Connect with us

Hi, what are you looking for?


Management & Strategy

Predict, Prevent, Detect and Enforce: Insights from the Gartner Security Summit

It was a great time at the Gartner Security & Risk Management Summit last month in National Harbor, MD. Good to see old friends and make new ones.

It was a great time at the Gartner Security & Risk Management Summit last month in National Harbor, MD. Good to see old friends and make new ones.

It’s been a dirty little secret among those of us in the security industry that there are two types of security solution providers: those who scare the market about threats and attackers in order to sell some of their wares, and those who are collaborating across companies and really trying to create something valuable in order to make the world a safer place.

This year’s Gartner Security Summit was filled with security practitioners who fall into the latter category. The Summit paid special attention to the latest threats, flexible new security architectures, governance strategies, the CISO role and more. While there, I attended several insightful sessions by great security minds including Greg Young, Adam Hills, Neil MacDonald, Craig Lawson, Eric Alhm and Jeremy D’Hoinne that focused on the changing security landscape and left me feeling quite inspired about the future of our industry.

There’s little doubt that the way we interact with security has evolved greatly over the past few years and decades. We used to live in an age where we trusted everything inside the Local Area Network and nothing outside of it – hence why everything in security was about prevention.

In the last few years, as a darker threat landscape has emerged and user consumption and utilization of the network has changed, the spotlight has turned to detection and enforcement across networks and companies. This is an important shift and one that should be changing the way that we think about security.

The analyst presentations at the Gartner Security Summit laid out different aspects of security in a predict, prevent, detect and enforce framework. They discussed how these four core principles of security are crucial to any successful security implementation, and are a helpful guideline to follow when discussing the optimal installation.

It was great for us to have conversations that aligned all different aspects of security across the threat landscape, including next-generation firewalls, threat intelligence topics like automation, and integrating security in DevOps culture. While these disparate security applications and ideas may not seem immediately related, they all pertain to the greater conversation about the current security landscape and where things are headed in our industry.

The common thread in all of these sessions was that there needs to be a new goal in the security industry. No matter which part of security you are looking at, we have to evolve to a space where there is real-time information exchange that feeds into algorithms for better prediction or notification of an event. This information could create prevention across all high-risk sites around the world, as well as the ability to detect and enforce at the most effective point.

Advertisement. Scroll to continue reading.

Real-time information exchange is essentially the ability to dynamically consume data from your entire network and then act upon that data at any point. This kind of insight into the network is extremely valuable and can drastically improve response times to threat detection as well as enforcement. By using this real-time information exchange, we can take the predict, prevent, detect and enforce framework to a whole new level of network security. Let the information exchange begin!

Related: Learn More at SecurityWeek’s CISO Forum

Written By

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

Merlin Ventures has appointed cybersecurity executive Andrew Smeaton as the firm’s CISO-in-Residence.

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

More People On The Move

Expert Insights