Panaseer included in three 2023 Gartner® Hype Cycle™ reports

Panaseer’s CAASM and CCM solutions have been included in Hype Cycle reports for Security Operations, Cyber Risk Management, and Workload and Network Security.

The landscape of security technologies and vendors is increasingly complicated, so Gartner’s Hype Cycle reports are an important tool for understanding different solutions and their potential benefits.

Here at Panaseer we’re excited to have been included in three Hype Cycle reports this year. We were recognized as a Sample Vendor in Gartner Categories for Continuous Controls Monitoring (CCM) and Cyber Asset Attack Surface Management (CAASM).

CAASM was included in three Hype Cycle reports in 2023, while CCM was included in the latter of these reports:

• Security Operations (SecOps)
• Workload and Network Security
• Cyber Risk Management

In this article I’ll give a quick overview of the Innovation Profiles we’ve been included in and how they benefit your security posture.

What is a Gartner Hype Cycle?

Gartner Hype Cycles provide a graphic representation of the maturity and adoption of technologies and applications, and how they are potentially relevant to solving real business problems and exploiting new opportunities. Gartner Hype Cycle methodology gives you a view of how a technology or application will evolve over time, providing a sound source of insight to manage its deployment within the context of your specific business goals.

Each Hype Cycle drills down into the five key phases of a technology’s life cycle.

1. Innovation trigger
2. Peak of inflated expectations
3. Trough of disillusionment
4. Slope of enlightenment
5. Plateau of productivity

Cyber Asset Attack Surface Management (CAASM)

CAASM is recognized as an emerging technology in the 2023 Hype Cycles, with market penetration of around 1%-5% of target audience. It is seen as having a “moderate” benefit for organizations.

According to Gartner:

“It [CAASM] enables organizations to see all assets (internal and external), primarily through API integrations with existing tools, query consolidated data, identify the scope of vulnerabilities and gaps in security controls, and remediate issues.”

This is how Gartner defines the business impact of CAASM:

“CAASM enables security teams to improve basic security hygiene by finding security controls gaps, security posture, and asset exposures across all digital assets. Organizations that deploy CAASM reduce dependencies on homegrown systems and manual collection processes, and remediate gaps either manually or via automated workflows. Organizations visualize security tool coverage, support attack surface management (ASM) processes, and correct systems of record that may have stale or missing data.”

Continuous Controls Monitoring (CCM)

Much like CAASM, CCM is recognized as an emerging technology with market penetration of 1% to 5% of target audience, however it is seen as offering a “high” benefit rating to customers.

CCM builds on the basic asset visibility offered by CAASM to give a continuous view of the effectiveness of security controls. According to Gartner, continuous monitoring of security controls is critical for organizations faced with increasing pressure from security and compliance requirements and growing attack surfaces, which make assurance tasks arduous and error-prone.

This is what Gartner says is the business impact of CCM:

“CCM tools in cybersecurity help security and IT teams to reduce the manual efforts for security control management, partially relieving staff burden and enabling them to focus on higher-value tasks and reducing costs. The tools also provide constant monitoring of security controls, allowing faster detection of potential threats and minimizing breaches and regulatory noncompliance, preventing significant financial and reputational damage. They not only enhance a company’s cybersecurity posture but also build a more secure, successful business.”

Our view on CCM vs. CAASM

The benefits from CAASM vary depending on the vendor, but the technology is seen as delivering immediate benefits for your security posture. It brings greater visibility of assets and controls, and more efficient reporting. For many organizations, it’s the first step on a process of adopting a more proactive approach to cybersecurity.

This is critical, given that our 2024 Security Leaders Peer Report found that 79% of organizations have suffered a security incident that evaded their existing controls. This is despite the fact that nearly all CISOs (95%) are confident that their controls are working effectively all the time.

This suggests that data on the status of controls is either inaccurate, or not being properly interpreted to improve security posture.

Both CAASM and CCM can help solve this problem. However, as noted in the Hype Cycle, CAASM offers “moderate” benefits while CCM’s are rated as “high”.

In our opinion, the difference is that while CAASM platforms focus on visibility, CCM enables a broader transformation of your cybersecurity strategy by giving you the insights you need to improve your security posture.

A new approach to security with CCM

The challenges facing security teams are well understood. There are more technologies and security tools to deal with; more pressure from regulators and senior stakeholders; and more risks to understand and mitigate. What’s less well understood is how to overcome these challenges.

Panaseer research shows that if CISOs were given a budget increase, most would spend it on hiring new talent. But the reality is that hiring more people will never be the answer for an industry faced with a chronic skills shortage.

Instead, security leaders need to find ways to become more efficient and get more value from their existing resources.

Continuous Controls Monitoring can help drive this change by facilitating a new approach to cybersecurity. It does this by automating data collection and reporting so security teams have more time to focus on higher value tasks, while also giving CISOs greater insight into the root causes of problems so they know what to do to improve their security posture.

The benefits of CCM

Panaseer’s CCM platform combines data from security and business tools, such as HR tools, to give deeper insights on the context around weaknesses in security posture. While CAASM tools typically only flag up where issues exist, CCM can help you understand why they exist and how to fix them.

The specific benefits of CCM include:

• Business context on security issues, such as which processes or systems are impacted, to improve prioritization of resources.
• Continuous analysis of performance against security policies and frameworks, including historic data to show progress on strategic initiatives.
• Increased productivity by reducing manual reporting and controls testing.
• Improved governance of cybersecurity by giving visibility across the organization for who’s accountable for specific assets and processes.

The Panaseer platform offers all the benefits you get from a CAASM platform, while also offering much deeper insights into your security posture and the actions you should take to actively reduce cyber risk.

To find out more, request a demo of our platform and we’ll be happy to discuss the benefits of both CAASM and CCM.

Attribution

This article references:

• Gartner, Hype Cycle for Security Operations, 2023, By Jonathan Nunez, Andrew Davies, 20 July 2023
• Gartner, Hype Cycle for Workload and Network Security, 2023, By Charlie Winckless, Feng Gao, 31 July 2023
• Gartner, Hype Cycle for Cyber Risk Management, 2023, By Deepti Gopal, Sema Yuce, Michael Kranawetter, 25 July 2023

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and HYPE CYCLE is a registered trademark of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved.

Gartner objectivity disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.