappear in hours. Cloud-delivered SWGs update threat intelligence in real-time, protecting remote workers wherever they connect. Integration with ZTNA creates comprehensive security that follows users across devices and locations. The old perimeter? It no longer exists.

13. Web Application Firewalls (WAF) | 11.93% CAGR | $2.0B → $3.8B

Organizations expose hundreds of APIs, each a potential attack vector. Traditional network firewalls can’t inspect application-layer attacks. Modern WAFs use machine learning to distinguish legitimate users from attackers without blocking customers. Getting that balance right is harder than it sounds.

14. Encryption | 11.90% CAGR | $1.0B → $2.0B

NIST’s standardization of quantum-resistant algorithms signals urgency. Attackers already practice “harvest now, decrypt later”—collecting encrypted data for future quantum decryption. Organizations must transition to post-quantum cryptography now, as full integration takes years. This isn’t theoretical risk anymore.

15. Security Information and Event Management (SIEM) | 11.74% CAGR | $5.8B → $11.3B

AI transforms SIEM from reactive to proactive. Organizations using AI-powered automation save $1.9 million per breach, according to IBM’s newsroom. Machine learning models identify attack patterns and detect zero-day threats before signatures exist, turning security operations into a competitive advantage.

The Investment Thesis behind the numbers

These growth rates reflect three converging realities:

Cloud Complexity Is Exponential. With 79% of organizations using multiple cloud providers and managing hundreds of accounts, manual security is mathematically impossible. The 31.23% CAGR for CSPM isn’t optimism, it’s survival.
AI Changes Everything. Shadow AI breaches cost $4.63 million, $670,000 more than standard incidents. But AI also powers the defense, with automated security tools reducing breach lifecycles by 80 days. The same technology that creates vulnerabilities offers the best defense.
Compliance Costs Are Skyrocketing. Between GDPR, CCPA, and emerging regulations, manual compliance is a liability that grows daily. Automation platforms turn regulatory requirements into competitive advantages.

The Bottom Line

The organizations winning this race aren’t those with the most significant security budgets; they’re those investing in the right categories at the right time. These fifteen segments aren’t just growing fast; they’re defining what modern security architecture looks like.

The message from Gartner’s data is unambiguous: security spending is shifting from reactive to proactive, from manual to automated, from perimeter-based to zero-trust. Organizations still relying on legacy approaches aren’t just falling behind; they’re accepting risks that the market has already priced as unacceptable.

Source: Gartner Information Security Forecast 3Q25 Update (Document G00839334), showing overall market growth from $215.8B (2025) to $322.2B (2029) at 10.55% CAGR

Nov 10

Top 10 Identity Security Insights from Forrester’s 2025 Security & Risk Summit

Bottom line: Identity security stands at an unprecedented crossroads, with machine identities creating greater complexity and potential chaos every security professional needs to plan for.

At Forrester’s 2025 Security & Risk Summit, Merritt Maxim, VP and Research Director at Forrester, delivered critical insights highlighting the escalating threats shaping identity security’s evolution. CISOs and security leaders find themselves navigating surging threats driven by generative AI, the rapid proliferation of non-human identities, and outdated IAM infrastructures originally designed solely for compliance. Maxim emphasized a pressing urgency: identity strategies must adapt or risk catastrophic breaches and compliance failures.

Here’s a detailed breakdown of the top 10 insights from Forrester’s Summit, including the specific slides from Maxim’s presentation and deeper insights from Forrester’s latest data:

1. Identity Security Budgets Accelerate Toward $27.5B by 2029

IAM investment is growing explosively, set to nearly double from $13.4 billion in 2024 to $27.5 billion by 2029, driven by the escalating complexity and severity of identity-related threats such as AI-driven deepfakes, sophisticated supply-chain attacks, and rampant cloud misconfigurations. This positions IAM as cybersecurity’s third fastest-growing segment, underscoring identity security as a business-critical imperative.

2. Hybrid IAM Still Dominates—77% Keep On-Premise Components

Despite the relentless push to the cloud, 77% of organizations continue relying on hybrid IAM deployments due to legacy infrastructure and regulatory constraints. Fully cloud-based identity management remains a distant reality, with only 9% fully transitioned. Maxim stressed hybrid IAM’s persistence, highlighting the necessity for seamless integration capabilities between on-premises systems and cloud IAM platforms.

3. Third-party Risk Matches Compliance as a Top IAM Driver

Forrester revealed a pivotal shift: managing third-party identities (32%) is now equally critical as regulatory compliance (32%) in driving IAM investments. High-profile breaches at Okta and CyberArk underscore vulnerabilities introduced by third-party identities, necessitating robust governance models that go beyond basic compliance checklists.

4. Static Entitlements Are Obsolete; Zero Standing Privilege Is Now Mandatory

The static entitlement model—assigning privileges during onboarding—is officially outdated. Forrester highlighted Zero Standing Privilege (ZSP) architectures as the definitive new standard, utilizing the Continuous Access Evaluation Protocol (CAEP) to dynamically assign permissions at runtime. This strategy mitigates rampant privilege sprawl, dramatically reducing attack surfaces.

5. Identity Management Converges Across Security, Marketing, and CX

Enterprises are rapidly integrating fragmented identity management systems across marketing, customer experience (CX), fraud prevention, and security. Maxim emphasized that businesses consolidating these functions significantly improve detection speed, minimize breaches, and enhance end-user experience. Leveraging customer preference and security data together is becoming a strategic advantage.

6. Vendor Consolidation Radically Reshapes IAM Markets

IAM vendor consolidation accelerated significantly, highlighted by major moves such as Palo Alto Networks acquiring CyberArk, Ping Identity merging with ForgeRock, and CrowdStrike purchasing Adaptive Shield. Enterprises increasingly demand integrated identity platforms combining PAM, IGA, and Identity Threat Detection & Response (ITDR), driving these high-profile acquisitions.

7. Generative AI Exacerbates Identity Threats but Offers Transformational Defenses

Generative AI escalates identity threats dramatically through enhanced phishing and sophisticated deepfake impersonations. Conversely, GenAI’s defensive capabilities are equally transformative, enabling automated identity threat detection, rapid response, and real-time entitlement adjustments. Maxim described these dual dynamics as essential to future IAM strategies.

8. Machine Identities Are a Critical Emerging Attack Vector

The explosive growth in non-human identities (IoT, APIs, AI agents) vastly expands attack surfaces. Enterprises urgently need automated platforms from vendors like CyberArk, Venafi, and HashiCorp to manage this surge. Forrester highlighted machine identities as a rapidly intensifying risk requiring immediate attention and robust governance.

9. Phishing-Resistant MFA Is Dangerously Under-Deployed

Alarmingly, only 21% of companies deploy phishing-resistant MFA after breaches, despite the increasing sophistication of MFA-bypass attacks. Forrester insists enterprises must urgently adopt solutions like FIDO2 and WebAuthn. Maxim warned that neglecting these standards leaves companies dangerously exposed to credential-based compromises.

10. Context-Aware IAM Becomes a Real-time Security Necessity

Static IAM fails against machine-speed threats. Context-aware IAM, powered by dynamic authorization, continuously assesses real-time user behavior, device posture, and threat intel. Forrester identifies this adaptive approach as critical, turning identity from a passive gatekeeper to a proactive defender, which is essential for stopping attacks before damage occurs

Bottom Line: Adaptive identity security defines enterprise survival

Identity security has become synonymous with enterprise survival. Merritt Maxim’s compelling insights from Forrester’s 2025 Security & Risk Summit underscore a new identity imperative: convergence, consolidation, and context must drive strategic identity transformations. Following Forrester’s lead, enterprises must prioritize investment in dynamic Zero Standing Privilege architectures, integrated identity platforms, generative AI-enabled threat response, robust machine identity management, and phishing-resistant MFA immediately. The future of enterprise resilience hinges directly on evolving identity security today.

Nov 3

Top 10 insights from Forrester’s 2026 Cybersecurity Budget Report

“With volatility now the norm, security and risk leaders need practical guidance on managing existing spending and new budgetary necessities,” states Forrester’s 2026 Budget Planning Guide.

The research firm’s planning guide for next year provides security leaders with new insights into how their clients are allocating budgets, which gives a helpful overview of the next 12 months of cybersecurity spending.

Implicit in the guide is the need for new technologies that enable organizations to be more adaptive to threats and take action on them before they become breaches. There’s also a strong focus on getting a head start on new technologies, anticipating the severity of threats new developments in AI, generative AI (genAI), deepfakes, and all other forms of weaponized technologies can pose to an organization.

Software is a solid 40% of cybersecurity spending, exceeding hardware at 15.8%, outsourcing at 15% and surpassing personnel costs at 29% by 11 percentage points. Meanwhile, security leaders face escalating threats, with generative AI attacks executing in milliseconds, a stark contrast to the average Mean Time to Identify (MTTI) of 181 days, according to IBM’s latest Cost of a Data Breach Report.

A fast-changing threatscape is changing spending priorities

Three converging threats are flipping cybersecurity on its head. What once protected organizations is now working against them. Generative AI (gen AI) is enabling attackers to craft 10,000 personalized phishing emails per minute using scraped LinkedIn profiles and corporate communications. NIST’s 2030 quantum deadline threatens retroactive decryption of $425 billion in currently protected data. Deepfake fraud that surged 3,000% in 2024 now bypasses biometric authentication in 97% of attempts, forcing security leaders to reimagine defensive architectures fundamentally.

Top ten insights from Forrester’s 2026 cybersecurity budget benchmarks

1. Software now claims 40% of cybersecurity budgets, surpassing personnel spend. Forrester’s budget planning guide reports that software now accounts for approximately 40.2% of cybersecurity spending, eclipsing combined hardware and outsourcing budgets. It’s noteworthy that software spending is surpassing personnel costs by 11 percentage points.

Top 10 insights from Forrester’s 2026 Cybersecurity Budget Report — Source: Forrester Budget Planning Guide 2026: Security and Risk

2. Security budgets are accelerating, with 55% of global security and tech leaders forecasting significant increases next year. A robust 15% anticipate their budgets jumping more than 10%, and another 40% project hikes between 5% and 10%. Regional outlooks vary sharply: APAC is most bullish, with 22% expecting double-digit growth, compared to a cautious 9% in North America and just 12% in EMEA. However, nearly half (45%) remain reserved; 30% predict minimal budget bumps of 1%–4% or barely keeping pace with inflation, while another 10% expectSource: Forrester Budget Planning Guide 2026: Security and Risk no change, and 5% foresee cuts.

3. Cloud security, on-prem tech, and security awareness training are set to lead cybersecurity spending in 2026. Decision-makers are doubling down on cloud security, with 12% boosting budgets in this area by 10% or more, 11% doing the same for new on-premises solutions, and another 10% ramping up security awareness programs. Notably, investments in on-premises security technology appear twice among the top priorities, as 36% plan at least a 5% increase for both new deployments and upgrades to existing infrastructure. The numbers reflect an uneven global adoption of cloud strategies, driven by persistent concerns around cost, security, and data sovereignty. APAC is exceptionally bullish. 78% of companies there plan increased spending on new on-prem security, outpacing EMEA by 10% and North America by 8%.

4. Forrester recommends that security leaders broaden AI and ML security throughout the enterprise in 2026 as generative AI moves from standalone apps to essential business systems. Productivity suites, CRM platforms, and service tools now embed genAI natively, transforming workflows and widening potential attack surfaces. Enterprises urgently need comprehensive protection across AI models, data, applications, and user identities to counter risks such as model vulnerabilities, data leakage, and prompt jailbreaking. Hyperscalers like Google Cloud and Microsoft are responding quickly, while cybersecurity incumbents, notably Palo Alto Networks with its Protect AI acquisition, actively expand their footprint. Meanwhile, innovative startups, including Knostic and CalypsoAI, both featured at RSA’s Innovation Sandbox, target niche but critical genAI security gaps. Enterprises investing strategically now will securely scale genAI deployments and establish a clear competitive advantage.

5. Standalone SSE spending will sharply decline in 2026 as enterprises shift to unified SASE platforms, streamlining security operations and accelerating Zero Trust initiatives. Initially positioned to fill security gaps left by SD-WAN deployments and the surge in remote work, standalone SSE and isolated ZTNA solutions have now reached their functional limits. Leading companies increasingly adopt integrated platforms like Cato Networks’ cloud-native SASE, which consolidates SD-WAN, ZTNA, SWG, CASB, and firewall capabilities within a single, unified framework. As I’ve noted in VentureBeat, CISOs who pivot to unified SASE platforms benefit from simpler integration, superior AI-driven threat detection, and significant operational efficiencies that isolated solutions cannot deliver. Organizations proactively embracing integrated SASE from providers like Cato Networks will immediately enhance security resilience, improve operational agility, and significantly reduce vendor complexity.

6. Forrester predicts that by 2026, security leaders will seize a critical advantage by accelerating the adoption of post-quantum cryptography (PQC). With NIST’s landmark release of three core PQC standards in August 2024, organizations now have clear guidance to protect their data and applications against emerging quantum threats. Most governments align with NIST timelines, targeting legacy encryption deprecation by 2030, while Australia’s ASD urges adoption of approved PQC algorithms even sooner. Enterprises should immediately focus efforts on securing their most sensitive asymmetric cryptography, covering data at rest, data in transit, and data actively used within applications. Comprehensive cryptographic discovery and inventory tools provide the visibility required to assess readiness. Strategic partnerships with cryptoagility innovators, including Entrust, IBM, Keyfactor, Palo Alto Networks, QuSecure, SandboxAQ, and Thales, enable organizations to define a clear, secure migration path. Organizations acting decisively now will confidently navigate the quantum transition and fortify their competitive edge.

7. Machine identity management will become essential by 2026 as automated identities multiply rapidly across the IT infrastructure. Apps, AI agents, IoT devices, containers, cloud environments, and infrastructure scripts now generate identities faster than humans can manually track or manage. Enterprises urgently require solutions capable of managing these identities throughout their lifecycle, automating key rotations, and enforcing role-based access. Leading vendors, including Akeyless, BeyondTrust, CyberArk, Delinea, HashiCorp, Keyfactor, AppViewX, and emerging startups like Aembit, Astrix, Clutch, Entro, and Oasis Security, offer robust platforms to meet this challenge.

8. There will be a significant reallocation away from standalone interactive application security testing (IAST) in 2026, as operational hurdles continue to limit adoption. Originally designed to blend the runtime accuracy of dynamic application security testing (DAST) with static application security testing’s (SAST) code-level insights, standalone IAST has proven overly complex. Forrester recommends shifting budgets toward integrated IAST and DAST platforms, such as those from Invicti and HCLSoftware, that simplify deployment. Alternatively, APIs, microservices, and containers provide more transparent and consistent returns.

9. Consolidation of endpoint security and SIEM tools will accelerate in 2026. As extended detection and response (XDR) platforms gain momentum, security leaders have a clear opportunity to reduce agent sprawl, improve analyst efficiency, and lower the total cost of ownership. Vendors, including Microsoft, CrowdStrike, and Palo Alto Networks, now embed critical SIEM functions such as detection, correlation, third-party data ingestion (particularly from cloud, identity, and email), and response directly within their XDR offerings. While these integrated solutions currently don’t fully match standalone security analytics platforms, they deliver compelling advantages: simplified deployments, centralized threat context, and measurable operational savings. Organizations consolidating around unified XDR solutions today will streamline security operations and achieve faster, higher-quality threat detection.

10. By 2026, rapidly evolving generative AI will make deepfakes virtually indistinguishable from authentic media, rendering simplistic identity checks obsolete. Enterprises must proactively deploy sophisticated detection platforms using advanced ensemble modeling—spectral analysis, image artifacts, skin tone consistency, lighting anomalies, audio echo patterns, and device reputation, to ensure trusted employee verification and transaction authentication. Vendors such as GetReal Security, Sensity, and Reality Defender already offer real-time risk scoring, transparent reasoning, and integrated case management. Early adopters will safeguard identity security, sustain customer trust, and remain resilient against future deepfake threats.

Oct 29

Gartner: 60% of CISOs are piloting GenAI, but only 20% see results

Made with Imagen

The global threatscape is becoming dominated by all forms of weaponized LLMs, AI, and conversational agents, all aimed at launching lethal attacks that cripple companies and entire supply chains in minutes.

Nation‑state actors and organized eCrime groups now use artificial intelligence, including generative AI (GenAI), to automate reconnaissance, weaponize access, and strike faster than most defenses can respond. To keep pace, enterprises and the CISOs leading them are turning to GenAI as a defensive multiplier.

CISOs are remaining optimistic

Gartner’s latest research quantifies that adoption is accelerating, but measurable results remain elusive. Approximately 60 % of organizations are piloting or planning GenAI cybersecurity initiatives. Only 20% of security leaders say these programs have delivered beneficial outcomes so far. These figures are from the research firm’s recent research note, What GenAI Use Cases Are Organizations Pursuing Within Cybersecurity? published earlier this month. Forrester predicts that the first agentic AI breach will happen in 2026.

Yet, despite early hurdles, cybersecurity leaders remain optimistic. Nearly every CISO I’ve spoken with sees GenAI as pivotal for transforming threat detection, proactive hunting, rapid incident response, and extracting actionable insights from terabytes of telemetry data streaming from endpoints and events. They recognize GenAI as crucial to decoding adversary tradecraft, particularly as identity-based threats and weaponized machine-learning attacks accelerate, reshaping the global threatscape in real time.

Key takeaways

Code Analysis leads the pack. GenAI‑assisted code analysis is the most mature use case: 22% of enterprises use it today, and another 30% are piloting it. It addresses a persistent gap, as 69% of software‑engineering leaders cite insecure code remediation as a critical skills bottleneck.
GenAI shows potential in helping SOC teams spot vulnerabilities faster. Currently, 21% of organizations actively leverage GenAI to enhance vulnerability detection and remediation, with another 26% piloting these capabilities. Adoption is driven by GenAI’s ability to automate vulnerability identification and prioritize remediation workflows, addressing longstanding security bottlenecks and resource constraints. Despite intense interest, widespread implementation remains challenged by integration complexity and skepticism about AI-generated accuracy, emphasizing the need for incremental deployment aligned with existing cybersecurity metrics.
CISOs Shift from Ambition to Execution Gartner finds that the leaders gaining traction are those adopting “bite‑sized” implementations or use cases that fit into current processes, deliver quantifiable ROI, and build trust among analysts and engineers.

CISOs are dealing with a threatscape moving at machine speed

Given how lethal machine-driven attacks are becoming, exacerbated by the growing sophistication of weaponized AI, going on the offensive with GenAI is a choice more CISOs are considering.

Nearly every cybersecurity team wants to have a Gen AI pilot either complete or in process to see how it integrates with their planned arsenal for 2026. Most CISOs want some form of AI in their arsenals going into the new year, as many expect the intensity, ingenuity, and lethal impact of automated attacks will reach new levels next year. One told me confidentially she fully expects machine-on-machine breach attempts to grow six times over in 2026 as her financial services firm handles highly speculative assets, including cryptocurrency ETFs and investment products.
Breakout speed hits critical mass. CrowdStrike’s 2025 Global Threat Report reveals the alarming acceleration of attacks: the fastest observed eCrime intrusion took just 51 seconds to escalate from initial access to lateral movement, virtually eliminating defenders’ window to respond.
Living-off-the-Land tactics dominate and often evade legacy cyberdefense systems: Malware-free intrusions surged significantly, now comprising 81% of interactive attacks in 2025. This trend is corroborated by findings from Mandiant and IBM X-Force, indicating adversaries are bypassing traditional signature-based controls by exploiting legitimate tools native to the enterprise environment.
Nation-state activity reaching new record levels as weaponized tradecraft gains stealth and sophistication: CrowdStrike, Mandiant have documented triple-digit increases in operations linked to China, Iran, and North Korea. These attacks predominantly target telecommunications and critical infrastructure, reflecting geopolitical tensions and nation-states’ strategic prioritization of cyber-espionage.
Global threat consensus is clear and compelling: ENISA’s Threat Landscape 2025 report aligns precisely with intelligence from CrowdStrike, Mandiant, and IBM X-Force, verifying that nation-state actors now leverage AI-driven automation to execute attacks faster than enterprises can detect, let alone defend.

CrowdStrike Founder and CEO George Kurtz underscored the urgency clearly in a recent CNBC interview on October 23rd, stating, “Well, this is something that we’ve really been focused on for the last number of years is being able to protect agentic AI. And if you think about agentic AI, it has the capabilities to interact with data. It has the capabilities to interact with Compute. It has identities, non-human identities, but it operates at superhuman speed. So all of the challenges that we’ve seen over the many years of humans getting themselves into trouble is only going to be exasperated by agentic AI, and we need security like CrowdStrike is delivering to protect it”.

Practical guidance from CISOs adding GenAI to their arsenals

Gartner’s latest research, combined with interviews and discussions with CISOs, security leaders, and SOC leaders who are piloting and in some cases using GenAI-based platforms today, offers this advice:

Go deep on integration on pilots to see how strong the GenAI solution is as a contributor to your security tech stack: CISOs and SOC leaders tell me that this is the most reliable test of whether a GenAI platform or app will make the cut and get to production on their tech stack. Solid APIs that have been battle-tested by vendors who have a strong API management history have the inside track.
Outcome-driven use cases are a must-have:At its core, cybersecurity is a business decision. And in a digital-first world, protecting your brand is essential. Any Gen AI pilot needs to contribute to a use case that makes a solid contribution to solidifying a business’s ability to compete.
Start with time-tested, established metrics: Getting to a level of trust in GenAI is core to seeing if it is ready to progress from pilot into production. Evaluating GenAI effectiveness using established KPIs, including mean time to detect (MTTD) and mean time to respond (MTTR), at table stakes. CISOs and others running pilots caution about creating entirely new metrics just for GenAI. It obfuscates the total business impact of the technology.
Parallel human trust and governance: Gartner emphasizes investing in employee enablement and robust governance frameworks like NIST’s AI Risk Management Framework to foster confidence in GenAI adoption. Human oversight remains a vital layer of control. Human-in-the-middle is essential for any workflow.

Bottom Line

Nation-state adversaries measure their innovation in how lethal their attacks are, how stealth their tradecraft is, and how easily they can evade legacy security techniques. It’s a full cyberwar just a few steps away from a full-on kinetic war. Research from CrowdStrike, IBM, Mandiant, and many other companies shows machine-to-machine attacks orchestrated with Gen AI are accelerating, so much so that Forrester predicts an imminent AI breach next year. GenAI’s ability to identify new threats and stop them makes the technology work a look.

Aug 25

Top Ten Insights from Forrester’s 2024 Cybersecurity Budget Benchmarks

CISOs are being asked to do a lot more with less as their businesses are going all-in on new digital businesses that demand identity-based security while keeping budgets tight for securing infrastructure against attacks.

Cybersecurity budgets are, on average, just 5.7% of IT annual spending. That’s tight for many security teams. CISOs are rising to the challenge, however, and delivering revenue gains by protecting new digital businesses while keeping infrastructure safe. Achieving that is a quick way for CISOs to advance their careers.

Cybersecurity needs funding to match its business growth potential

The good news is that more CEOs and boards see cybersecurity as a business enabler. The challenge for CISOs, however, is that cybersecurity still gets funded purely for its defensive value – not its upside potential to drive growth.

Many security teams struggle to make ends meet in their budgets while still staying responsive to internal teams’ needs. Forrester’s 2024 Cybersecurity Benchmarks Global Report shows just how tight budgets can get for a CISO and their team. Project-related work and incident management are a constant balancing act for security teams, and keeping them both in check is key to staying under budget.

Top Ten Insights

Cybersecurity budgets are on the low side compared to the growing complexity of threats and risks organizations face.

That’s forcing CISOs to be selective about what they spend on and how they allocate limited resources. Add to that the average spend of $1,070 per enterprise user and $157,000 per cybersecurity employee, and cybersecurity teams have little, if any, room for inefficiencies.

The following are the top ten insights from Forrester’s latest cybersecurity benchmark report:

CISOs need to move out of the IT organization and report to their CEOs and board of directors to have a chance at a more realistic budget. Forrester finds that cybersecurity budgets increase when CISOs report directly to the CEO or board of directors. CISOs who can articulate the business value of cybersecurity, demonstrating how it can drive revenue and support strategic goals, are more likely to secure the necessary funding. This shift also reflects a growing recognition of cybersecurity’s strategic importance beyond mere IT operations.
Software will dominate cybersecurity budgets in 2024. The report reveals that 35.9% of cybersecurity budgets globally are allocated to software. This trend is particularly pronounced in large enterprises with up to 74,999 employees, where 39.4% of the budget is dedicated to software. Smaller organizations, conversely, spend a higher percentage on outsourcing services due to limited in-house capabilities, which underscores the scalability challenges smaller firms face in maintaining robust cybersecurity defenses.

Top Ten Insights from Forrester's 2024 Cybersecurity Budget Benchmarks

Source: Forrester 2024 Cybersecurity Benchmarks Global Report

Cybersecurity spending per user keeps climbing, reaching $1,070. This is another budget constraint CISOs have to factor into their total operations plans for a given year. Forrester notes that “the cybersecurity spend per enterprise user ranges from an average of $947 at extra-large organizations (75,000 or more users) to $1,210 at small organizations (fewer than 10,000 users).
Personnel costs consume 28% of the typical security budget. The report highlights that organizations are spending an average of $157,593 per cybersecurity employee. Full-time employees make up 73.5% of security teams, with the global average cost per contracted full-time equivalent (FTE) reaching $194,613. This significant expenditure on personnel underscores the critical role of skilled professionals in maintaining effective cybersecurity defenses.

System Defense is the leading functional spend category in 2024. Forrester finds that 29% of functional spending is in System Defense alone. The funding levels approved for this category reflect the critical need to protect endpoints and mobile devices against increasingly sophisticated attacks. With adversaries innovating faster than enterprises can keep up, System Defense is a must-have to protect new digital businesses and infrastructure. The following graphic shows cybersecurity spending by functional domain.

Identity and Access Management (IAM) takes up 21% of functional spending in the typical budget. Identity-driven attacks take many forms, from mass phishing to whale phishing, where senior executives of a company are targeted with tailored campaigns IAM also enhances operational efficiency and fraud reduction, making it a strategic investment for many organizations. Its broad applicability across both internal and customer-facing applications drives its substantial share of the cybersecurity budget.
Security analytics and incident handling reach 13% and 14%, respectively. Forrester notes that each of these separate services accounts for a relatively low percentage of the overall cybersecurity budget. Still, most organizations combine spending on these two categories into “detection and response.” Both areas combined equal 26% of the overall security budget, on average.
Getting compliance and governance right is a growing concern for many CISOs who are willing to spend their budget to stay in good standing with the SEC. The Security and Exchange Commission’s Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure adopted on July 26, 2023. The rules adopted by the SEC define a standardized process for cybersecurity disclosures for public companies. These rules require companies to disclose material cybersecurity incidents on Form 8-K or Form 6-K within four business days of determining the incident’s materiality. Additionally, companies must include cybersecurity risk management, strategy, and governance information in their annual reports (Forms 10-K and 20-F). The rules also mandate the use of Inline XBRL for tagging these disclosures.
Incident handling is on average, 13.5% of a global cybersecurity budget. This category is the most unpredictable, as it deals with responding to intrusions and breaches that cannot be forecasted. Spending on incident handling varies by company size, with small organizations (fewer than 10,000 employees) aligning with the global average of 13.5%. Larger organizations tend to allocate slightly less, likely due to more extensive preventative measures and diversified cybersecurity resources.
Privacy is core to customer trust today and gets funded, even in tough budgeting cycles. The two departments that use privacy-related solutions the most frequently are legal and marketing, which dedicate on average 12% of a cybersecurity budget to them. Forrester notes that this 12% figure is not the total privacy spend of an organization. Rather, the report says, “Data privacy spans multiple areas of the organization, including marketing and legal. Its share of the security budget doesn’t represent the total spending on privacy-related initiatives across the entire technology estate.

Balancing the scales of cybersecurity budgeting

The bottom line is that cybersecurity is a business decision and needs to be funded with that mindset. Organizations need to see the CISO role as a more board-level one so they can share their technology expertise in helping to manage risk.

It’s time for cybersecurity to be funded as a growth engine, not just one used for deterrence alone.

CISOs can balance the scales by looking for an opportunity to elevate their role to a CEO direct report and, ideally, be on the board to help guide their companies through an increasingly complex threat landscape.

Jul 7

Forrester’s top ten trends defining identity and access management in 2024

Stolen identity and privileged access credentials now account for 61% of all data breaches. This figure continues to increase as nation-state attackers, cybercrime groups, and rogue attackers integrate AI into their attack tradecraft.

Adversarial AI is taking aim at identities

80% or more of breach attempts aim first at identities and the systems that manage them. CrowdStrike’s 2024 Global Threat Report found that identity-based and social engineering attacks are reaching a new level of intensity. CrowdStrike found that attackers are using AI to launch advanced phishing attacks to impersonate legitimate users and infiltrate secure accounts. Attackers have long sought account credentials, but in 2023, their goals centered on authentication tools and systems, including API keys and OTPs.

“What we’re seeing is that the threat actors have really been focused on identity, taking a legitimate identity. logging in as a legitimate user. And then laying low, staying under the radar by living off the land by using legitimate tools,” Adam Meyers, senior vice president counter adversary operations at CrowdStrike, told VentureBeat in an interview early this year. Two of the most infamous Russian nation-state attackers, Fancy Bear and Cozy Bear, led these efforts, with the former exploiting a Microsoft Outlook vulnerability (CVE-2023-23397) for unauthorized server access.

Top ten trends defining identity and access management (IAM) in 2024

Forrester’s recent report, The Top Trends Shaping Identity And Access Management In 2024, provides an insightful view into the future of Identity and Access Management (IAM) and Privileged Identity Management (PIM). The report predicts that threat detection and remediation will improve with the help of A.I. Forrester also predicts that FIDO passkey authentication will go mainstream. In contrast, biometric authentication will slow down due to concerns regarding deepfakes.

Leading IAM providers include AWS Identity and Access Management, CrowdStrike, Delinea, Cradlepoint, ForgeRock, Ivanti, Google Cloud Identity, IBM Cloud Identity, Microsoft Azure Active Directory, Palo Alto Networks, and Zscaler.

Here is a summary of the top ten trends Forrester believes will shape IAM in 2024:

Trend 1: AI Will Improve Identity-Based Threat Detection and Remediation. Generative AI (genAI) is helping to redefine the future of IAM by improving outlier behavior analysis, increasing alerts’ accuracy, and streamlining administrative tasks while guarding against new threats.

98% of security professionals believe AI and machine learning (ML) will be beneficial in fighting identity-based breaches and see it as a pivotal technology in unifying their many identity frameworks. The majority, 63%, predict AI’s leading use case will be greater accuracy in identifying outlier behavior. 56% believe AI will help improve the accuracy of alerts, and 52% believe AI will help streamline administrative tasks.

Forrester asserts that AI will help short-staffed security teams triage alerts and automate time-consuming, mundane aspects of their jobs. Forrester also envisions genAI being used to query, “Which five applications are the riskiest from an identity entitlement perspective?” CrowdStrike announced at RSAC 2024 that Charlotte AI, CrowdStrike’s Generative AI security analyst, can automatically correlate all related contexts into a single incident and generate an LLM-powered incident summary for security analysts.

Trend 2: IAM Platforms Face Increased Scrutiny Of Their Underlying Security. High-profile breaches that began with impersonation leading to identity theft, including MGM and Okta, reflect how social engineering can still bypass IAM safeguards. CISOs are pushing back on their IAM vendors to improve operational processes and security practices and prioritize security for cloud-based SaaS applications and multi-cloud configurations. Forrester writes that their clients running IAM systems expect their vendors to comply with standards like SOC 2, FedRAMP, ISO 27002, and PCI. CISOs and security teams are also asking to vet a vendor’s workforce, including both employees and contractors and understand how the vendor communicates about and addresses security issues.

Forrester’s advice to security and risk management professionals is to “Demand multifactor authentication for all workforce business and admin users, without exception. Prioritize IAM vendors that embrace secure-by-design and secure-by-default principles and value continuous two-way customer engagement to improve their overall cybersecurity posture.”

Trend 3: IAM And Non-IAM Vendors Respond To Identity-Centric Threats. More CISOs and their security teams are taking a zero trust mindset to breaches. They see them as inevitable, and as part of their zero trust frameworks, they’re looking to shut down lateral movement after an intrusion. Forrester observes that “both IAM vendors and non-IAM cybersecurity vendors keep making advances in identity threat detection and response (ITDR). As a result of organic development and acquisitions, ITDR capabilities are being incorporated in platforms from privileged identity management (PIM) vendors like ARCON, BeyondTrust, CyberArk, and Delinea, as well as XDR vendors, such as Cisco, CrowdStrike, Proofpoint, and SentinelOne.”

Trend 4: FIDO Passkey Authentication Goes Mainstream For Workforce And B2C Uses. Forrester notes that a large number of customer-facing sites, including H&R Block, PayPal, and Verizon, are moving to passwordless authentication. At the same time, smaller financial institutions like coinbase.com offer optional fast identity online (FIDO) Authentication and FIDO passkey-based authentication. The research firm expects 30% of B2C websites and apps to offer FIDO passkeys by the end of 2024.

Trend 5: Biometric Adoption Slows Due To Concerns Around Deepfakes. Despite biometric authentication being a security standard on smartphones, CISOs and consumers alike are becoming more concerned about deepfakes. Designing liveness detection and other advanced features for facial and fingerprint recognition systems reduces the threat of spoofing generated by deepfake technology.

As multiple breach attempts have proven, voice biometrics are more susceptible to attack. Forrester notes that in response, the FTC set a Voice Cloning Challenge to “encourage the development of multidisciplinary solutions—from products to procedures—aimed at protecting consumers from artificial intelligence-enabled voice cloning harms, such as fraud and the broader misuse of biometric data and creative content.” Vendors will add additional deepfake detection to their solutions in 2024, resulting in a rebound in biometrics adoption in 2025.

Trend 6: IMG And PIM Vendors Expand Coverage Of Cloud Administrator Identities. Getting multicloud and hybrid cloud security right is getting more challenging and complex to achieve at scale due to configuration complexity. Forrester notes that “zero trust in the cloud starts with understanding the data access entitlements of identities like cloud infrastructure administrators, SaaS administrators, and business users.” Security and risk management professionals need to review cloud administrators’ entitlements that grant access to sensitive data assets and, when necessary, cancel them. Forrester writes, “While tools offer detection and remediation automation, they are no substitute for documented and consistent identity governance processes.”

Trend 7: Government-Issued Digital Identities Continue To Spread. Forrester believes acceptance of government-issued decentralized digital identities (DDIDs) beyond government use cases will grow in 2024. Mobile digital identities, including driver’s licenses, are now available in the US states of Arizona, California, Florida, and Iowa. Jurisdictions that have or will soon issue mobile driver’s licenses include the European Union (based on the eIDAS 2.0 approved set of standards), Estonia, Hungary, and Sweden. Nigeria and the Philippines have digital identities active today. .

Trend 8: B2B IAM Becomes A Differentiating Feature. Security teams and CISOs running them who are operating without an extended IAM ecosystem for partners like contractors, suppliers, and resellers face more severe security risks. B2B IAM involves managing joiner, mover, and leaver (JML) processes differently than internal employees. Forrester predicts that in 2024, IAM vendors will enhance platforms with features like simplified federation onboarding, verifiable credentials for ID verification, and improved access review processes for the extended enterprise.

Trend 9: Commercial and homegrown IAM Solutions Face Growing Demand For Upgrades. Maintaining on-premises IAM systems is becoming more costly and inefficient, making it more attractive to move to a cloud-based platform. Forrester is finding that the brittle, less secure nature of on-premise legacy systems also makes them more difficult to upgrade. Demand is so high for replacing legacy systems that a recent Forrester survey found that the intention to replace homegrown solutions jumped from 4% in 2022 to 18% in 2023.

Trend 10: The Fine-Grained Authorization Market Heats Up. As digital platforms and business app creation continue to proliferate, the need for dynamic and fine-grained access controls is extending beyond security. Forrester says that the IAM market is moving toward centralized and external authorization patterns because of B2B2E and B2B2C relationships and the possibility that genAI could make it easier to create and manage authorization policies.

Jul 7

Deloitte shares latest research into adversarial AI, ransomware in new report

Over the past year, 66% of organizations experienced at least one ransomware attack, with many suffering repeated breaches. According to Deloitte’s Annual Cyber Threat Trends report, ransomware, identity-based attacks, and sophisticated attack methods like zero-day exploits and AI-driven cyber espionage dominate a rapidly changing threat landscape.

Ransomware attackers specialize in making chaos pay

Attackers are using ransomware as a smash-and-grab strategy, often to finance other illegal operations. Cybercrime gangs, including those that are state-funded, rely on ransomware as a primary source of revenue as well.

Ransomware attackers aim to create widespread chaos across supply chains, amplifying the impact of their attacks. For example, United Healthcare paid a $22 million ransom in Bitcoin, demonstrating how greater disruption often leads to higher payouts.

“Sophisticated ransomware operators are increasingly using zero-day exploits as their initial access vector, with 36 percent of victims ransomed in this way. Valid credential compromise was the second most common entry point for ransomware attacks,” says Deloitte in the report.

“Phishing, remote attacks on public-facing infrastructure, and unauthorized remote desktop connections continue to be the primary sources of infiltration for ransomware,” writes Paul Furtado, Gartner vice president analyst, in a recent research report, How to Prepare for Ransomware Attacks.

Furtado notes that “bad actors are mining exfiltrated data to identify other potential sources of revenue,” further increasing the urgency to harden cyberdefenses against ransomware attacks. The following is a typical ransomware attack pattern as defined in the Gartner report.

Source: Gartner, How to Prepare for Ransomware Attacks, 16 April 2024

CrowdStrike’s threat intelligence teams regularly monitor every known ransomware variant. “RaaS kits are easy to find on the dark web, where they are advertised in the same way that goods are advertised on the legitimate web,” writes Kurt Baker in a blog post explaining RaaS. The post continues, “a RaaS kit may include 24/7 support, bundled offers, user reviews, forums, and other features identical to those offered by legitimate SaaS providers.”

The 2024 Annual Threat Assessment of the U.S. Intelligence Community found that “transnational organized criminals involved in ransomware operations are improving their attacks, extorting funds, disrupting critical services, and exposing sensitive data. Important U.S. services and critical infrastructure such as health care, schools, and manufacturing continue to experience ransomware attacks.”

Adversarial AI’s growing tradecraft

Deloitte’s research uncovered the growing use of adversarial AI for cyber espionage, finding it’s driving new forms of tradecraft in influence operations, social engineering, underground services, and collaboration.

Adversarial AI’s goal is to deliberately mislead AI and machine learning (ML) systems so they are ineffective for the use cases they’re being designed for. Adversarial AI refers to “the use of artificial intelligence techniques to manipulate or deceive AI systems. It’s like a cunning chess player who exploits the vulnerabilities of their opponent. These intelligent adversaries can bypass traditional cyber defense systems, using sophisticated algorithms and techniques to evade detection and launch targeted attacks.”

source: Deloitte Annual Cyber Threat Trends report

Influence operations are the most active threat vector of the three Deloitte is tracking. AI image deception and deepfake accuracy are accelerating faster than many existing detection technologies can keep up with.

Telesign’s 2024 Trust Index found just how wide the trust gap is becoming due to deep fakes and broader influence operations. 87% of Americans hold businesses accountable for digital privacy, yet only 34% trust them to use AI effectively to protect against fraud. Deepfakes and misinformation are driving a wedge of distrust between companies, the customers they serve, and citizens participating in elections this year.

Deloitte found that social engineering-based attacks are becoming more challenging to identify and stop. Nation-states are weaponizing LLMs and using genAI to improve their ability to launch large-scale social engineering attacks aimed at harvesting privileged access credentials and gaining control of thousands of identities in an enterprise at once.

The rapid growth of Voice Cloning-as-a-Service (VCaaS) tools powered by AI, which is used for vishing attacks to clone voices for financial fraud and unauthorized access, continues to defy easy detection. Cybercriminals and nation-state adversaries are quick to invest in new technologies that yield tradecraft that existing cybersecurity systems can’t decipher, and deepfakes are among the most undetectable today.

Preventing a ransomware attack

Start with a zero-trust mindset. Any trust-based connections in a network are a liability—a ransomware attack waiting to happen. Furtado advises, “Build and execute on a zero-trust strategy that reduces the risk of attackers abusing implicit trust in environments to achieve lateral movement, employ available exploits, and gain privilege escalation to deploy ransomware.”

Furtado’s recommendations reflect a strong zero-trust mindset that seeks to eliminate lateral movement, enforce least privilege access, and monitor all network activity while hardening identity and access management (IAM) security. In short, he’s advising having as strong of a zero-trust framework as possible in place to withstand a ransomware attack.

One of the core concepts of zero trust is to assume an attack has already penetrated the network. Furtado’s key takeaways from his recent report on ransomware include the following:

Have a complete preincident prevention strategy that includes workspace and endpoint protection, data protection, immutable backup, asset management, end-user awareness training, and strong identity and access management.
Implement a reliable asset management process to identify what needs to be protected and who is responsible, paying particular attention to legacy systems.
Establish a risk-based vulnerability management process that includes threat intelligence (TI) to address unpatched systems.
Implement both macro and micro network segmentation to minimize the blast radius of ransomware attacks.
Build and execute a zero-trust strategy to reduce the risk of attackers abusing implicit trust in environments.
Implement compliance scanning, penetration testing, and breach attack simulation (BAS) tools.
Remove local administrative privileges on endpoints and limit access to sensitive applications, including email, to prevent account compromise.
Prevent access to the command prompt and block the execution of PowerShell scripts on all user endpoints.
Implement strong authentication for privileged users, such as database and infrastructure administrators and service accounts, and log and monitor their activity.

Jan 17

Cybersecurity CEOs Share How Businesses Can Protect Themselves In 2022

Bottom Line: Every business needs to resolve in 2022 to treat cybersecurity as a business decision first because the risk to operations and revenue are too great if they don’t.

Any cybersecurity prediction for 2022 will likely be on the low side, given how ingenious ransomware attackers are at mining long-standing common vulnerabilities and exposures (CVEs) and how intricate breach attempts are becoming.

Predictions don’t protect businesses, professional guidance does. Intending to provide every business, especially startups, with insights they can use to protect themselves in 2022, I’ve interviewed several cybersecurity CEOs. Their recommendations on what every business can do to improve their cybersecurity and avert a potential breach, ransomware attempt, or worse are provided below:

BOS Framework Founder and CEO Sashank Purighalla

Before BOS, Sashank founded and served as the CEO of 5Y Solutions, Inc., a DevOps company that provides SaaS and enterprise-class technology solutions based in the cloud, AR, VR, IoT, Media Streaming, and Big Data spaces. 5Y has offices in the US, Australia, and India. Much of Sashank’s 20+ years of experience has involved developing enterprise-class technology solutions, strong strategic and long-range planning, setting business and technology strategies in B2B and B2C environments, and leading and motivating diverse teams to build high-impact SaaS and PaaS products. Sashank has a bachelor’s degree in Mechanical Engineering and a master’s degree in Computer Science.

Advice from Sashank Purighalla Founder and CEO at BOS Framework

“The biggest problem that enterprises are dealing with is with fractured technology architectures. The playbook for how technology systems are designed and maintained has fundamentally changed over the past 5 years with the advent of DevOps as a new disciple geared toward bringing efficiency to the PDLC process. To help meet this growing demand, there has been nearly a 570% increase in the number of known niche tools. Here’s the strange dichotomy: In the same timeframe, there has been an over 630% increase in the number of cyber breaches and over 600% increase in technology management and maintenance costs.

The fact is that you cannot patch disparate systems with non-standardized implementations using niche tools and expect to achieve security. Breach resilience and systemic integration can only result from sound systemic architectures that are based on best practices.

Enterprises must shift their focus from thinking of the next tool for efficiency or patching gaps to consistent architectures for effective holistic outcomes. This is an ecosystem problem and can only be addressed at an organizational architecture level”.

Founder Shield Co-Founder & CEO Benji Markoff

Benji Markoff is the Co-Founder & CEO of Founder Shield. He has an obsession with culture and the science behind it. He wants his legacy to be the success and positivity that everyone who works at Founder Shield brings to the world, whether at Founder Shield or in any their future endeavors. He hopes that Founder Shield provides a platform for unlimited success and happiness for all that work there.

Advice from Benji Markoff, Co-Founder & CEO of Founder Shield

“It’s old news that cybercriminals have beefed up their attacks, with ransomware and phishing topping every bad actor’s to-do list, it seems. The pandemic spotlighted weak links in cybersecurity systems nationwide, and hackers didn’t waste one minute to attack — back door, front door, didn’t matter. Hybrid work schedules and burnt-out IT specialists make the waters even murkier. Naturally, cyber liability insurance is a hot commodity currently, and the insurance industry plays a significant role in helping companies stay protected. Unfortunately, the attacks keep coming. Flip the script, though, and all these negative headlines can serve as lessons learned. For starters, let’s remember that cross-functionality value also translates to cybersecurity training. The more employers raise awareness and implement in-depth training, the lower they’ll fall on a hacker’s checklist. Keep cybersecurity top-of-mind throughout your entire company. Also, don’t be shy about relying more heavily on your managed service provider (MSP). These companies are ever-broadening their scope of services. If eyes and ears are what you need, start negotiating new MSP contracts.”

Hexnode Founder and CEO Apu Pavithran

Apu Pavithran is the founder and CEO of Hexnode. Recognized in the IT management community as a consultant, speaker, and thought leader, Apu has been a strong advocate for IT governance and Information security management. In addition, he’s passionate about entrepreneurship and spends significant time working with startups and empowering young entrepreneurs.

Advice from Apu Pavithran, founder and CEO of Hexnode

“Enterprise customers in 2022 are looking for a seamless digital experience that they can adopt immediately. Unfortunately, while catering to this need businesses tend to overlook the cybersecurity risks involved in making this possible.

In practice, cybersecurity decisions mostly take the backseat when associated with budgetary needs and business priorities, however, what comes with that is a successful ransomware attack that can completely turn the equation upside down. So, while adopting a flexible working environment in a constantly changing IT landscape, I would strongly recommend having a device security policy and a UEM in place. This helps keep your sensitive information safe by making sure employee devices are always compliant.

A patch management solution that comes along with the UEM solution will monitor your devices to make sure that there are no security vulnerabilities. The solution will also make sure that your device is running on the latest OS update and protected from threat actors.

Endpoint security solutions like UEM’s will help secure businesses to an extent, But having the right tools can’t always ensure that your businesses are 100% secure. The biggest threat is always the human element in cyber security. So make sure that in your flexible work environment your employees are cyber aware with regular cyber awareness classes that cover updated cybersecurity best practices.”

Ivanti CEO Jeff Abbott

As CEO of Ivanti, Jeff Abbott oversees all aspects of the company’s growth strategy and direction. Before becoming CEO of Ivanti in October 2021, Jeff served as Ivanti’s President since January 2020. Jeff has over 25 years of experience working for enterprise software and services companies, including Accenture, Oracle, and Infor. Jeff holds degrees from the University of Tennessee and Georgia State University. He sits on the National Alumni Board at the University of Tennessee and has previously held board positions with the Georgia Leukemia and Lymphoma Society and the Posse Foundation.

Advice from Ivanti CEO Jeff Abbott:

The rapid shift to remote work has accelerated growth in new digital systems and workflows, leading to expanded enterprise attack surfaces. At the same time, threat actors have matured their tactics and targeted enterprise security gaps. For example, attackers have increasingly waged phishing attacks at mobile devices, which remote workers are using more than ever before, via text and SMS messages, instant messages, social media, and other modes of communication, beyond just corporate email. Ransomware has also continued to evolve, with attackers increasingly leveraging known vulnerabilities that have remote code execution and privilege escalation capabilities. Ransomware is a business, and threat actors are incentivized to find companies that are more likely to pay.

Organizations are struggling to proactively combat these growing cyber threats. A new study by Ivanti revealed that 71% of IT and security professionals found patching to be overly complex and time-consuming. 57% of respondents stated that the global transition towards a decentralized workspace has made patch management more complex to deal with. And 53% said that organizing and prioritizing vulnerabilities takes up most of their time. This is alarming because the longer vulnerabilities remain unpatched, the more exposed a business is at risk of an attack or ransomware.

To effectively mitigate risk, companies should implement a Zero Trust security strategy. At its simplest, Zero Trust provides organizations continuous evaluation of their employee devices, endpoints, assets, and networks that business relies on. As part of an overall Zero Trust strategy, companies should invest in automated controls that proactively perform cyber hygiene tasks and reduce security risk across infrastructure and applications. This includes leveraging a combination of risk-based vulnerability prioritization and automated patch intelligence to identify and prioritize vulnerability weaknesses and then accelerate remediation. A proactive, end-to-end risk-based assessment strategy can drive business value and further reduce the mean time to detect, discover, remediate, and respond to cyber threats.

Orchestral Founder and EVP Dale Smith
As Orchestral’s Head of Revenue Technology & Operations, Dale leads the digital infrastructure team responsible for integrating customer-facing operations across marketing, sales, and customer success to deliver extraordinary customer experiences that accelerate revenue performance. Dale has over 30+ years of experience in the tech industry, including several roles that include engineering, marketing, business development, and product management. His current startup, Orchestral.ai, provides AI-enabled IT workflow automation & orchestration technologies that facilitate digital transformation for some of the world’s largest enterprises.

Advice from Orchestral Founder and EVP Dale Smith

“Although there is an increasing amount of attention given to automation within the cybersecurity sector, there are still many gaps between the countless tools and SOAR/SIEM platforms found in a typical enterprise’s cybersecurity infrastructure.
To be sure, cybersecurity automation is a welcome and necessary focus for innovation in threat intelligence and response. But, as organization’s adopt cybersecurity automation, they are likely to discover that significant human intervention is still required to bridge the “silos of automation” that naturally develop around highly specialized security tools and platforms. It is at this point when the focus should shift to “cybersecurity orchestration”. Cybersecurity orchestration intelligently integrates all of the different and disparate tools, platforms and siloed automations so that information is shared across the entire cybersecurity infrastructure. In this context, cybersecurity automation and cybersecurity orchestration are complimentary stages of focus for developing security infrastructure capable of coordinating a truly “autonomous” threat response.”

Prometeo Co-Founder and CEO Rodrigo Tumaián

Rodrigo Tumaián is co-founder of Prometeo, a startup in the fintech area. He is also a co-founder of Truss, a company that provides information security services in the financial sector. His extensive experience working with national and international companies has enabled him to learn to adapt to any type of environment and help customers across a broad spectrum of business models, industries and revenue levels.

Advice from Prometeo Co-Founder and CEO Rodrigo Tumaián

“When we talk about Cybersecurity month to encourage awareness around the topic, we should keep in mind that it is something we must take action on every day. The repercussions that are caused when we find ourselves in the middle of a problem or a serious cybersecurity issue, profoundly impact our digital ecosystem. Constantly promote cybersecurity awareness – that’s what we’re focused on internally and with every customer – and we’re product of what we’re accomplishing with them and seeing them and we are very proud of what we have accomplished.”

Rapid.Space Founder and CEO Jean Paul Smets

Jean Paul is an entrepreneur, with 20 year experience and success in enterprise open source software for B2B markets. As Founder and CEO At Rapid.Space, he leads product and business development . Before Rapid.Space, Jean Paul founded Nexedi S.A the largest FLOSS publisher in the EU (4 M€ income). He founded VIFIB which invented edge computing in 2009 and contributed its technology to Rapid.Space. He holds a PhD in computer science, graduated from ENS Ulm and joined “corps des mines”.

Advice from Jean Paul Smets, Founder and CEO at Rapid.Space

“If you use a cloud service, make sure your cloud provider does not have access to your passwords or credentials (most have access and password leaks happen in average every year, as we all experienced). If you use containers, make sure you understand that they do not provide strong isolation (containers from other users on the same host may be able to access your sensitive data through security escalation, such as the one which happened to Azure in 9/2021)”

ThycoticCentrify CEO Art Gilliland

Art Gilliland is CEO at Centrify and brings proven success in the global enterprise software industry-leading large organizations in product development, enterprise infrastructure, cybersecurity, go-to-market strategy, and SaaS operations. He most recently was SVP/GM of the Symantec Enterprise Division of Broadcom, reporting to the CEO, where he led the integration and business operations post-acquisition. Before Symantec, Art held executive positions at Skyport Systems, HP, Symantec, and IMlogic.

Advice from ThycoticCentrify CEO Art Gilliland:

“As organizations execute on their digital transformations to adopt cloud and SaaS infrastructure it will become more essential to adopt tighter control over who has access to what. Investments in tighter controls over privileged access by using multi-factor authentication, centralizing identities, and enforcing least privilege can go a long way to securing modern infrastructure. This investment can not only make the user experience more seamless for those who need and should have access, but can also simultaneously harden defenses to reduce risk of becoming the next hack or ransomware victim.” — Art Gilliland, CEO, ThycoticCentrify

Apr 6

How The Pandemic Is Accelerating Endpoint Security’s Growth

76% of enterprises increased their use of endpoint devices since the beginning of the COVID-19 pandemic, supporting their remote, work-from-home (WFH) and hybrid workforces globally.

66% of enterprises believe securing their networks and infrastructure requires a more focused, proactive approach to endpoint resilience that doesn’t leave endpoint security to chance.

Cybersecurity leader’s top challenges today are maintaining compliance, enforcing security standards, and understanding the health of security controls on each endpoint.

Just 38% of IT leaders can track the ROI of their cybersecurity investments, accentuating the need for more resilient, persistent endpoints that provide greater visibility and control.

These and many other fascinating insights are from Forrester Consulting’s latest study on endpoint security, Take Proactive Approach To Endpoint Security, completed in collaboration with Absolute Software. The study is noteworthy for its impartial, accurate view of the current state of endpoint security and the challenges IT teams face in creating greater endpoint resilience. The study’s methodology is based on 157 interviews with IT and security professionals located in the U.S. and Canada who are decision-makers in endpoint protection, with interviews completed in November and December 2020.

Key insights from the study include the following:

Security leaders are reprioritizing endpoint automation efforts with a strong focus on sensitive or at-risk data. In 2021 automation efforts will focus on sensitive or at-risk data (60%), geolocation (52%), security control health (48%), web-based application usage (36%), patch management (35%), and hardware inventory (32%). Each of these technologies is integral to supporting remote workers. There’s also a significant shift from how automation strategies were prioritized before the pandemic, as the graphic from the study below illustrates:

Maintaining compliance, enforcing security standards, understanding security controls’ health, and measuring security investments are the top challenges to managing endpoint security today. The majority of enterprises, 59%, cannot maintain or prove compliance of endpoints at any given time. Lack of compliance drags down the efficiency of endpoint security efforts, making an entire network more vulnerable. Just over half of enterprises can’t enforce security standards across endpoints or don’t know today’s health. The most surprising finding of the study: 62% of enterprises cannot measure the ROI of their security investments – with half (31%) – strongly disagreeing with how measurable security ROI spend is.

Enterprises see four key areas where endpoint management could improve today. Forrester asked enterprise IT and security leaders which capabilities need to be added to endpoint management systems to make them more effective. The executives first focused on securing sensitive and at-risk data, a sure sign enterprises are moving to a more data-centric cybersecurity model in the future. That’s good news as cyber attackers want to penetrate software supply chains and take control of systems managing data assets. Managing devices remotely at scale is second, which is also a frequent challenge IT and security teams encounter when attempting to patch endpoints. Having an unbreakable digital tether to devices is solving the scale issue while also providing greater endpoint resiliency, visibility, and control.

Conclusion

The pandemic forced every business to become more innovative in supporting work-from-home and hybrid work environments, improving endpoint security an immediate priority. What’s needed is an unbreakable digital tether to all devices, capable of delivering complete visibility and control, enabling real-time insights into the state of those devices, and allowing them to repair security controls and productivity tools autonomously. Of the many solutions available for securing endpoints today, the ones that take a firmware-embedded approach to secure endpoints are proving the most reliable. The more integrated an endpoint is to firmware, the more likely self-healing agents will be reliable while also providing complete visibility across every device on or off the network. Absolute’s firmware-embedded approach is noteworthy in its track record of securing endpoints during the pandemic.

Researching the intersection of AI, machine learning and cybersecurity in the enterprise

Posts tagged ‘cybersecurity’

The acceleration is real

Where the money flows

Insights into deal sizes

The AI/LLM security gap

How spending breaks out geographically

ServiceNow’s acquisitions signal large-scale consolidation

What this means for 2026

Share this:

Like this:

What these growth rates say about Gartner’s view of the market

The 15 categories reshaping security architecture

The Investment Thesis behind the numbers

The Bottom Line

Share this:

Like this:

1. Identity Security Budgets Accelerate Toward $27.5B by 2029

2. Hybrid IAM Still Dominates—77% Keep On-Premise Components

3. Third-party Risk Matches Compliance as a Top IAM Driver

4. Static Entitlements Are Obsolete; Zero Standing Privilege Is Now Mandatory

5. Identity Management Converges Across Security, Marketing, and CX

6. Vendor Consolidation Radically Reshapes IAM Markets

7. Generative AI Exacerbates Identity Threats but Offers Transformational Defenses

8. Machine Identities Are a Critical Emerging Attack Vector

9. Phishing-Resistant MFA Is Dangerously Under-Deployed

10. Context-Aware IAM Becomes a Real-time Security Necessity

Bottom Line: Adaptive identity security defines enterprise survival

Share this:

Like this:

A fast-changing threatscape is changing spending priorities

Top ten insights from Forrester’s 2026 cybersecurity budget benchmarks

Share this:

Like this:

CISOs are remaining optimistic

Key takeaways

CISOs are dealing with a threatscape moving at machine speed

Practical guidance from CISOs adding GenAI to their arsenals

Bottom Line

Share this:

Like this:

Cybersecurity needs funding to match its business growth potential

Top Ten Insights

Balancing the scales of cybersecurity budgeting

Share this:

Like this:

Adversarial AI is taking aim at identities

Top ten trends defining identity and access management (IAM) in 2024

Share this:

Like this:

Ransomware attackers specialize in making chaos pay

Adversarial AI’s growing tradecraft

Preventing a ransomware attack

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Email Subscription

Top Posts

This Blog’s Purpose

Categories

Search