Cybersecurity

Tech Radar
Tracking innovations for efficient,
agile and smart security
2022 edition
Foreword beyond. Cognitive AI (CAI) and frugal AI are a few examples of
emerging trends that will shape the evolution of cybersecurity.
For each cybersecurity domain, we have grouped the cybersecurity
technological trends in terms of speed of adoption:
• Zero to two years: Mature technologies are either already
Consequently, in order to help organizations keep an eye on adopted by most organizations or will be in the next two
the latest cybersecurity tech trends and identify the security years In other words, these technologies have become an
technologies that can help them address cyberthreats integral part of the security strategies of most companies.
efficiently, we created the Atos Cybersecurity Tech Radar. • Two to five years: Proven technologies are usually adopted in the
next two to five years cycle as organizations improve in maturity.
Zeina Zakhour With this yearly updated radar, organizations can keep • Five years and above: emerging trends will be adopted by
Global Chief Technical Officer, abreast of the emerging cybersecurity innovations, and adopt the mainstream after approximatively five years or more.
Digital Security, Atos an agile cybersecurity strategy that can adapt to the changing Still, organizations with a mature cybersecurity level can
digital environments. adopt such emerging trends earlier.

The only constant in our cybersecurity industry is change, Our Atos security experts are tracking more than 150 For each technology trend captured in our radar, we have worked on:
leaving organizations with a myriad of emerging cybersecurity cybersecurity technological trends that are shaping and • The main business use cases it addresses.
technological trends that can secure their digital transformational transforming the industry as we speak. We built our radar • The benefits it brings with a focus, when applicable, on the
journey and thwart looming cyberthreats. However, innovation around eight major cybersecurity domains, because we specific market verticals.
in cybersecurity is not only focused on improving the security believe those are the most critical for the end-to-end • The main challenges to adoption that organizations must
of the digital environments, but also to provide an agile management of your security posture and security of your take into consideration when deploying any of those
architectural blueprint adapted to the increasingly distributed, digital transformation. cybersecurity technology trends.
decentralized and complex organizational environment.
• Advanced Detection & Response Cybersecurity innovation is a key contributor to the success of
Those challenges are heightened by the cybercriminals’ speed • Cyber Incident Response the digital revolution as we know it today. Undoubtedly, it will
of innovation. Cybercriminals and state-sponsored actors keep • Identity & Access Management continue to be a key foundation for safe and secure adoption
innovating at a fast rate, leveraging new technologies to steal • Endpoint and Mobile Security of future technology trends such as quantum, edge and
data, commit fraud and extort money. Now, not only do they try • Network Security swarm computing, ethical AI and immersive experience.
to paralyze critical national infrastructures, but also local and • Application Security
regional authorities, which realize they have become a target. • Cloud Security Our Cyber Tech Radar aims to help you navigate the breadth
Nobody is exempt from being attacked. • Data Security of cybersecurity technologies and support you in refining the
cybersecurity strategy of your organization. To stay informed
Concepts like the cybersecurity mesh are presenting a modern Let us take a few figures about the latest cybersecurity news and updates to the radar,

74% 79%
conceptual approach to security architecture. Emerging trends such follow: https://www.linkedin.com/showcase/atos-digital-security/

70% 75%
ofofcompanies
organizations of organizations
credential
as the metaverse change the creation, use and consumption of experienced
with public cloud
a suffered
abuse attacks
an
digital services, and raise new concerns and challenges in terms of security
capabilities
incident in identity-related
against financial Contributors
2021. (Security Leaders
experienced
Research a breach in the last
services
two years.
directly
security. When identity is the new perimeter and data the new oil, Aleksander Pawlicki, Allen Moffett, Amalia Lin, Ana Bura, Andrei Chipaila,
securityVectra)
Report, incident last year. (the targeted
(IdentityAPIs
Defined
or also.
Secury Alliance)
solutions such as Privacy Enhancing Cryptography (PEC), applied to State of Cloud Security, 2020). (Information Age). Andrei Dumbrava, Angel Polamaro, Boubacar Camara, Christian Radu
concrete use cases protect data in use. Cleiton Lenkiu, Dan Schaupner, Dragos Pelian-Popa, Ernesto Parodi, Farah

53%
64% 94%
61%
of web-targeted of organizations
increase
attacks in
in the of
haveall SMBs
had an Rigal, Gabriel Priceputu, Gabriela Gorzycka, Geert Fieremans, Ivana Getia,
costs of half
the first have reported
identity-related
To top it all, artificial intelligence is infused to all cybersecurity Laurence Begou, Lia Predut, Marc Llanes, Marcin Krysinski, Marco Gruber,
cybercrimes,
of 2020 used at least one cyber-attack during
breach, which 99%
areas. Deep learning and machine learning are already in use, whereas those cybercrimes only the previous year. (Verizon) Marcus Lahm, Mihai Belu, Mircea Avram, Mohan Ayare, Nitin Kulkarni,
APIrequests. (Forbes). believe could have been prevented.
but AI use cases and usability in the cybersecurity field goes grew by 7% in volume (Identity Defined Security Alliance). Philippe Bodden, Raul Salagean, Reli Arras, Thierry Winter, Vali Pop, Vasco
(Internet Crime Report 2021, FBI)
Gomes, Vinod Vasudevan, Wojciech Bohatyrewicz, Zeina Zakhour.

02 | Cybersecurity Tech Radar 2022

 Personification

The Cybersecurity
tools
File AI driven threat
Ethical
Analysis modeling
Machines
Homomorphic

Tech Radar
Autonomous Encryption Swarm security intelligence
DataSecOps Privacy Impact
Assessment
Quantum Safe intelligence
Key Distribution Cognitive detection &
sharing
Secure Multi-Party Lightweight response
Blockchain
Computation encryption security monitoring

Security for AI
Cloud
Testing tools
Security
rating services
Unified fraud
& Security VR/AR Security
Tracking innovations for efficient,
agile and smart security
Awareness Training
Cybersecurity DRPS/EASM
Quantum-Safe Mesh Architecture
encryption Anonymization Attribute-based AI-powered
Encryption AI driven XDR Cyber Range
tools Security
SOAR Data Cyber deception
Consent Data Secure Access Annotation Cyber Crisis Dynamic
Management Service Edge 5G monitoring & Table Top Exercise Risk-based Security
Mapping
Crypto Integrated response
-
& BYOE IT/IoT/IoMT
KMaaS Digital Augmented Reality
Data-centric Audit Cyber API Security
signature Threat Modeling
Fraud Threat monitoring
& Protection Breach and Attack
Database Detection Intelligence MDR Targeted Security
Data Discovery Encryption Simulation
Chaos Hybrid & Multi-cloud unified Awareness
engineering & classification
Cloud Security Enterprise Privacy detection & response Cyber Deception
Encryption Service Edge digital rights by design Risk-based vulnerability Threat
Vulnerability
management Hunting
Sovereign Cloud management Research
Easy Data
DevSecOps Cryptographic
SECaaS Loss MITRE based risk MITRE ATT&CK Threat & Vulnerability
Security for agility management Mapping Management Autonomous &
Prevention
Serverless Cloud Integrated
Time Edge
CNAPP Digital Threat hunting
Zero Trust stamping security
Cyber Threat Surveillance DRPS/EASM
Network Access Dynamic analytics
OpenID Connect Intelligence
Cloud Workload Data Masking
Threat Intelligence
Confidential Protection Platform Platform
Cloud Application Vulnerability Dynamic
Computing Assessment
Security Testing Container and CSP Native Trusted Third provisioning
Kubernetes Security Security Adaptive party Access Adaptive ID &
Immutable API Threat CIAM Access control Access Governance Continuous
CASB WAF Converged
Infrastructure Protection IaaS Container identity
Authentication &
Encryption Data Security authorization)
Protected
Cloud security Access IDoT (IAM for IoT)
Browser NgFW Governance
Continuous Posture Management
Zero password
Application Security DNS Data
Privacy Application 0 authentication
Testing Security Loss to API Access control
Compliance Gateway UMA (User-
Prevention 2y
Low Code/ Zero Trust ea Saas Managed Access)
NetworkAccess rs
no Code Data-centri IAM Decentralized Identity /
security Audit & protection Zero Trust Self-soveriegn identity
Secure Mail
Gateway Network Network Access
Crowdsource Dynamic Software Access Prescriptive IAM
security testing AST composite Control EDR
platforms In-app Analysis TLS decryption BYOD
protection Platform 2 IAMaaS (Full
DDoS to Service IDaaS)
Mitigation Unified 5
WAF Malware Endpoint ye
Secure Web ar Generative Identity
Runtime Protection Management s
Static Microsegmentation Gateway
Application Secure
Self-Protection AST Service Edge
5G security Mobile Threat
Application Defense
Network Security IoT edge 5+
DevSecOps Shielding ye
Interactive Active Directory Policy Management behaviour
NextGen ar
Application Security analysis s
Security Testing Browser AntiVirus
Microsegmentation
Isolation
Network flow DLP
Analyzer Secure Access
for Mobile
Contextual Secure Instant Service Edge IoT SDP
security Communication Hardware
Business Email based Security
Compromise
Mitigation IoT devices
Network Traffic Security
Analyzer

HPC Security
Cyber Physical
by design
System

Cybersecurity Tech Radar 2022 | 03

Advanced detection The Landscape
& response (AD&R)
What is AD&R?
• AD&R is a rapid evolution of traditional detection and
response measures hugely challenged by quickly
changing attacker techniques, and the growing threat Convergence of multiple AI is currently being The future has much more to
from APTs to the public and private sectors. monitoring technologies into proven on single modules bring, mainly in the area of:
• Modern AD&R has elements in all five of the NIST overarching platforms and functions before
cybersecurity framework functions (Identify, Protect, envisaging a full AI-driven Data analytics tooling
Detect, Respond, Recover), while classic AD&R has It enables extended multi-vector autonomous/cognitive “commoditization”: Expertise
elements only in the last three NIST functions (Detect, visibility and control, including monitoring and response. development in this area will
Respond, Recover). endpoint-based detection and continue to enable situational
Why it matters response (EDR), network traffic AI will also bring intuitiveness awareness far beyond the one
• The proliferation of digital enterprise has opened up analysis (NTA), cloud analytics to the way the SOC platform is offered by legacy logic-based
many vectors for cybercriminals to attack, including and more. On the functional side, interacted with by the analysts, rules and signatures combined
network, endpoints, cloud, OT and IoT. use case-based correlation or threat hunters and security with low volume and not scalable
• Fast growth of e-crime and the advancement of attacker behavioral analysis are no longer managers. AI is expected to monitoring solutions.
tooling has made it easy to launch advanced attacks. separate functions in the SOC, enable cognitive detection and Growing maturity in Red Teaming,
Successful evasion of preventive controls is a matter of but rather one of multiple ways response using developments threat simulation programs, use
when, not if. a single platform or service in Artificial General Intelligence of deception technologies, threat
mines every dataset to capture before the end of this decade. hunting: All combined, will further
rs

maximum indicators of threat. drive AD&R development with the

yea

AI-driven Threat
end goal of staying in front of the
5+

Modeling

attackers for a change.

Swarm Security Intelligence

Safe Intelligence
s

Key Figures
ear

Sharing
5y

Blockchain
Security Monitoring
2 to

Cognitive Detection &

Security Response
Rating Services Unified Fraud

36% 50% 14%

& Security Monitoring
AI-driven
SOAR Security DRPS/EASM
Data
Cybersecurity
Annotation
Integrated Mesh Architecture
IT/IoT/IoMT Cyber deception XDR
Cyber
Threat
API Security 5G Monitoring &
of those technologies are of those technologies are of those technologies are
Monitoring Response
Intelligence
either already adopted by most expected to be adopted in the transformational and
s
ear

Hybrid & Multi-cloud Unified

Detection & Response organizations or will be in the next two to five-year cycle. widespread adoption will take
2y

Risk-based Vulnerability
next two years. over five years.
0 to

MDR Management

MITRE-based Risk
Management
Edge
Security
Analytics

04 | Cybersecurity Tech Radar 2022

Zoom on Traditional detection and response
measures are now hugely
Managed Detection & Response (MDR) challenged by the fast changing
attacker techniques
Managed Extended Detection & Response combines In other words, MxDR provides:
technology and skills to deliver
• Detection of deep attacks using AI/ML vs. using only rules
• Advanced threat detection • Response to threats vs. only alerting from traditional MSSPs
• Deep threat analytics • Collects data from all vectors – security devices, users,
• Global threat intelligence server endpoints, cloud, OT/IIoT that enable better
• Enhanced threat hunting detection (e.g. logs, alerts, flows, changes in device
• Faster incident analysis configuration and vulnerabilities, etc.)
• Collaborative incident response on a 24x7 basis

Key Features Benefits of the Technology Challenges to Adoption

• Threat Intelligence: Going beyond the generic data of threat intelligence providers, a • Deep detection of threats coming from Cost could be sometimes a challenge
mature MDR service converts threat intelligence data into actionable tasks, anticipating any vector to adoption, although MDR is being
what could happen and how to stop it if it happens. • Minimize response tasks with widely adopted.
• Threat Hunting: AI models are applied on security, user and IT data to enable the automation
detection of unknown and hidden threats. • Increased threat containment speed,
• Security Monitoring: The application of rules to logs and security events to detect limiting threats from leading to
known attacks. MDR offering has a SIEM module for detecting known threats, policy and incidents or breaches
compliance violations. • Get specialized skillsets for incident/
• Incident Analysis: This MDR module triages alerts to focus on the most relevant threats breach response
and then investigating them to identify potential impact to assets and spread of attack.
The alerts are investigated for who, what, when, and how to determine the extent of the
• Centralized visibility across hybrid IT Market Verticals
environment
impact.
• Better TCO using a combination of • All verticals
• Threat Containment: It provides automated containment of threats and prevents threats technologies, skillsets
from becoming incidents or breaches.
• Response Orchestration: It enables carrying out rapid, coordinated activities for
containment, remediation and recovery. It provides the basis for collaboration between
key teams responding to an attack, including end user teams and MDR specialized
responders.

Cybersecurity Tech Radar 2022 | 05

Cyber incident response The Landscape
What is cyber incident response?
• Cyber incident response complements the advanced
detection & response domain with a focus on
technologies, processes and frameworks aimed
at discovering, eradicating and recovering from
cyberattacks and exploited vulnerabilities within an Adversary profiling with Threat hunting for Automated threat modeling
organization. MITRE ATT&CK proactive protection provides the means to build
Organizations are increasingly With digital transformation going secure systems in a repeatable
• It covers the key functions and operations expected by
adopting the MITRE ATT&CK full speed and a continuously and methodical approach with
CERT/CSIRT teams and is increasingly important to a
framework and moving to a threat expanding attack surface, the little to no human intervention,
mature cybersecurity strategy in many organizations. informed defense strategy. Such a old school approach of “building and greatly decreases the
framework will help organizations the defenses and waiting in the success chances of an attack.
Why it matters understand the behavior and trenches” is no longer sustainable. It also reduces the time and
• Identifying technological trends will help outline and tactics of threat actors and Neither is the static approach of human effort needed for the
prescribe threat discovery, attack mapping, threat proactively tailor their protection waiting for the published IoCs implementation. The challenge
modeling, and threat and vulnerability management. strategies. and running unitary searches. is that it relies heavily on a very
Organizations will have to adopt good understanding of the
threat hunting (especially red business infrastructure and
teaming activities) to proactively processes. Any error or missing
identify vulnerabilities in their information can have a negative
rs

VR/AR Security environments before they are impact or even lead to improper
yea

Awareness Training
exploited by threat actors. security response. Thus, risks
5+

AI-powered
Cyber Range Dynamic With them, organizations will get must be identified first, by
Risk-based Security
better insight on the weaknesses leveraging the SOC detection,
Augmented Reality
Threat Modeling
in their environments and will be threat intelligence sharing and
able to proactively mitigate them. cyber deception tools.
rsea

Cyber Crisis Targeted Security

5y

Table Top Exercise Awareness

2 to

Vulnerability
Research

Breach and Attack Autonomous & Key Figures

Simulation Integrated
Cyber Deception
Threat hunting

Threat & vulnerability

Threat
Management

33% 28% 39%

Hunting

DRPS/EASM
MITRE ATT&CK
Mapping
Threat
rsea

Cyber Threat Intelligence

2y

Platform
Intelligence
of those technologies are of those technologies are of those technologies are
0 to

Digital
Surveillance either already adopted by most expected to be adopted in the transformational and
Vulnerability
organizations or will be in the next two to five-year cycle. widespread adoption will take
Assessment
next two years. over five years.

06 | Cybersecurity Tech Radar 2022

Zoom on Organizations usually seek cyber
incident response providers to
External Attack Surface Management (EASM) augment their internal capabilities
by subscribing to incident
response retainer services.
This trend can be seen as a push from the market for consolidating together a set of similar outcomes, most of
which are already in use. Existing threat intelligence (TI) services, digital risk protection (DRP), scoring provide an element
of the external estate exposed. Other existing technical services, like web, network and cloud penetration testing / red
teaming services operate discovery, external reconnaissance and other steps with the same kind of output. It is also
questioned if the pure players in this trend / technology all observe strict legal diligence before offering.

Key Features Benefits of the Technology Challenges to Adoption

These solutions rely on external integrations with other EASM is a holistic approach to understand how threat actors are viewing • Integrating the solution with the
service providers such as Shodan, DomainTools, internet your organization when compared to penetration tests or red teaming, incident response process.
service providers and internet registrars to acquire data. which have a more technical but narrow-minded approach. • Generates a large amount of alerts
Once acquired, it is correlated, analyzed and enriched to The holistic approach enabled by EASM covers: which organizations need to act upon in
provide insight to organizations regarding their public- order to get value from the technology
facing assets and their exposure. • Asset discovery of unmanaged and unknown devices, cloud-based assets, and reduce their visible external attack
The insights provided include: third-party components and other client environments surface.
• Attack surface management: Identify all the attack- • Deep risk analysis like software misconfiguration, authentication and
exposed assets encryption weaknesses, sensitive data exposure
• Prioritization of external-facing attack vectors: With • Business context of assets and their relationship to customer environment
a continuous and updated view of current attack
vectors existing in the environment • Critical risk prioritization increasing operational efficiency, adding risk
• Asset mapping scoring system based on attacker priorities such as discoverability,
exploitation complexity and potential impact Market Verticals
• Monitoring subsidiary risk (visibility of the security
posture of subsidiaries and organizations that are • Cloud-based efficiency, since no integration is needed and it’s 100%
EASM applies to all markets as long as
evaluated for merging or acquiring) external
the organizations own internet-facing
• Global bot network (attacker-like reconnaissance • Autonomous and continuous analysis that is neither manual nor periodic assets and that the IT infrastructure is
techniques)
• Besides providing a comprehensive and complete inventory of internet- involved.
• Multi-vector attack simulator (identification of risks
per asset and discovery of potential attack vectors) exposed assets, the solution may also provide remediation guidance of
penetrable vulnerabilities, security gaps or misconfigurations
• Easy deployment model

Cybersecurity Tech Radar 2022 | 07

Identity & access The Landscape
management (IAM)
What is IAM?
• A set of business process and tools for providing access
to the right resources at the right time for the right
reasons.
• Providing visibility into who has access to what and why, The move to the cloud The use of machine Extending the role of Convergence and Cybersecurity
along with how the access is being used. and “as a service learning and identities and access Mesh Architecture
• IAM is not just about protecting organizations against models” behavioral analytics beyond people and
main threats such as insider threats and credential theft, traditional roles and Defined by Gartner for centralized
it is also about business enablement and improving the This will continue to for a more dynamic or entitlements security operations, this architecture
end-user experience. evolve as tools become adaptive way of working brings together a flexible
cloud-native and are where decisions are Identities are no longer architecture to encompass major
Why it matters true SaaS tools. made in near real time. limited to carbon-based technologies including SIEM, XDR,
• According to a survey from The Identity Defined Security units and are taking the Identity and ZTNA to enable better
Alliance, 94% of organizations have had an identity-related form of devices (e.g. IoT) integration and harmonizing output
breach, which 99% believe could have been prevented. and applications between different products in the
(e.g. RPA). detection and response space. It
can also drive central intelligence,
analytics and policy across different
rs
yea

Continuous
Authentication & technologies, leading to better ROI.
5+

Authorization)

UMA (User-
Managed Access)
Key Figures
s

Dynamic
ear

provisioning Prescriptive IAM

5y

41% 35% 24%

2 to

Adaptive ID &
Access Governance
Generative Identity
IAMaaS (Full IDoT (IAM for IoT)
Service IDaaS)

Data Decentralized Identity / of those technologies are of those technologies are of those technologies are
Access Self-Sovereign Identity
Governance
either already adopted by most expected to be adopted in the transformational and
Trusted Third API Access Control organizations or will be in the next two to five-year cycle. widespread adoption will take
Party Access
next two years. over five years.
s
ear

Converged
Zero Password
2y

Identity
Authentication
Security
0 to

Adaptive
Access Control

SaaS IAM

CIAM

08 | Cybersecurity Tech Radar 2022

Zoom on As identity has become the new
perimeter, IAM is needed to protect
Customer Identity and Access Management (CIAM) against cyberthreats, but also to
improve end-user experience
Customer identity and access management (CIAM) manages the authentication and authorization for customer identities.
CIAM is necessary for public-facing applications that require users to register identities for access to applications that
provide data, goods or services.

Key Features Benefits of the Technology

• Self-service for registration Improved user experience
• ID proofing
• Privacy and consent management • The user experience for registration and authentication can be designed with little or no code using graphical orchestration features
• Fraud detection
• Provides flexible and adaptive authentication methods to require the right level of authentication for the action the user is
• Profile generation and management
• Authentication and authorization into applications requesting, based on the real-time risk associated with the action. For example, a user may be able to browse a catalog with a
• Identity repositories, reporting and analytics very simple authentication, but making a purchase may require a stronger authentication before spending the user’s money.
• APIs and SDKs for mobile applications • Supports the linking of social media accounts, such as Facebook or LinkedIn, to allow the use of these existing authentication
• Social identity registration and login mechanisms for access to lower risk services as a convenience for the user.
Use cases
• Online storefronts purchase products Improved security Compliance Reduced operational costs
• Government websites used to take advantage of
services such as renewing a driver’s license or • Provides a secure way for consumers • Supports privacy and consent • Since the necessary features are provided
collecting unemployment benefits. to register with an organization, management to protect the consumer’s out of the box and can be implemented
including ID proofing as part of the personal information, including features with little or no code (except in the most
process, so the organization can have such as the right to be forgotten for complex scenarios), the system is simpler
confidence the person registering is compliance with regulations such as and less costly to support and maintain
Challenges to Adoption who they say they are. GDPR than a heavily customized or bespoke
solution
• Analytics of behavior and input
• Most organizations have something in place today
from other data sources can detect
to interact with their customers, and replacing
fraudulent activities
something that is “working” can be a difficult decision.

Cybersecurity Tech Radar 2022 | 09

Endpoint & mobile security The Landscape
What is endpoint and mobile security?
• It combines all solutions, practices and methodologies
adopted to protect corporate assets accessed remotely
via wireless devices such as laptops, tablets, mobiles,
smart watches, etc.
• AI and edge computing are expected to challenge most Improved visibility Security by design Intelligent protection
endpoint implementations and architectures with the
switch to an architecture where: You cannot protect what you do The more data management is AI is especially useful in endpoint
• “client components” become more intelligent and not see. A proactive approach to moving towards the edge, the security, as it helps improve
autonomous to react faster to threats. visibility will be a key requirement more there is a need to better detection capabilities and
• the “central control component” moves to the edge. for any endpoint security solution, protect the data itself. automates response to threats in
especially as the bring your own real time, reducing the time span
Why it matters device (BYOD) culture expands Data must be protected wherever of the attackers’ cyber kill chain.
• Endpoint and mobile security plays a major role in the and IoT devices are fully adopted it sits, and whenever it moves,
overall security ecosystem, as each remote device by organizations. with proper encryption, access Examples of AI applied to
accessing the corporate network is a potential security control and any other suitable endpoint security are present
hazard and entry point for attacks. The risk is getting Emerging technologies are controls according to the data in new developments for next-
worse with the rising deployment of edge and IoT. breaking the silos to improve status (processing, storage, gen antivirus solutions, endpoint
visibility and security, such transport, etc.). Many technologies detection and response, API
as XDR, Zero Trust Network are evolving today to meet that threat protection systems or new
rs

Access, new Unified Endpoint need, such as DLP technologies, malware protection technologies
yea

Management solutions and other hardware-based security, based on machine learning

5+

IoT SDP
BYOD solutions. digital rights management and techniques
IoT Devices application shielding.
Security
Unified
Endpoint
rs

Management
ea
5y

Application
IoT Edge HPC Security
Key Figures
2 to

Behaviour by Design
Shielding Analysis

Browser Mobile Threat

Isolation Defense

Data
Loss
Prevention
Hardware
Based Security
NextGen
AntiVirus 31% 50% 19%
DLP
Zero Trust for Mobile of those technologies are of those technologies are of those technologies are
rs

Network Access either already adopted by most expected to be adopted in the transformational and
ea
2y

organizations or will be in the next two to five-year cycle. widespread adoption will take
0 to

BYOD EDR
next two years. over five years.
Malware
Protection

10 | Cybersecurity Tech Radar 2022

Zoom on Each remote device accessing the
corporate network is a potential
Mobile Threat Defense security hazard and entry point
for attacks.
Mobile threat defense (MTD) solutions protect organizations from threats on iOS and
Android mobile devices. In particular, they protect against known vulnerabilities and
avenues of attack.

Key Features Benefits of the Technology Challenges to Adoption

• MTD solutions have reached a level of • MTD adoption has been slower than
Protection against the below known vulnerabilities or avenues of attack:
maturity that makes them suitable for predictions, as the industry has waited for
• Signature-based malware wide enterprise adoption. highly visible or publicized mobile breaches
that did not occur. As mobile security issues
• Mobile application vetting • In addition to innovation to counter the have rarely led to spectacular breaches,
• Network-based risks (MITM, host certificate hijacking, SSLStrip, TLS downgrade) evolving mobile malware, innovation also enterprises adopting MTD sometimes have
focuses on improving the MTD user difficulty in identifying positive impact.
• Vulnerability assessment of applications and OS versions • Customers are focused on consolidating their
experience on the device — for example,
• OS-level vulnerabilities caused by user actions such as rooting and jailbreaking cybersecurity assets. Therefore sometimes
when providing phishing protection.
overlook MTD and prefer to go with Unified
• Certain MTD tools integrate with Microsoft Endpoint Management Solutions that cover
Outlook, Microsoft Office 365 suite, as well some mobile security use cases.
MTD solutions are key in numerous use cases, including the following:
as other popular enterprise suites and • Poorly implemented MTD could get in the
• Counter threats user’s way or consume too many resources
managed enterprise apps to provide
• Content filtering (e.g. battery)
ZTNA functionality on unmanaged
• Mobile phishing devices.
• Mobile endpoint detection response (EDR) • MTD solutions can identify apps that Market Verticals
• App vetting conflict with an enterprise’s security and
• Financial Services and Insurance
• Device vulnerability management privacy policies, even when these
• Healthcare
• Protect from malicious URLs without having to perform traffic redirection applications are not malicious.
• Government
• Energy
• Enterprises with high security requirements

Cybersecurity Tech Radar 2022 | 11

Network security The Landscape
What is network security?
• The maintenance of authorized access to internal and
external connectivity between systems,
• Protection against denial-of-service to network functions
that support interconnectivity,
• Seamlessly secure hybrid and complex network On the road The end of traditional The uptake of preventive
architectures where traditional network boundaries are to zero trust security perimeters technologies
eroding with cloud acceleration, edge integration and 5G
adoption. With corporate networks, All traditional perimeter controls Preventive network security
infrastructures, applications and are being redefined, consolidated technologies that are highly
Why it matters data moving quickly beyond into as-a-service model. SASE agile and compatible with a
• Most network security controls are a combination of traditional on-premises profiles services are transforming wide spectrum of enterprise
hardware appliances purpose-built for high throughput (e.g. to the cloud, edge, the consolidation of network IT infrastructures will have
of traffic and advanced software that are essential to mobile devices, value-chain and security capabilities with an increasing adoption rate.
identify malicious activity and respond in near real time. partners, etc.), the increasing functional consolidation and Innovation will bring together
adoption of zero trust virtualization of core capabilities. the SASE and XDR worlds to
architectures and solutions to integrate threat anticipation in the
secure networks is expected. fabric of network security.
rs
yea
5+

Network Traffic
Analyzer

5G Security
rsea

Cyber Physical
Active Directory
Key Figures
5y

System
Security
2 to

Secure Access
Service Edge

Network flow Network Security

50% 40% 10%

Analyzer Policy Management

DDoS Microsegmentation Business Email

Mitigation Compromise
Mitigation
Secure Mail
Gateway Secure Instant of those technologies are of those technologies are of those technologies are
Secure Communication
Service Edge Network either already adopted by most expected to be adopted in the transformational and
s
ear

Access
TLS Decryption Control organizations or will be in the next two to five-year cycle. widespread adoption will take
2y

Platform
Secure Web
next two years. over five years.
0 to

Gateway
Zero Trust
Network Access
DNS WAF
Security
NgFW

12 | Cybersecurity Tech Radar 2022

Zoom on Zero trust implies that no user or
device — whether inside or outside
Secure Access Service Edge (SASE) the network — will be trusted.

Secure Access Service Edge (SASE) combines the functionality of an SD-WAN with network
security technologies like firewall, secure web gateways, cloud access security broker (CASB)
and network access identity.

Key Features Benefits of the Technology Challenges to Adoption Market Verticals

All verticals
• Increased data protection by Bringing several technologies under one • Technical and organizational
preventing unauthorized access umbrella into one solution will reduce the challenges that come with the
to sensitive data regardless amount of management environments migration of single products into one
where the endpoint or data is and required resources, compared single SASE solution
to the resources required for today's
based • Updating the investments in security
heterogenous best-of-breed approach.
• Flexibility because of its cloud and network technologies to move to
based infrastructure SASE solution

• Reduced complexity by unifying

or at least minimizing the
number of separate security
products

Cybersecurity Tech Radar 2022 | 13

Application security The Landscape
What is application security?
• Critical web applications have been subject for some
time to an overall process of tracking, reporting and fixing
security flaws at application level, inspired by initiatives
like OWASP Top 10.
• Application security is a very critical area to be Heavy influence of the Supply chain attacks are a Emerging new trends
incorporated in a complete cybersecurity strategy, so most recent evolutions in key driver in the integration of transforming application
that the vast amount of application errors are reported application security on tooling application security in the security
on time, thus reducing the software application attack to be used in the context of entire application lifecycle
surface. Modern applications and the
• Integrated ALM with DevOps Evolutions in the application Agile development lifecycle
Why it matters and DevSecOps field require the various types of are among the driving forces in
• Exploiting vulnerabilities in the application layer is fertile • Cloudification combined with application security testing (static, the fundamental changes and
ground for attackers. 90% of security incidents are containerization and automation dynamic, interactive, mobile, emerging application security
launched by exploiting the software design and/or the • Orientation toward API and etc.) to be embedded into the trends.
code of a software application. microservices, with the end application lifecycle management
goal of staying in front of the (ALM) tooling in their Crowdsourced security testing,
attackers for a change environments, and will be able to no-code security and cloud-
proactively mitigate them. native application security are
rs
yea

Crowdsource
just a few of the fast adopted new
5+

Security Testing
Platforms
tech trends in application security.
Runtime
Application
Self-Protection
s

Low Code/
ear

No Code
Interactive
5y

Security
Application
2 to

Security Testing

In-app
Dynamic
AST Key Figures
Protection Contextual
Security

37.5% 37.5% 25%

Static Microsegmentation
AST
Application
Gateway
Data-centric DevSecOps
Audit & protection
of those technologies are of those technologies are of those technologies are
s
ear

Software
Protected
either already adopted by most expected to be adopted in the transformational and
2y

Composite
Browser Analysis
0 to

Application Security
organizations or will be in the next two to five-year cycle. widespread adoption will take
Testing next two years. over five years.
WAF

14 | Cybersecurity Tech Radar 2022

Zoom on Application security is a very critical
area to be incorporated in a
Crowdsourced security testing platforms complete cybersecurity strategy so
that the vast amount of application
errors are reported on time.
A crowdsourced security platform makes use of a group of people registered in their platform to test
an application for vulnerabilities. The number of people can range from less than a dozen to several
hundred testing concurrently. The skillset of the crowd involved can also vary heavily. These platforms
offer incentives to high skilled people or high performers to stay in their platform.

Key Features Benefits of the Technology Challenges to Adoption

Crowdsourcing is best suited for B2C-type software • Eliminate overhead and maximize risk reduction • The mainstream adoption of this technology, which
applications like web applications, mobile applications, we believe will occur within 5 to 10 years, will
firmware in smart devices, smart cars, etc. Many large • Provide open-ended campaigns with no time limit,
depend on the willingness of organizations to open
corporations are running crowdsourced programs on an leading to equal opportunity for anyone to contribute
ongoing basis to continuously improve the security of their B2C applications to crowdsourced security
• Ensure watchful eyes over all versions of the software testing platforms. This relies on their maturity of
their applications:
if the incentives are high enough adoption of the Agile and DevOps models that help
• Bug bounty programs
• Identify critical and zero-day vulnerabilities faster, accelerate the pace of software release, moving
• Vulnerability disclosure programs simply due to sheer size and diversity of crowd skillset towards continuous delivery.
• Responsible disclosure programs • Crowdsourced penetration testing often yields
exploitable vulnerabilities with proof of exploit,
enabling organizations to stop chasing phantom
vulnerabilities

Cybersecurity Tech Radar 2022 | 15

Cloud security The Landscape
What is cloud security?
• Solutions vary from simple usage monitoring and
security exposure rating to very specific enterprise
security policy enforcement.

Why it matters
• As cloud adoption and multi-cloud deployments spread Losing track of cloud The growth Awareness is rising Customers need to
exponentially, organizations are faced with unmanaged services and cloud of shadow IT classify and determine
security risks and data exposure. native applications due to more frequent the accountability for
• Organizations will need solutions for a single pane of glass is a security vulnerability occurrence of data their data
security operation in their cloud and hybrid environment. Some employees inside which may lead breaches and the legal
• Compliance with data privacy regulations and other legal the organization may to data leakage or consequences thereof, as visibility of the data
rules will also require better cloud security testing and not conform to the data breaches. The leading to monitoring classification allows
continuous compliance monitoring/control. organization’s security result? loss of trust and closer management appropriate security
requirements. of customers, legal of cloud applications measures to be applied.
complications, and even and growing attention to
Chaos
loss of quality in the cloud legal compliance,
rs

Engineering product offering through

yea

an employee run-off.
5+

Sovereign Cloud

CNAPP

Confidential
Cloud Computing
s
ear

Encryption
Immutable
Key Figures
5y

Infrastructure
DevSecOps
2 to

Security for Continuous

Serverless Cloud Privacy
OpenID Connect
Compliance

Zero Trust
Cloud Application
Security Testing

Cloud security
API Threat
Protection
31.5% 37% 31.5%
Network Access Posture Management
of those technologies are of those technologies are of those technologies are
Container and
Kubernetes Security either already adopted by most expected to be adopted in the transformational and
s
ear

IaaS Container
organizations or will be in the next two to five-year cycle. widespread adoption will take
2y

Encryption
Cloud Workload next two years. over five years.
0 to

Protection Platform

CSP Native
Security

CASB

16 | Cybersecurity Tech Radar 2022

Zoom on As cloud adoption and multi-cloud
deployments spread exponentially,
Cloud Native Application Protection Platform (CNAPP) organizations are faced with
unmanaged security risks and
Cloud native applications are applications which are developed with a cloud deployment in mind. As such, they tend to data exposure.
integrate many of the cloud providers' native offerings, virtual machines, Kubernetes container services, and serverless
functions.

Cloud native application protection platforms (CNAPPs) are an integrated set of security and compliance capabilities designed
to help secure and protect these cloud-native applications from development to production runtime.

CNAPPs consolidate many previously siloed capabilities such as network micro/nano segmentation, container scanning,
Infrastructure as Code (IaC) scanning, Cloud Infrastructure Entitlement Management (CIEM), Cloud Security Posture
Management (CSPM) and Cloud Workload Protection Platforms (CWPPs)

Key Features Benefits of the Technology Challenges to Adoption

• Better visibility, monitoring capabilities, • As new categories arise, they are
Deploy CNAPPs to:
and control over total cost, since getting consumed into CNAPP.
• Reduce the number of tools and vendors involved in the lifecycle of a cloud-native o CIEM and IaC scanning are two
CNAPPs consolidate an ever-growing,
application. This reduction in tools will reduce the complexity and costs associated with recent examples.
disparate number of independent
developing and deploying cloud-native applications. • Reorganization may be necessary, as
security testing and protection tools.
• Help develop secure solutions rather than secure developed solutions. CNAPPs come Dev, Sec and Ops may have already
• Using a CNAPP offering will improve made siloed purchases of application
with scanning capabilities that seamlessly integrate into development’s IDE platforms,
developer and security professional security testing tooling.
CI/CD pipelines and security test tooling. Shift the security scanning to development
effectiveness and reduce complexity
and rely less on runtime protection, which is well-suited for container as-a-service and • CSPs are continually growing
and costs while maintaining their native toolset – features and
serverless function environments.
development agility. capabilities may be offered natively.
• Visualize and control security gaps. The micro-segmentation inherent to cloud-native
applications opens a multitude of attack vectors. CNAPPs allow security departments to
understand attack path analysis based on relationships — identities, roles, permissions,
networking and infrastructure configuration. Market Verticals
• Consistent management and continuous compliance scanning from a single control point
All verticals
for organizations that have a multi-cloud strategy.

Cybersecurity Tech Radar 2022 | 17

Data security The Landscape
What is data security?
• Data security includes the process and associated tools
that protect sensitive information assets, be they in transit,
at rest or in use (while processing).
• Core element of data security goes now beyond the
CIA (....) triad to also include effective access control and
privacy protection mechanisms You cannot protect Adapt to the The increased use of Anticipation
• Data security encompasses very diverse use cases, from what you cannot see regulatory landscape public and hybrid c loud
classic networks based on perimeter security to cloud- has a significant impact Over the long term,
based environments and IoT. Rising changes to Data security and on data security it is vital to align data
• Since there is no single-pane-of-glass solution for data identify, discover and privacy laws, such security (and encryption
security, this creates the challenge of orchestrating track data across the as GDPR in the EU, Organizations must secure methods in particular)
policies and controls across all tools and consoles for new decentralized continue to impact a decentralized hybrid with upcoming
data security, IAM, etc. and distributed digital choices in technologies cloud environment where technological trends
Why it matters environments. Yet, to to implement those data control is fleeting and like the rise of quantum
• As data becomes pervasive, data security is vital to protect properly protect sensitive legislations. In particular, an increasing volume of technologies, with both
sensitive data, protect the business and ensure compliance data, organizations will Privacy by Design is unprotected IoT objects the new capabilities (e.g.
with data protection and privacy regulations need to adopt emerging now a must for all new will require data security QKD) and the challenges
• Adaptive controls that evolve based on the data lifecycle technologies that improve implementations, both to leverage lightweight they present (like the
are key to make all the other parts of your cybersecurity discovery and classification for structured and encryption as well as need for quantum-safe
strategy more effective (IAM, cloud security, etc.) of structured and unstructured data. advanced privacy enhancing encryption).
unstructured data. computation tools and data
security governance tools.
rs
yea

Personification
Tools
5+

Homomorphic
Encryption

Key Figures
Ethical
Machines
File Analysis
Autonomous
Privacy Impact
s

Assessment Tool
ear

Data-centric Audit
DataSecOps
5y

& Protection

38% 28% 34%

2 to

Quantum
Key Distribution
Data
Data Discovery Mapping
& Classification
Secure Multi-Party
Computation
KMaaS Anonymization
Digital Tools
Signature Security for AI

Database
Crypto
& BYOE Secure Access
Service Edge Cloud
of those technologies are of those technologies are of those technologies are
Encryption Testing Tools
either already adopted by most expected to be adopted in the transformational and
rs

Fraud Quantum-Safe
ea

Encryption
Enterprise Detection
2y

Digital Rights Lightweight

Management Encryption organizations or will be in the next two to five-year cycle. widespread adoption will take
0 to

Data
Security Consent
Loss Attribute-based
Service Edge Management

Easy
Cryptographic
Prevention
Encryption
next two years. over five years.
Agility Dynamic
SECaaS
Data Masking
Privacy
Time by Design
Stamping

18 | Cybersecurity Tech Radar 2022

Zoom on Data security includes the process
and associated tools that protect
Quantum-safe encryption sensitive information assets, be
they in transit, at rest or in use.
Quantum-safe cryptography (QSC) – also referred to as post-quantum cryptography — aims to solve the threat to
asymmetric or public key cryptography caused by the rise of quantum computing, because it relies on hard-to-solve
mathematical problems that can be easily solved with a full-fledged quantum computer.
This being said, quantum computers are still a new technology that requires a high degree of knowledge and understanding
around other scientific fields, such as mathematics and physics. They are still far from providing the capability to break
asymmetric cryptography. However, the threat they can represent to cryptography will arise much before the first full-
fledged quantum computer can break current standard cryptography, since future quantum computers will be able to break
past data that would have been recorded.

Key Features Benefits of the Technology Challenges to Adoption Market Verticals

• Use cases of quantum-safe Replacing standard cryptographic • Although several QSC ciphers already Virtually any industry that relies on
methods with quantum-safe methods exist, the standardization process is still standard cryptographic methods will be
cryptography revolve mainly
will mitigate the future threat posed by underway with NIST. vulnerable once full-fledged quantum
around replacing current standard
quantum computers and provide an computers are available. The adoption
cryptographic protocols with new • Moreover, extensive crypto analysis will will come first in the telecom vertical,
quantum-safe ones that are still in a opportunity to enhance communication
be required before QSC ciphers reach a then move outwards to other sensitive
standardization process. Depending on and encryption security.
significant level of maturity. industries, such as:
use cases, plug-in replacement can be
• From a performance perspective,
required for some protocols in complex • Governments and defense institutions
increase in key length and in signature
cryptographic systems. • Banking and finance
volumes can represent a serious
• Healthcare
• Similarly, the point at which current obstacle, particularly for drop-in
cryptographic protocols must be replacements in complex protocols like
replaced depends on the potential TLS.
short- or middle-term impact of future
quantum computers on stored data.

Cybersecurity Tech Radar 2022 | 19

About Atos
Atos is a global leader in digital transformation with
112,000 employees and annual revenue of c. € 11 billion.
European number one in cybersecurity, cloud and high
performance computing, the Group provides tailored end-
to-end solutions for all industries in 71 countries. A pioneer
in decarbonization services and products, Atos is committed
to a secure and decarbonized digital for its clients. Atos is
a SE (Societas Europaea) and listed on Euronext Paris.

The purpose of Atos is to help design the future of the

information space. Its expertise and services support the
development of knowledge, education and research in a
multicultural approach and contribute to the development of
scientific and technological excellence. Across the world, the
Group enables its customers and employees, and members
of societies at large to live, work and develop sustainably, in a
safe and secure information space.

Find out more about us

atos.net
atos.net/career

Let’s start a discussion together

Atos is a registered trademark of Atos SE. October 2022. © Copyright 2022,

Atos SE. Confidential Information owned by Atos group, to be used by the recipient
only. This document, or any part of it, may not be reproduced, copied, circulated and/or
distributed nor quoted without prior written approval of Atos.

CT-221019-AR-BR-Cybersecurity-Tech-Radar-en v3