Gartner, Inc. has highlighted the top 10 technologies for information security and their implications for security organizations in 2016.
Cloud Access Security Brokers: Cloud access security brokers
(CASBs) provide information security professionals with a critical control
point for the secure and compliant use of cloud services across multiple cloud
providers. Many software as a service (SaaS) apps have limited visibility and
control options; however, SaaS adoption is becoming pervasive in enterprises,
which exacerbates the frustration of security teams looking for visibility and
control. CASB solutions fill many of the gaps in individual cloud services, and
allow chief information security officers (CISOs) to do it simultaneously
across a growing set of cloud services, including infrastructure as a service
(IaaS) and platform as a service (PaaS) providers. As such, CASBs address a
critical CISO requirement to set policy, monitor behavior and manage risk
across the entire set of enterprise cloud services being consumed.
Endpoint Detection and Response: The market for endpoint detection
and response (EDR) solutions is expanding quickly in response to the need for
more effective endpoint protection and the emerging imperative to detect
potential breaches and react faster. EDR tools typically record numerous
endpoint and network events, and store this information either locally on the
endpoint or in a centralized database. Databases of known indicators of
compromise (IOC), behavior analytics and machine-learning techniques are then
used to continuously search the data for the early identification of breaches
(including insider threats), and to rapidly respond to those attacks.
Nonsignature Approaches for
Endpoint Prevention: Purely signature-based approaches
for malware prevention are ineffective against advanced and targeted attacks.
Multiple techniques are emerging that augment traditional signature-based
approaches, including memory protection and exploit prevention that prevent the
common ways that malware gets onto systems, and machine learning-based malware
prevention using mathematical models as an alternative to signatures for
malware identification and blocking.
User and Entity Behavioral
Analytics: User and entity behavioral
analytics (UEBA) enables broad-scope security analytics, much like security
information and event management (SIEM) enables broad-scope security
monitoring. UEBA provides user-centric analytics around user behavior, but also
around other entities such as endpoints, networks and applications. The
correlation of the analyses across various entities makes the analytics'
results more accurate and threat detection more effective.
Microsegmentation and Flow
Visibility: Once attackers have gained a
foothold in enterprise systems, they typically can move unimpeded laterally
("east/west") to other systems. To address this, there is an emerging
requirement for "microsegmentation" (more granular segmentation) of
east/west traffic in enterprise networks. In addition, several of the solutions
provide visibility and monitoring of the communication flows. Visualization
tools enable operations and security administrators to understand flow
patterns, set segmentation policies and monitor for deviations. Finally,
several vendors offer optional encryption of the network traffic (typically,
point-to-point IPsec tunnels) between workloads for the protection of data in
motion, and provide cryptographic isolation between workloads.
Security Testing for DevOps
(DevSecOps): Security needs to become an
integral part of DevOps style workflows — DevSecOps. DevSecOps operating models
are emerging that use scripts, "recipes," blueprints and templates to
drive the underlying configuration of security infrastructure — including
security policies such as application testing during development or network
connectivity at runtime. In addition, several solutions perform automatic
security scanning for vulnerabilities during the development process looking
for known vulnerabilities before the system is released into production.
Whether security is driven from models, blueprints, templates or toolchains,
the concept and the desired outcome are the same — an automated, transparent
and compliant configuration of the underlying security infrastructure based on
policy reflecting the currently deployed state of the workloads.
Intelligence-Driven Security
Operations Center Orchestration Solutions: An intelligence-driven security
operations center (SOC) goes beyond preventative technologies and the
perimeter, and events-based monitoring. An intelligence-driven SOC has to be
built for intelligence, and used to inform every aspect of security operations.
To meet the challenges of the new "detection and response" paradigm,
an intelligence-driven SOC also needs to move beyond traditional defenses, with
an adaptive architecture and context-aware components. To support these
required changes in information security programs, the traditional SOC must
evolve to become the intelligence-driven SOC (ISOC) with automation and
orchestration of SOC processes being a key enabler.
Remote Browser: Most attacks start by targeting
end-users with malware delivered via email, URLs or malicious websites. An
emerging approach to address this risk is to remotely present the browser
session from a "browser server" (typically Linux based) running
on-premises or delivered as a cloud-based service. By isolating the browsing
function from the rest of the endpoint and corporate network, malware is kept
off of the end-user's system and the enterprise has significantly reduced the
surface area for attack by shifting the risk of attack to the server sessions,
which can be reset to a known good state on every new browsing session, tab
opened or URL accessed.
Deception: Deception technologies are
defined by the use of deceits and/or tricks designed to thwart, or throw off,
an attacker's cognitive processes, disrupt an attacker's automation tools,
delay an attacker's activities or disrupt breach progression. For example,
deception capabilities create fake vulnerabilities, systems, shares and
cookies. If an attacker tries to attack these fake resources, it is a strong
indicator that an attack is in progress, as a legitimate user should not see or
try to access these resources. Deception technologies are emerging for network,
application, endpoint and data, with the best systems combing multiple
techniques. By 2018, Gartner predicts that 10 percent of enterprises will use
deception tools and tactics, and actively participate in deception operations
against attackers.
Pervasive Trust Services: As enterprise security departments
are asked to extend their protection capabilities to operational technology and
the Internet of Things, new security models must emerge to provision and manage
trust at scale. Trust services are designed to scale and support the needs of
billions of devices, many with limited processing capability. Enterprises
looking for larger-scale, distributed trust or consensus-based services should
focus on trust services that include secure provisioning, data integrity,
confidentiality, device identity and authentication. Some leading-edge
approaches use distributed trust and blockchain-like architectures to manage
distributed trust and data integrity at a large scale.
Source: Gartner 2016