By Ross Baker
It’s been a tough year for CISOs. The past 12 months has seen another spike in data breaches, cloud misconfigurations, and security threats at a DevOps layer. Ransomware is up, filelessmalware is on the rise, and business email compromise continues to increase. Trend Micro alone blocked over 26.8 billion unique threats in the first half of the year. With no let-up in store for 2020, cybersecurity leaders need to ensure they work with trusted partners — vendors with a clear vision of the future.
Over the past year, a compelling blend of product innovation, M&A activity, and independent industry recognition has singled out Trend Micro as that partner.
Digital means risk
When people talk about digital transformation today, they’re usually talking about cloud computing systems. Investments in platforms from AWS, Azure and the rest have generated huge wins for firms as they look to become more scalable, IT efficient, and agile. Cloud platforms give developers the flexibility they need to push ahead with DevOps and infrastructure-as-code (IAC) initiatives, to offer innovative customer experiences that can be adapted according to market demands at the click of a few buttons.
But this IT transformation has exposed those same organisations to a new set of risks. With so much potentially lucrative customer information and IP stored in cloud databases, they’ve become a major target for hackers. Trend Micro is predicting a torrent of code injection attacks against cloud providers in 2020. We’re also seeing vulnerabilities emerging in containers and microservices architectures, many of which stem from the reuse of open source components. Nearly 9% of components downloaded globally in 2018 contained a bug, 30% of which were critical, according to research from earlier this year.
It doesn’t help that organisations are sometimes their worst enemy. The complexity of multi- and hybrid cloud systems puts increasing pressure on IT admins. With so much at stake it’s inevitable that this leads to human error. Misconfigurations have become a staple news item over 2019. Our research from this year also found that over half of DevOps teams in global organisations don’t have all the righttools they need to do their job properly.
Making security simple
So what have we done to help our customers navigate this volatile landscape? Here’s just a few examples of positive steps we hope will take the fight to the black hats:
Cloud Conformity: Our acquisition of this leading Cloud Security Posture Management (CSPM) vendor has put much-needed continuous assurance capabilities into the hands of global organisations. Most exciting of all are Cloud Conformity’s ability to shine a light on complex cloud environments, highlighting where misconfigurations exist and simple steps to remediation.
Snyk: We’ve teamed up with this developer-first open source security leader to mitigate DevOps risks stemming from shared code. Trend Micro container image scans highlight vulnerabilities and malware in the software build pipeline and our virtual patching shields against exploitation at runtime. Then Snyk Applications Security Management enables developers to quickly and easily fix those bugs in their code.
CloudOne: We’re combining all of our cloud security capabilities in one streamlined platform to cover: CSPM, app security, containers, workloads, cloud networks and file storage security. It’s an automated, flexible and all-in-one solution to simplify the complexity of modern hybrid and multi-cloud environments.
Analyst recognition: We know we’re doing well. But it’s great to hear it from an independent industry analyst like IDC.This happened recently when we were named the “dominant leader” in IDC’s latest report, Worldwide Software Defined Compute Workload Security Market Shares, 2018. Our share of the SDC workload security market now stands at over two-fifths, nearly triple our nearest competitor.
This is the culmination of many years of hard work. But we’re only just getting started!