Gartner’s Top 10 Technologies for Information Security in 2016
Information security threats are growing in frequency, duration, and impact. In response, Gartner has identified the top 10 technologies for information security and their implications for security organizations in 2016, announced at the research firm’s Gartner Security & Risk Management Summit.
Cloud Access Security Brokers
“Cloud access security brokers (CASBs) provide information security professionals with a critical control point for the secure and compliant use of cloud services across multiple cloud providers,” Gartner explains. “Many software as a service (SaaS) apps have limited visibility and control options. CASB solutions fill many of the gaps in individual cloud services, including infrastructure as a service (IaaS) and platform as a service (PaaS) providers.” By doing so, CASBs can help CISOs to better set policy, monitor behavior, and manage risk across the entire set of enterprise cloud services being consumed.
Endpoint Detection and Response
With security incidents increasing in frequency and intensity, the market for endpoint detection and response (EDR) solutions is expanding quickly. Gartner notes that “EDR tools typically record numerous endpoint and network events, and store this information either locally on the endpoint or in a centralized database. Databases of known indicators of compromise (IOC), behavior analytics and machine-learning techniques are then used to continuously search the data for the early identification of breaches (including insider threats), and to rapidly respond to those attacks.”
Nonsignature Approaches for Endpoint Prevention
“Purely signature-based approaches for malware prevention are ineffective against advanced and targeted attacks,” Gartner stresses. “Multiple techniques are emerging that augment traditional signature-based approaches, including memory protection and exploit prevention that prevent the common ways that malware gets onto systems, and machine learning-based malware prevention using mathematical models as an alternative to signatures for malware identification and blocking.”
Behavioral Analytics.png
User and Entity Behavioral Analytics
User and entity behavioral analytics (UEBA) enables an organization to have broad security analytics capabilities. For example, think of how security information and event management (SIEM) enables broad security monitoring. “UEBA provides user-centric analytics around user behavior, but also around other entities such as endpoints, networks and applications. The correlation of the analyses across various entities makes the analytics' results more accurate and threat detection more effective,” Gartner explains.
Microsegmentation and Flow Visibility
Once attackers gain access to enterprise systems, they can often go undetected for months – if not years – and move unimpeded laterally ("east/west") to other systems. “To address this, there is an emerging requirement for "microsegmentation" (more granular segmentation) of east/west traffic in enterprise networks,” Gartner notes. Several of the solutions on the market provide visibility and monitoring of the communication flows. Visualization tools enable operations and security administrators to understand flow patterns, set segmentation policies and monitor for deviations.
Security Testing.png
Security Testing for DevOps (DevSecOps)
Security needs to be an integral part of DevOps style workflows, Gartner says. In response, “DevSecOps operating models are emerging that use scripts, "recipes," blueprints and templates to drive the underlying configuration of security infrastructure — including security policies such as application testing during development or network connectivity at runtime.” Several DevSecOps solutions also perform automatic security scanning for vulnerabilities during the development process looking for known vulnerabilities before the system is released into production.
Intelligence-Driven Security Operations Center Orchestration Solutions
Perimeter defense is no longer an adequate security strategy. “An intelligence-driven security operations center (SOC) has to be built for intelligence, and used to inform every aspect of security operations,” Gartner explains. “An intelligence-driven SOC also needs … “an adaptive architecture and context-aware components. To support these required changes in information security programs, the traditional SOC must evolve to become the intelligence-driven SOC (ISOC) with automation and orchestration of SOC processes being a key enabler.”
Remote Browser.png
Remote Browser
Most cyberattacks start by end-users launching malware delivered via email, or from URLs or malicious websites. One approach to address this risk is to remotely present the browser session from a "browser server" (typically Linux based) running on-premises or delivered as a cloud-based service. “By isolating the browsing function from the rest of the endpoint and corporate network, malware is kept off of the end-user's system and the enterprise has significantly reduced the surface area for attack,” Gartner says.
Gartner defines deception technologies are those that use “deceits and/or tricks designed to thwart, or throw off, an attacker's cognitive processes, disrupt an attacker's automation tools, delay an attacker's activities or disrupt breach progression.” As an example, deception capabilities create fake vulnerabilities, systems, shares and cookies. Think in terms of decoys. “If an attacker tries to attack these fake resources, it is a strong indicator that an attack is in progress, as a legitimate user should not see or try to access these resources.”
Pervasive Trust Services.png
Pervasive Trust Services
With the continued growth of the Internet of Things, “new security models must emerge to provision and manage trust at scale,” Gartner says. The research firm explains that trust services are designed to scale and support the needs of billions of devices, many with limited processing capability. “Enterprises looking for larger-scale, distributed trust or consensus-based services should focus on trust services that include secure provisioning, data integrity, confidentiality, device identity and authentication.”