By Elia Zaitsev, CTO, CrowdStrike
AI Security Will Dictate Innovation. AI is transformative, and its evolution is unfolding rapidly across public and private clouds. As adversaries increasingly target AI services and large language models (LLMs) deployed in these environments, protecting the integrity and performance of AI systems is more critical than ever. The data driving these models – and the applications they power—must be safeguarded against sophisticated threats. To secure AI innovation in the cloud, security teams will need specialised technology and services that monitor AI services and LLMs, detect misconfigurations, and identify and address vulnerabilities, unified with protection across the entire cloud estate: from infrastructure and applications to data.
Identity Will Open the Door to More Cross-Domain Attacks. Identity-based attacks continue to rise – 75% of attacks to gain initial access are now malware-free. As adversaries become more skilled at exploiting stolen credentials, they will increasingly target interconnected domains within a victim’s architecture – identity, cloud, endpoint, data and AI models. These attacks leave minimal footprints in each domain, appearing as isolated events, much like separate pieces of a puzzle – making them difficult to detect.
In 2025, security leaders must integrate unified visibility across the entire kill chain, enabling cross-domain threat hunting to detect deviations from normal user behavior and catch anomalies before they escalate into breaches. While a strong focus on identity protection will be key to early detection, organisations cannot rely on automation alone to safeguard all areas of enterprise risk. Solving the cross-domain puzzle requires a combination of advanced technology, irreplaceable human expertise, and cutting-edge telemetry to inform proactive decision-making.
Platforms Will Continue to Dominate Security in 2025. Consolidation will once again be a central focus for security in 2025. The current threat landscape is too dynamic to leave infrastructure vulnerable to threat actors who have been known to exploit gaps in point solutions. That’s why security teams will continue to prioritise the elimination of complexity and costs associated with a patchwork of point solutions. A cloud- and AI-native platform approach with threat intelligence built natively within is the only way to supercharge the convergence of security and IT, helping organisations to remain agile and secure. The integration of GenAI into security platforms will further accelerate this trend by significantly reducing alert-to-resolution times and transforming hours of work into mere minutes, enhancing both the speed and effectiveness of response and remediation efforts.
The SIEM Renaissance Will Continue. 2024 marked a pivotal year of transformation for SIEM vendors, driven by a surge of mergers and acquisitions that show no signs of slowing down into 2025. As the competition heats up, innovation, seamless integration and cost-efficiency will separate the leaders from the rest. Organisations are now demanding scalable, cloud-native platforms that not only handle the explosion of modern data volumes but also consolidate redundant tools and integrate effortlessly with their existing ecosystems. Security Operations Centers (SOCs) are rethinking total cost of ownership and time to value, as next-gen SIEM platforms bring critical data sources like endpoint, cloud, and identity under one roof, slashing data management costs and eliminating performance delays. In the face of increasingly sophisticated threats, in 2025 expect SOC teams to continue demanding real-time intelligence, high-fidelity detections, and automation that puts actionable context at their fingertips, powering workflows that move as fast as today’s adversaries.
Stopping cloud breaches will require a hybrid approach. With a 75% increase in cloud intrusions over the past year, securing the cloud is more critical than ever. But today, tools protecting the cloud alone are not enough. Attackers are increasingly moving laterally between cloud platforms and on-prem environments to evade detection and achieve their objectives, taking advantage of the complexity of hybrid environments and protection gaps created by disconnected point products.
To regain control in 2025, businesses must have full visibility across public and private clouds, on-prem networks and APIs, from the same unified console and workflow. A holistic security platform that integrates runtime, posture management, identity and data security across hybrid environments will be essential to protect against these sophisticated threats.