Analyst group Gartner has identified the top ten technologies it believes are shaping the information security industry in 2016, and what impact they will have on the companies operating within it.
Presented by Gartner analysts at its Security & Risk Management Summit being held in National Harbor, MD, just outside Washington DC, the predictions echo many of the big themes in the security space at the moment. These include cloud, endpoints and user behavior.
So Gartner’s top ten technologies for information security are as follows:
Cloud Access Security Brokers
As cloud computing has become more critical to many businesses, the debate about its security has fallen away. However many SaaS apps lack crucial visibility and control, which can cause a pain point for businesses. Cloud Access Security Brokers can fill those gaps, giving CISOs greater ability to set policy, monitor behavior and manage risk across different cloud environments.
Endpoint Detection and Response
With the growing number of endpoints being used in businesses, IT teams can struggle to detect breaches and react to them in a timely manner. EDR tools record endpoint and network events, and combine them with IOCs, behavior analytics and machine-learning techniques to monitor for any signs of a breach.
Non-Signature Approaches for Endpoint Prevention
Gartner says using signature-based approaches for malware prevention is not effective against advanced and targeted attacks. New approaches are emerging to combat this, including machine learning-based malware prevention using mathematical models.
User and Entity Behavioral Analytics
This emerging security technology combines analytics of user behavior with endpoint, network and application analytics, giving CISOs a much wider view of their environment.
Micro-Segmentation and Flow Visibility
As InfoSecurity Magazine reported yesterday, many businesses struggle to deal with breaches because attackers can move laterally within an enterprise network. However, more granular segmentation of east/west traffic (which is the lateral movement) can help stop the spread of infections.
Security Testing for DevOps
Security has to be an integral part of DevOps-style workflows - DevSecOps, as Gartner is calling it. This includes features such as automatic security scanning for vulnerabilities during the application development process. Ultimately what DevSecOps is aiming for is, “an automated, transparent and compliant configuration of the underlying security infrastructure based on policy reflecting the currently deployed state of the workloads,” Gartner says.
Intelligence-Driven Security Operations Center Orchestration Solutions
Intelligence-Driven Security goes beyond preventative tools and events-based monitoring, and aims to be more context-aware.
Remote Browser
A remote browser is essentially an isolated browser, one that is typically run off a Linux-based browser server. This is becoming a more popular approach because it isolates the browser from the rest of the endpoint and from the corporate network, reducing the potential damage that malware can do.
Deception
This, as the name suggests, is the use of tricks to throw off an attacker’s automation tools or to delay their activities long enough to fight back. Examples of the deceptions CISOs can use include fake vulnerabilities. Legitimate users will have no need to access these fake resources, so if there is activity it is likely to be an attack. Most businesses would be happy for an attacker to waste their time attacking a fake system.
Pervasive Trust Services
These are an emerging way for businesses to provision and manage trust at scale, such as with Internet of Things deployments, where potentially billions of devices will be in use.
Neil MacDonald, vice-president, distinguished analyst and Gartner Fellow Emeritus, said: “Information security teams and infrastructure must adapt to support emerging digital business requirements, and simultaneously deal with the increasingly advanced threat environment.
“Security and risk leaders need to fully engage with the latest technology trends if they are to define, achieve and maintain effective security and risk management programs that simultaneously enable digital business opportunities and manage risk.”