IDC Corporate USA - Experts & Thought Leaders

Cisco has made several transformative innovation and partnership announcements that will help security professionals secure and harness the power of AI. An increasingly sophisticated threat landscape combined with an expanding talent shortage means the need has never been greater for machine scale security and response. According to Cisco’s upcoming 2025 Cybersecurity Readiness Index, companies worldwide underestimate the complexities of securing AI, with 86% saying their organisations have experienced AI-related security incidents in the past 12 months. Dynamic cybersecurity threat landscape Cisco’s announcements further its commitment to developing these capabilities Cisco’s announcements further its commitment to developing these capabilities for customers through ecosystem partnerships and for the broader community through open-source security models and tooling. “The cybersecurity threat landscape has never been more dynamic and complex, with adversaries constantly emboldened and enabled by AI to drive new attacks and exploits,” said Jeetu Patel, Executive Vice President and Chief Product Officer at Cisco, adding, “To fight back, understaffed security operations and IT leaders need AI power of their own.” He continues, “Cisco is continuing its mission to secure AI and leverage AI for security with novel open-source models and tools, new AI agents, and IoT advancements, alongside the full breadth of the Cisco Security Cloud. Together, these innovations will help level the playing field and deliver AI innovation that makes all businesses more secure.” Improved Threat Detection and Response with Cisco XDR Security teams are inundated with thousands of threat alerts daily. Cisco XDR addresses this challenge by correlating telemetry across network, endpoint, cloud, email, and more, using agentic AI to surface what matters most to organisations. Integrating several new features, Cisco XDR will deliver decisive, AI-powered responses to stop attacks faster than ever. The new Instant Attack Verification integrates data from the Splunk platform, endpoints, networks, threat intelligence, and more – and uses agentic AI to automatically create and execute tailored investigation plans. This feature swiftly investigates, confirms threats, and enables security teams to automate responses with confidence to stop attacks. New automated XDR Forensics capabilities New automated XDR Forensics capabilities provide deeper visibility into endpoint activity New automated XDR Forensics capabilities provide deeper visibility into endpoint activity, increasing the accuracy of investigations. Additionally, a new XDR Storyboard clearly visualises complex attacks, empowering security teams to understand threats in seconds and decisively respond faster. To further help organisations strengthen their digital resilience - Splunk Enterprise Security (ES) and Splunk SOAR 6.4 enhance defences against known and unknown threats for better visibility, accurate detections, and integrated and automated workflows that increase efficiency. Organisations that combine Splunk ES and SOAR with Cisco XDR will gain enhanced network visibility and detection to expedite investigations and stay ahead of threats. With this breadth of solutions, Cisco helps organisations build a SOC of the future that harnesses agentic AI to identify threats faster, accelerate resolutions, and realise massive productivity gains. Splunk SOAR 6.4 is generally available, and Splunk Enterprise Security 8.1 will be available in June. Cisco XDR changes security services delivery “Cisco XDR has fundamentally changed how we deliver security services, and we're eager to leverage the enhancements in our vision for the future,” said Omar Zarabi, CEO, Port53, adding “Building on its network-centric and open XDR approach, the emphasis on clarity, decisiveness, and speed – delivered through Instant Attack Verification powered by agentic AI, and automated XDR Forensics – will further streamline our operations and deliver even better results for our customers.” “Cisco XDR aims to address key challenges in the SOC with its focus on 'Clear Verdict. Decisive Action. AI Speed,'” said Frank Dickson, Group Vice President, Security & Trust, IDC, adding “The combination of Instant Attack Verification, XDR Storyboard visualisations, and automated XDR Forensics offers a streamlined approach to threat management. The effectiveness of these features in improving security outcomes will depend on real-world deployment and integration within existing security ecosystems.” Security for AI and AI for Security Cisco continues its commitment to help customers tackle the growing challenges of managing AI security risks Building on the recent launch of AI Defense, Cisco is continuing its commitment to help customers tackle the growing challenges of managing AI security risks. Cisco announced a new integration as part of a deepened relationship with ServiceNow to enable confident and secure AI adoption at scale. The first integration will bring together Cisco AI Defense with ServiceNow SecOps to provide more holistic AI risk management and governance. Cisco introduces Foundation AI Cisco also introduced Foundation AI, a team of renowned AI and security experts that joined through the Robust Intelligence acquisition, focused on developing cutting-edge technology to address the fundamental security issues of the AI era. The Foundation AI team has released the first open-source reasoning model built specifically for enhancing security applications. They will also debut novel benchmarks to evaluate cyber security models on real-world security use cases, plus additional tools and building blocks for teams to leverage in adapting the models. These models and tools will encourage collaboration among first-class security experts and machine learning engineers, while delivering essential infrastructure that cyber security teams can immediately leverage. AI Supply Chain Risk Management security controls New set of AI Supply Chain Risk Management security controls will help customers to secure AI application artifacts Additionally, a new set of AI Supply Chain Risk Management security controls will help customers to secure AI application artifacts. Even before deploying models in production, enterprises are exposed to security vulnerabilities, like malware in AI model files and poisoned data sets that are downloadable from open-source repositories. By combining AI model threat assessment and detection with comprehensive network enforcement, enterprises can confidently accelerate their AI adoption and innovation. This includes identifying and blocking malicious AI model files, before they enter the enterprise; automatically detecting and blocking AI model files with risky or restrictive open-source software licenses that pose intellectual property and compliance risks; and flagging and enforcing policies against AI models originating from prohibited suppliers. Enhanced Industrial IoT Security Solutions As industry digitisation accelerates and industrial AI emerges, critical infrastructure and industrial networks are constantly exposed to cyber threats. Enhancing the Cisco Industrial Threat Defense solution and further extending IT security to industrial settings, these new integrations with Cisco Cyber Vision include: Cisco Vulnerability Management and Splunk Asset and Risk Intelligence to help prioritise OT cyber risks; Cisco Secure Firewall to help automate industrial network segmentation to better protect operations; and the Splunk OT Security add-on in Splunk ES to unify IT and OT visibility within the SOC, helping detect threats traversing domains to secure global enterprises.

Rapid7, a pioneer in extended risk and threat detection, announced the launch of Intelligence Hub, an integrated threat intelligence solution designed to provide security teams with meaningful context and actionable insights for accelerated detection and response. Data overload is a major problem for security teams; two-thirds of SOC analysts responding to a recent survey said the number of security alerts they receive had “significantly increased” in the last three years. In addition, 70% said the number of security tools they work with had “significantly increased.” Key challenges faced by security teams Intelligence Hub addresses several key challenges faced by security teams, including siloed intelligence platforms, lack of context, and the inability to prioritise threats effectively. Rapid7 Labs expertly curates the data delivered through Intelligence Hub, which includes sources that are unique to Rapid7 such as the company’s honeypot data and proprietary research. Low-prevalence, high-impact indicators are rigorously verified to minimise false positives and enable automated responses. Rapid7 Command Platform Intelligence Hub provides contextualised data that assigns security teams to prioritise threats The intelligence is then delivered directly within the Rapid7 Command Platform, bringing high-fidelity, curated intelligence into the security analyst’s workflow. This approach prioritises data that can be trusted, ensuring security teams can focus on the threats that matter most. “Security organisations are drowning in noise, making timely responses to threats nearly impossible,” said Raj Samani, chief scientist at Rapid7. “Intelligence Hub addresses this challenge by focusing on curated intelligence, providing only the most relevant and verified indicators to enable rapid and effective action.” In addition to curated intelligence, Intelligence Hub provides contextualised information that empowers security teams to prioritise threats based on their specific industry, geography, and vulnerabilities, as well as the tactics and techniques of threat actors along with a clearly defined methodology for attribution. This allows for targeted remediation and effective resource allocation. Key benefits of Intelligence Hub Integrates seamlessly with workflows: Delivers actionable intelligence directly within customers’ existing Command Platform tools—such as Rapid7’s next-gen SIEM, InsightIDR—eliminating context switching and accelerating response Cuts through the noise: Surfaces only the most relevant threats based on active attacker campaigns, industry targeting, and exploitability. Delivers high-fidelity intelligence: Unifies global threat intelligence expertly curated by Rapid7 Labs researchers from ingestion sources that include data from Rapid7 honeypots, open source communities, and proprietary Labs research. Provides meaningful context: Prioritises relevant threats based on sector, geography, and vulnerability exploitation for proactive response. Challenges with threat intelligence solutions “In IDC’s October 2024 survey of U.S. organisations, the top three challenges with threat intelligence solutions were cost (42.2%), false positives and alert fatigue (40.0%), and data quality and reliability (39.7%),” said Monika Soltysik, senior research manager at IDC. “Solution providers that are proactively addressing these challenges, like Rapid7, are making it easier for their customers to understand and secure their attack surface.” Rapid7 will also be demonstrating Intelligence Hub live at the RSA Conference in San Francisco, April 28 - May 1.

Illumio, the breach containment company, announced the launch of Illumio Insights, the industry’s first cloud detection and response (CDR) solution powered entirely by an AI security graph. A key part of Illumio’s breach containment platform, Insights can observe and protect every workload and resource, spanning hybrid and multi-cloud environments. It provides AI-powered observability into the organisation’s traffic, flows, and connections, surfacing risk throughout the connected landscape. Illumio Insights SOC analysts Threats can be dynamically quarantined, with impacted workloads fully isolated, reducing the blast radius Illumio Insights helps SOC analysts, incident responders, and threat hunters uncover hidden risks by observing all flows and connections and discovering risky, malicious, and anomalous activity. Insights visualises dangerous traffic and behaviour and prioritises lateral movement risks across environments, enabling rapid detection and response. Threats can be dynamically quarantined, with impacted workloads completely isolated, reducing the blast radius and significantly boosting resilience. Key benefits of Illumio Insights Rapid Cloud-Scale Deployment: Push-button, agentless deployment delivers AI security graph-powered insights across millions of workloads in minutes.‍ Unmatched Threat Detection with AI Observability: Significantly reduces the mean time to detect (MTTD) by uncovering unseen threats and attack paths. ‍ One-Click Attack Containment: Immediately neutralises potential risks and reduces the mean time to respond (MTTR) with one-click containment. AI-driven Illumio Insights analytics pipeline “When an organisation is under attack, understanding the connectivity graph is crucial. Bringing together the Illumio security graph with the AI-driven Illumio Insights analytics pipeline allows organisations, for the first time, to understand how threats and risks are moving through their environment. This is the power of an AI security graph,” says Andrew Rubin, CEO and Founder of Illumio. “Illumio Insights is vital for protecting the environment as it offers unparalleled observability to understand threat and malicious activity in the cloud. Illumio Insights connects the dots and finds every needle in every haystack. When integrated with Illumio Segmentation, breaches are contained and cyber disasters avoided.” Illumio’s AI security graph Illumio’s AI security graph enables Insights to ingest network flow and resource data at cloud scale Illumio’s AI security graph enables Insights to ingest network flow and resource data at cloud scale, automatically classify traffic and resources, and immediately find the risk. The graph helps security teams to form a complete picture of attacker movement across the entire environment and drives faster, more informed response decisions. AI-powered security graphs "As the cybersecurity landscape continues to evolve, it's no longer about having more technology — it's about having smarter, more adaptive solutions. The need for intelligent systems has never been greater, and AI is at the heart of this transformation,” said Frank Dickson, group vice president, Security and Trust at IDC. “AI-powered security graphs are a game-changer, enabling businesses to proactively identify, assess, and mitigate risks in near real-time. These sophisticated tools streamline security efforts and enhance decision-making by learning from patterns and behaviours, offering a level of insight and protection that traditional offerings simply can't match." Illumio Insights and Illumio Segmentation Illumio Insights and Illumio Segmentation are integral components of the Illumio Platform According to Thomas Vavra, manager, Network & Security Operations, Mondi Group, “Illumio Insights will give us real-time visibility and control over our risky ports, significantly reducing our risk exposure and improving compliance with industry standards. This will enable us to quickly identify vulnerabilities and address them before they become threats.” Illumio Insights and Illumio Segmentation are integral components of the Illumio Platform, the first cybersecurity platform focused on breach containment. Overall cyber resilience Illumio Insights helps organisations quickly identify and detect threats, while Illumio Segmentation contains breaches, protects critical assets, and enables instant response. Together, these solutions help identify and mitigate risks, contain attacks, and enhance overall cyber resilience. To see a demo of Illumio Insights, and to learn more about Illumio’s breach containment offerings, stop by the Illumio booth (North Hall #5670) at RSAC in San Francisco April 28-May 1.

The past decade has seen unprecedented growth in data creation and management. The products and services that consumers use every day – and the systems businesses, large and small, rely on – all revolve around data. The increasing frequency of high-profile data breaches and hacks should be alarming to anyone, and there’s a danger data security could worsen in the coming years. According to DataAge 2025, a report by IDC and Seagate, by 2025, almost 90% of all data created in the global datasphere will require some level of security, but less than half of it will actually be secured. Nuanced approach to data security Security is a circle, not a line. Every actor involved in the handling and processing of data has responsibility for ensuring its securityThe rapid proliferation of embedded systems, IoT, real-time data and AI-powered cognitive systems – as well as new legislation like the European Union’s GDPR – means that data security has to be a priority for businesses like never before. With data used, stored and analysed at both the hardware and software level, we need a new and more nuanced approach to data security. Security is a circle, not a line. Every actor involved in the handling and processing of data has responsibility for ensuring its security. What this means in practice is renewed focus on areas of hardware and software protection that have previously not been top of mind or received large amounts of investment from businesses, with security at the drive level being a prime example. The importance of data-at-rest encryption In a world where data is everywhere, businesses need always-on protection. Data-at-rest encryption helps to ensure that data is secure right down to the storage medium in which it is held in a number of ways. Hardware-level encryption, firmware protection for the hard drive, and instant, secure erasing technology allow devices to be retired with minimal risk of data misuse. Data-at-rest encryption helps to ensure that data is secure right down to the storage medium in which it is held in a number of ways A recent report from Thales Data Threat found that data-at-rest security tools can be a great way to help protect your data. However, it’s important to note that this must be used in conjunction with other security measures to ensure that those that fraudulently gain access to your key management system can’t access your data. Ensuring drives to be Common Criteria compliant One straightforward test any business can do to ensure its storage is as secure as possible is to check whether the drives are Common Criteria compliantDespite the clear benefits, this kind of encryption lags behind other areas, such as network and endpoint security, in terms of the investment it currently receives. The same Thales Data Threat report found that data-at-rest security was receiving some of the lowest levels of spending increases in 2016 (44%), versus a 62% increase for network and a 56% increase for endpoint security. One straightforward test any business can do to ensure its storage is as secure as possible is to check whether the drives are Common Criteria compliant. Common Criteria is an international standard for computer security certification, and drives that meet this standard have a foundational level of protection which users can build on. Providing an additional layer of security The retail industry has seen a spate of security breaches recently, with several major US brands suffering attacks over the busy Easter weekend this year. As frequent handlers of consumer card information, retailers are particularly vulnerable to attack. Data-at-rest encryption could enhance security in these instances, providing an additional layer of security between customer records and the attacker The advanced threats retailers face can often evade security defences without detection. Such a breach could grant attackers unrestricted access to sensitive information for possibly months – some breaches are known to have been detected only after consumer payment details appeared on the dark web. These types of undetected attacks are highly dangerous for retailers, which are relatively helpless to protect consumer information once their defences have been compromised. Data-at-rest encryption could significantly enhance security in these instances, providing an additional layer of security between customer records and the attacker which has the potential to make the stolen data valueless to cyber criminals. Industries in need of data-at-rest encryption Healthcare organisations, which hold highly sensitive customer and patient information, have a strong use case for data-at-rest encryption. With the widespread adoption of electronic patient health records, that data is increasingly more vulnerable to attack. Recent research from the American Medical Association and Accenture revealed that 74% of physicians are concerned over future attacks that may compromise patient records. With the widespread adoption of electronic patient health records, that data is increasingly more vulnerable to attack The financial sector would also benefit from further investment in data-at-rest encryption, given 78% of financial services firms globally are planning on increasing their spending on critical data, according to Thales’ Data Threat Report. It’s helpful to view security as a circle in which every piece of hardware and software handling the data plays its part SMEs and enterprises are not immune to security threats either – with growing numbers of people traveling for work or working remotely, the risk of sensitive business data becoming exposed via device theft is heightened. Usernames and passwords have little use if thieves can simply remove unencrypted hard drives and copy data across. Securing every hardware and software Technology vendors often focus on aspects of hardware and application security that are within their control. This is understandable, but it risks proliferating a siloed approach to data security. There is no single line for data security -- rather, it’s helpful to view it as a circle in which every piece of hardware and software handling the data plays its part. There’s a clear need for more industry dialogue and collaboration to ensure data security is effectively deployed and connected throughout the security circle and across the value chain.

To say the surveillance industry has changed over the last quarter of a century is an understatement. From high-definition cameras and TVs to high flying drones and video analytics – the surveillance industry has shifted in ways we never expected to see in such a short space of time. What’s more, with such advancements in both quality and choice that’s now available in the market, it’s no wonder that revenue in the video surveillance market is set to double to $75.64 billion by the end of 2022. Overall, some of the biggest opportunities in the surveillance industry will be through adopting new technological practices, particularly around the Internet of Things (IoT), cloud storage and artificial intelligence (AI) such as machine learning. The main question however is exactly how these trends will shape the surveillance industry of the future? Growing data needs in the IoT era Recently, Seagate and IDC released a whitepaper looking at the future of data and the factors that will contribute to worldwide data exploding to 163ZB by 2025. One of the biggest reasons for the increase in data is the rise of connected devices as a result of the IoT. Specifically, within surveillance we are seeing this occur already, thanks to drones and other wearable security devices becoming connected and coming online. With so many more transactions being created and tracked it’s crucial to think about how the surge in data will be managed. The use and integration of data in businesses and our lives is also quickly moving to the need for real time data Hard drives optimised for surveillance With such complexity in both the data set and its use, it’s imperative that we make sure that we have all the right hardware for the job. In the past, data centres would typically use the largest capacity drives their budget would stretch to, with the knowledge that the drives would be sufficient for its needs. However, as we move to a more complicated data set thanks to the rise of the IoT, we now need to begin to make more of a conscious effort to consider what drive is right for our needs. A prime example is how specialised hard drives have been making their way in to the surveillance market that have been optimised for specific use functions. One such drive is Seagate’s SkyHawk which allows security applications to continuously record video over a 24/7 basis. Unlike other industries, the surveillance market needs drives that have the capacity to run and write data 90% of the time so that businesses are never caught out using unsuitable and unreliable drives which could have serious consequences to personal and business safety. Access to video in the cloud   The rise of connected devices is also generating a substantial volume of data. This poses the question of where exactly this data will be stored and conversations are already taking place around access to video in the cloud.  A key driver of the shift to cloud-based, fast-access, and truly mobile data usage is that data has increasingly become a critical influencer for our lives in all aspects There are a couple of benefits to consider when it comes to video surveillance in the cloud. Firstly, the data is stored in a central, shared system so users can access the content quickly and easily from wherever they are. Secondly, it’s possible to update a cloud-based product on an ongoing basis, often in real-time, and once improvements have been made they are immediately visible and available to customers. Emergence of hypercritical data A key driver of the shift to cloud-based, fast-access, and truly mobile data usage is that data has increasingly become a critical influencer for not only our businesses but also our lives in all aspects. Our research with IDC revealed that data usage is changing and it now has to be analysed by its level of criticality. The emergence of hypercritical data also means that businesses should look to review how they capture data and deliver data analytics. This is because they’ll require an infrastructure that can deliver high reliability and bandwidth as well as increased security. This could be something as simple as making sure they choose the hard drives that offer the ability and resilience to deal with the requests for data analysis. Thanks to AI we’ll see the industry becoming more proactive, rather than reactive Machine learning and AI for real-time analytics The use and integration of data in businesses and our lives is also quickly moving to the need for real time data. As such, data is delivered to not only inform but also determine actions — sometimes autonomously. Consequently, machine learning and AI is causing a huge buzz within video surveillance. And it’s no wonder when the opportunity for our industry is huge. If security guards and emergency services can use the data from AI to make smart predictions, it will help increase preventative and real-time tactics in surveillance, rather than simply being used as a post event, forensic tool. Thanks to AI we’ll see the industry becoming more proactive, rather than reactive, as a result of machine learning being able to predict security and surveillance situations before they happen. Over time, the demand for intelligent video analytics and systems is only going to increase as more and more industries realise the benefits for its application. It’s up to all of us to work with our partners and customers to ensure that they are ready for this change and are advised of the best way to manage and store the data generated to meet their needs.

Widespread use of smartphones and the loT have fuelled explosive demand for connectivity, convenience and control The growing Internet of Things (loT) or intelligent, inter-connected devices are causing a paradigm shift in nearly every technology sector, including the security installing industry. The global IoT market, according to research firm IDC, Framingham, Mass., is predicted to increase from 10.3 million “endpoints” in 2014 to more than 29.5 million in 2020. This article by SourceSecurity.com's dealer/integrator correspondent, Deborah L. O’Mara looks at COPS Monitoring’s focus on helping security companies easily add a wide range of new services and corresponding RMR. Smartphones and loT connectivity demand Across the security landscape, this widespread change and adoption of devices and systems riding on the network is causing massive change across the board, from installing companies to central station monitoring firms. Jim McMullen, president and chief operating officer, COPS Monitoring, Williamstown, N.J., says widespread use of smartphones and the loT have fuelled explosive demand for connectivity, convenience and control, and the Underwriters Laboratories Listed, Factory Mutual Approved central station provider is delivering the critical services associated with these trends. “Smart hardware for items like lighting, thermostat, locking, and video cameras and useful apps to manage these components are the types of services customers want. Fortunately, many of today’s modern security systems have proven to be a viable platform for a more comprehensive connected home solution. Dealers that understand and embrace these new services can leverage the growing demand by integrating home automation and lifestyle services with security. In many cases, it equates to additional recurring monthly revenue (RMR) and a ‘stickier’ customer.” Geo-diverse hometown central stations COPS Monitoring operates six strategically located geo-diverse hometown central stations. Five central stations, in New Jersey, Florida, Arizona, Tennessee and Texas, are hot-redundant and load sharing. If local conditions affect one of its locations, it continues to deliver fast and professional service by over-staffing other load-sharing centers. The company’s sixth central station in Maryland will be integrated into its current services in 2015.  "Smart hardware for items like lighting, thermostat, locking, and video cameras and useful apps to manage these components are the types of services customers want, " says Jim McMullen, President & COO COPS Monitoring McMullen says that from the company’s beginning more than 37 years ago, COPS Monitoring’s success has been dependent upon one thing: helping independent alarm dealers succeed.  “Today, we are the largest independently-owned third party monitoring company in the industry, yet our regional approach allows us to maintain a more personable ‘hometown’ level of service,” he says. “With one of the most of experienced management teams in the industry and an in-house staff of programmers, COPS Monitoring not only has clear vision and leadership, but we also have the resources and ability to give our dealers an advantage by quickly adopting the best new technologies as they become available.” New services and corresponding RMR COPS Monitoring is fine-focused on helping security companies easily add a wide range of new services and corresponding RMR. “We support essentially all of the modern panels from major manufacturers that give dealers the ability to offer their customers a variety of home control, lifestyle services and security apps,” McMullen says. “In addition to the ability to control their alarm system and other connected devices, consumers can also receive notification about alarm events. We also created our own useful app for dealers to package to end-users as a white-label solution. Unfortunately, today’s security system apps don’t give customers the most important information about what happened during an alarm event - such as who was called, whether a passcode was given, or if the authorities were dispatched. That’s why professional central station monitoring services are so critical, and we wanted the results of our actions to be at the end-users’ fingertips,” he says.  User-friendly interface for customer satisfaction This solution has been a differentiator for the COPS dealers: the smartphone, tablet and PC access called MPower is branded with the dealer’s logo. The interface is also colour-coordinated for a custom look and feel for each dealer. “The additional peace of mind of knowing what happened during an alarm event is why our dealers consider MPower an integral part of protecting RMR.  Its user-friendly interface improves customer satisfaction and ultimately helps to reduce attrition.  What’s more is that MPower can be offered as a standalone service because it works with any panel and transmission format, whether a connected home system is installed or not,” McMullen says. “Our industry is changing at a pace faster than ever before, which means dealers need a central station that can stay ahead of the technology curve and have the ability to quickly support the best emerging technology so they can provide the products and services their customers demand.”