Devo’s 2022 Cybersecurity Predictions: Part One

There’s only one thing that’s certain in cybersecurity: The cyberthreat landscape is constantly changing, and the tools and solutions we have at our disposal to combat cybercrime must continue evolving if we are to stay ahead of — or at least keep up with — them.

As 2021 winds down, the Devo security team is already looking ahead to the most pressing cybersecurity trends likely to appear in 2022. Here are my top three predictions for the new year:

1. XDR Everything

Anton Chuvakin, security solution strategy lead at Google, tweeted, “#SIEM is too hard. #SOAR is too hard. #EDR is too hard. Now, if you combine them all into #XDR, now that…that would be simple?! Duh. Obviously. Why didn’t anybody think about it before?” And while the tweet probably elicited chuckles from many, it highlights the XDR trend and how it’s causing head-scratching confusion for many folks.

Interest in XDR solutions has spiked — Forrester even published its first Wave report on XDR providers this year. Many companies will ride the buzzword to evolve their brand without rebuilding or updating their technology to meet the needs of security practitioners. XDR will be stamped onto everything, so buyer beware.

Further, while the X is the new part in XDR, the DR portion is only a sliver of what modern SOC teams do and need from a security solution. So, while it’s good that there’s a reenergized focus on this aspect of SOC work, other areas need further investment if they are to mature at the same rate.

Our advice to security teams? Be wary of over-marketing around XDR. Instead, make sure your security team isn’t neglecting other security best practices and is equally investing in other aspects of SOC work to ensure they can remedy cyberattacks — not just respond to them.

2. Increases in Detection as Code and Response as Code Take the Stage

There will be a hockey stick increase in detection-as-code practices — a modern, flexible and structured method to writing detections. While the practice has been around for two or three years, it started gaining traction during the past year — especially as the community has worked toward establishing a common code language (i.e., Sigma) so newly written detections are portable across different platforms.

As we all know, security teams have traditionally purchased solutions that had detections built into them and then relied on the dedicated research team from that vendor to create and add new detections content. Detection as code has entirely flipped this model on its head. Gone are the days of proprietary detections. Customers, their partners, and the larger infosec community will instead create new detections content and choose how they want to apply it in the product they have deployed. In this model, end users benefit from having access to a broader community and pool of security knowledge and talent. It also means that detections are available to security teams faster because multiple research teams are working to solve the problem.

Since detections content will no longer come solely from security vendors, there is now an opportunity for an ecosystem of advanced partners and verticalized specializations to thrive. As there continue to be more community contributions to building detections, we should expect response as code to take off during next year, as well.

3. SaaS, Managed Services, and Professional Services all Converge into On-Demand Expertise

The boom in XDR is a clear example of how SaaS, managed services, and professional services are all coming together. We expect to see this trend take flight in 2022. What security teams want is on-demand expertise. Teams will shift from signing up with a managed services provider for a monthly retainer and a professional services team added on top of that. Instead, security teams will seek out tools with on-demand expertise directly built into them. This built-in expertise will take the form of a chatbot-like feature where end users can connect with experts and specialists in the precise threats they’re investigating.

In 2022, we’re going to see the first products that do that well and at scale. Vendors will initially provide these on-demand experts, but beyond 2022 we also anticipate that this on-demand expertise will develop in a manner similar to the detection-as-code evolution. Over time, it will become a much more community-driven approach where security teams tap subject matter experts from just about anywhere. Security marketplaces will evolve from simply having a product that you download to having a product and a related marketplace for apps, applets, and soon, people and services.

It’s clear big changes are on the horizon. But these aren’t our only predictions for the new year! Stay tuned for additional insights from other Devo cybersecurity experts.