Recent research from Omdia has shown that 70% of businesses have reported increased spending on proactive security solutions over the past year. This includes a focus on attack surface management and risk-based vulnerability management. This is a significant shift, as it shows investment in proactive measures now outpaces those in both preventative and reactive cybersecurity.  

This trend reflects the need for a more risk-based approach to cybersecurity and a heightened focus on exposure management. A proactive approach to cybersecurity is about staying ahead of potential attacks by identifying threats and the vulnerabilities that leave the organization most exposed to those threats, then focusing on remediating those vulnerabilities, neutralizing the threats before they can compromise the organization.  

It requires a deep understanding of the attack surface and a thorough assessment of the organization's vulnerability to real-world threats. This enables organizations to effectively map possible attack paths and mitigate weaknesses before they escalate into breaches. 

“While the cybersecurity industry has clung to the “assume breach” mantra with its preventative and reactive solutions, organizations are awakening to a smarter strategy: proactively understanding attack surfaces, mapping attack paths, and plugging vulnerabilities to prevent breaches. While a host of standalone proactive tools have been available for many years, proactive security platforms are emerging that can provide much more holistic risk discovery, prioritization, and automated remediation”, Andrew Braunberg, Principal Analyst at Omdia, explains in the research. 

Omdia’s research report, 'Emerging Best Practice in the use of Proactive Security Solutions' showed that almost half of those surveyed (47%) reported that their top cybersecurity goals for the next 12-24 months included reducing the opportunity for threats with proactive security. Conversely, only 27% of organizations plan to improve tactical outcomes, such as better threat prevention, detection and response.  

The shift is undeniably underway, but how can organizations that are not yet benefitting from proactive security, make the change? The research highlights three key ways. 

But what can organizations do to drive towards more proactive security?  

1. Embrace automation for better risk management.  

NOC, SOC, and Incident Response teams are faced with the challenge of maintaining operational readiness and resilience in a swiftly evolving threat landscape. They need quick and easy access to the essential information required to proactively safeguard their networks. It is not surprising then, that many organizations are turning towards automation to assess the exposure of their networks to specific threats. 

The research highlights security mature organizations are using automation to assess critical network risk exposures, automatically overlaying current and historical misconfiguration data onto attack frameworks (e.g. Threat Intel, MITRE, ATT&CK, etc.) enabling a more proactive approach.  

This means they can focus on remediating the most critical threats and vulnerabilities first, optimizing resource allocation and reducing the likelihood of costly breeches.  

2. Proactively measure and manage network configurations. 

Ensuring that network devices, especially those exposed to external access, are securely set up and maintained in that condition is a key component of minimizing the potential attack area and managing risks effectively. Yet the Omdia research reported that some organizations check their routers, switches, and firewalls only annually or – at best - quarterly, potentially leaving misconfigurations undetected for long periods. 

The research also showed that more security-mature organizations check their devices more regularly. However, proactively making risk assessments after configuration changes is not yet a common practice. 

By adopting the proactive approach and checking devices more frequently, especially after configuration changes (planned or unplanned), organizations can quickly find and fix misconfigurations or vulnerabilities before they are exploited. 

3. Align cybersecurity efforts with regulatory requirements. 

Regulatory compliance continues to play an important role in shaping cybersecurity strategies. Organizations increasingly depend on compliance standards to enhance their security posture and safeguard their networks, customers, and supply chains. Evaluating configurations against trusted risk management frameworks and hardening guides can reduce vulnerability to breaches, delivering security from compliance. 

The US DoD Cyber Operational Readiness Assessment (CORA) program, launched March 2024, showed a shift in mindset and practices towards more proactive defences. By focusing on a network’s susceptibility and vulnerability to known and commonly employed exploits, CORA enables commanders to direct their remediation efforts towards those critical issues that represent the greatest risk to the mission, proactively supporting an improved security posture. Although this program is specific to the Defence industry, the proactive approach it embodies is likely to influence best practises across other critical infrastructure sectors.  

To see the full results of the research for yourself, please download the full research report.