Cloud threat detection and response priorities for 2024

Cloud proliferation grew precipitously in 2023 and will continue to do so in 2024. This growth has led to several security difficulties, such as increased change velocity making it hard to keep up with security requirements, an increasingly complex attack surface and more vulnerabilities to patch or remediate.

As we move into next year, TechTarget's Enterprise Strategy Group (ESG) analysts expect a lot of activity as organizations attempt to bridge the cloud security gap. ESG research found a vast majority (89%) of organizations said they plan to increase cloud threat detection and response (CDR) spending in 2024, with more than one-third (36%) of firms claiming their cloud security budgets will grow substantially.

When asked to identify which aspects of CDR need improvement moving forward, survey respondents tended to focus on aligning security with cloud-native applications and software development. The following were the top five areas indicated for improvement:

• Process automation. Cloud-native application development and DevOps are anchored to automated processes across a continuous integration/continuous delivery (CI/CD) pipeline. Without complementary automated security processes, it is extremely difficult to piece together alerts, investigate anomalies and address vulnerabilities in a reasonable time frame. Thus, security teams are intent on automating cloud security processes next year.
• Integration with software development and DevSecOps processes. Security teams need to march to the beat of the cloud development team. This requirement is about aligning security with the speed and methodologies of modern application development. Security teams need a better understanding of Git-based software development, CI/CD pipelining, DevOps and the automated development tools in use at their organizations.
• Git-based remediation features to better enable developers' workflows. This is the ultimate shift-left move by getting security into the source code itself. By injecting security checks within indexes and working trees, security teams can help improve code quality as part of each build.
• Context for alert and threat prioritization from different data sources. This might require greater insight into data sources, cloud application behavior and threat intelligence around adversary tactics, techniques and procedures. It is also worth integrating the Mitre ATT&CK framework into this effort because it can provide context into cloud-specific attacks and those that move laterally from on-premises to cloud resources.
• Attack path modeling to predict vulnerability and exposure to attack. The security industry will be talking a lot about attack path modeling and exposure management in 2024. Attack path mapping seeks to identify the route an adversary might take to compromise critical cloud-based resources. Armed with this map, security and development teams can prioritize vulnerability remediation, add compensating controls and conduct penetration tests to make sure they got their defensive strategies right.

This research indicated security professionals are focused on the right places. Lacking traditional security staples, such as servers and IP addresses, cloud security depends on much greater understanding and oversight of cloud security applications while keeping up with the pace and processes of cloud-native development.

There's a lot of work ahead, but security pros seem intent on shifting left while improving the effectiveness of everything right of boom -- threat detection and response. That's a good mindset for cloud security in 2024.

Jon Oltsik is a distinguished analyst, fellow and the founder of TechTarget's Enterprise Strategy Group cybersecurity service. With more than 30 years of technology industry experience, Oltsik is widely recognized as an expert in all aspects of cybersecurity.

Enterprise Strategy Group is a division of TechTarget. Its analysts have business relationships with technology vendors.