10 Hot Security Technologies Enterprises Need Now
With security threats increasingly becoming more advanced, research firm Gartner outlines the top 10 technologies that should be deployed to take advantage of digital business opportunities while managing risk.
![](https://eu-images.contentstack.com/v3/assets/blt69509c9116440be8/bltbcddee7ebce359a5/64cb42b3208d8259f0bdd47c/Slide1_Intro_GartnerSecurity.png?width=700&auto=webp&quality=80&disable=upscale)
Over the past 35 years, security technology offerings have come in five major "waves" of development -- each aiming to protect against the ever-changing methods of hackers and cyberthieves. The waves include:
firewall and anti-virus
intrusion prevention security technology
web app firewalls
end-point detection and response
machine learning security
But, unfortunately, the sophistication of threats continues to advance with growing frequency, duration, and impact.
In response, Gartner recently released a report, "Top 10 Technologies for Information Security in 2016," designed to help enterprises to take advantage of digital business opportunities while simultaneously managing risks.
These technologies build on previous security efforts enterprises have undertaken. Back in the 1980s, and through the 1990s, firewalls and antivirus technologies were by far the most pervasive form of security technologies companies deployed, Lawrence Pingree, a Gartner research director, told InformationWeek.
The firewall technologies emerged as attackers sought to gain access to unauthorized ports, while antivirus software sought to protect users as internet use became more widespread.
"It's been a game of tit for tat that has caused security software to evolve over time," Pingree said. Security vendors improve their products, and the hackers and cyber-criminals seek ways around the protections.
Intrusion prevention security was later developed as attackers sought ways to gain access to authorized ports, Pingree said. Dorothy Denning published an intrusion detection system model in 1986 according to IEEE. Enterprises needed a way to determine who had legitimate access to the ports from those who did not.
A third wave in security technology emerged with web application firewalls, as the use of web-based applications gained in popularity. Commercial products started appearing in 1999.
[See 10 Stupid Moves That Threaten Your Company's Security.]
Endpoint detection and response (EDR) security software emerged in 2013 as the fourth wave of security software, born out of a need to combat malware. Cyberthieves shifted malicious payload delivery tactics from using files with static signatures to one where the signatures would constantly change before they could be identified and blocked, Pingree explained.
Additionally, sandboxing is another recent security technique deployed, in which a similar system is created and the potentially malicious file is evaluated for its behavior, not its signature. Once the file's behavior is deemed good, by which is meant it doesn't try to create a buffer overflow or insert itself into a registry, it will later be assigned a signature and allowed to go into the intended system.
Machine learning security software is currently in its early stages, and is included in the fifth wave, Pingree said, adding that the software looks for similar or group files and events. For example, it is difficult to monitor thousands of separate security alerts that may occur within an hour and draw some conclusions of what is happening to an enterprise's system.
But machine learning can take this data and "connect the dots" to make sense of what security threat is happening and develop a priority list of what to tackle first, explained Pingree.
With this evolution of security software in mind, here are the top 10 information security technologies Gartner says businesses should adopt this year. Is your organization currently using any of these? Tell us about your experiences with locking down your systems in the comments section below.
Cloud access security brokers provide a central point to ensure security policies are adhered to. They manage and monitor risk when a party is using multiple cloud services. "We do not currently have an estimate for this emerging market. But we are seeing fairly strong adoption trends and great interest in this emerging capability," Pingree said.
Endpoint detection and response (EDR) technologies record numerous endpoint and network events and store this information locally on the endpoint workstation or server, or in a centralized database. Enterprises then use machine learning, behavior analytics, and indicators of compromised databases to search through the data for early indications of breaches, including insider threats, and respond to the attacks.
The EDR market, according to Gartner, currently has approximately 30 vendors that offer products and services. Pingree said the EDR market will grow at double-digit rates through 2016.
Signature-based malware prevention is becoming less effective in blocking threats that change their identities before they can become blacklisted. As a result, non-signature-based endpoint prevention is gaining interest among enterprises. Some of the non-signature approaches include memory protection, exploit prevention, and machine learning-based malware prevention.
"This trend is a core component of EDR technologies and malware sandboxes, but trend-wise, we see a movement across the anti-malware and endpoint-protection space to utilize behavioral monitoring, vs. traditional static signatures, as a core detection mechanism of the future," Pingree said, noting that essentially what is done is to combine real-time behavior evaluation with the current static signatures that are used to detect and defend against malware. At the time of this report Gartner did not have market data on this particular security technology.
This form of protection relies on a broad scope of security analytics around a user's behavior. This scope of user and entity behavioral analytics (UEBA) is applied to securing endpoints, networks, and applications. "Gartner expects UEBA market revenue will climb to almost $200 million by the end of 2017, up from less than $50 million today," Pingree said. "Market consolidation has begun and is expected to continue."
When attackers successfully enter an enterprise's main system, they can usually move from one system to another in a lateral fashion. But with microsegmentation, enterprises use granular segmentation of the traffic in their networks. Some have gone as far as to deploy technology to monitor communication flows as part of their visualization tools. These tools provide security administrators with information to help them understand flow patterns, establish segmentation policies, and monitor for deviations from those policies.
At the time of this report Gartner did not have market data on this particular security technology.
As security gets folded into the DevOps' workflows to become DevSecOps, this emerging operating model is using scripts, blueprints, and templates to create the underlying security infrastructure configuration.
"Security testing is widely used to triage new code development for security vulnerabilities. These tools help augment the developer's skills by automating the task of looking for application security flaws," Pingree said. He noted that Gartner estimates that the security testing market will grow to $1.2 billion by 2020, at a compounded average growth rate of 14.2%. It currently stands at $753 million.
Intelligence-driven security operations centers are not a single market segment, but rather an emerging concept in security operations, Pingree said. "[It is] where threat intelligence and intelligence about the entire enterprise environment drives how threats are detected, analyzed, responded to adaptively, and shared throughout the security community," he added.
"What remote browsing does is render web content off the endpoint, where it can be isolated away from the endpoint, thus protecting the endpoint's viewers from being used as vehicles for installing malware," Pingree explained. Most attacks, noted Gartner, begin with cyber-criminals targeting end-users with malware delivered via email, URLs, or malicious websites.
At the time of this report Gartner did not have market data on this particular security technology.
Distributed deception platforms are essentially a new technology that uses fake data and fake hosts to lure an attacker. When an attacker interacts with these luring elements, that fact can be detected very rapidly with low levels of false-positives, Pingree said. Essentially, attackers are deceived into setting off alarms by deploying these elements throughout the enterprise, data center, or cloud in order to detect them.
"Some malware examines a host before executing its attack, and if the right conditions aren't met, the malware will not execute. By lying to the malware, you can effectively prevent the malware from being effective. An example is if the malware arrives on a Windows 10 host, you can lie to that unknown process by saying that it's on a Windows XP host, thus making the malware inert, because it tries to select methods to exploit Windows XP," Pingree said. Currently, Gartner says it believes this market is between $25 million to $50 million and growing at a double-digit rate through 2018.
As companies request their security departments extend protection to the enterprise's operational technology and the Internet of Things, the need to secure and manage this protection has to scale. As a result, enterprises that need to scale and support billions of devices (many with processing capabilities that are constrained) are turning to trust services. Gartner recommends that an enterprise that needs a large-scale distributed trust or consensus-based service may want to zero in on secure provisioning, confidentiality, data integrity, device identity, and authentication in its trust service.
At the time of this report, Gartner did not have market data on this particular security technology.
As companies request their security departments extend protection to the enterprise's operational technology and the Internet of Things, the need to secure and manage this protection has to scale. As a result, enterprises that need to scale and support billions of devices (many with processing capabilities that are constrained) are turning to trust services. Gartner recommends that an enterprise that needs a large-scale distributed trust or consensus-based service may want to zero in on secure provisioning, confidentiality, data integrity, device identity, and authentication in its trust service.
At the time of this report, Gartner did not have market data on this particular security technology.
-
About the Author(s)
You May Also Like