Top 10 Technologies For Information Security

Gartner highlighted the top 10 technologies for information security and their implications for security organizations in 2016.

“Information security teams and infrastructure must adapt to support emerging digital business requirements, and simultaneously deal with the increasingly advanced threat environment,” said Neil MacDonald, vice president, distinguished analyst and Gartner Fellow Emeritus. “Security and risk leaders need to fully engage with the latest technology trends if they are to define, achieve and maintain effective security and risk management programs that simultaneously enable digital business opportunities and manage risk.”

The top 10 technologies for information security are:

1.    Cloud Access Security Brokers

Cloud access security brokers (CASBs) provide information security professionals with a critical control point for the secure and compliant use of cloud services across multiple cloud providers. Many SaaS apps have limited visibility and control options; however, SaaS adoption is becoming pervasive in enterprises, which exacerbates the frustration of security teams looking for visibility and control.

CASB solutions fill many of the gaps in individual cloud services, and allow chief information security officers (CISOs) to do it simultaneously across a growing set of cloud services, including infrastructure as a service (IaaS) and platform as a service (PaaS) providers. As such, CASBs address a critical CISO requirement to set policy, monitor behavior and manage risk across the entire set of enterprise cloud services being consumed.

2.    Endpoint detection and response

The market for endpoint detection and response (EDR) solutions is expanding quickly in response to the need for more effective endpoint protection and the emerging imperative to detect potential breaches and react faster. EDR tools typically record numerous endpoint and network events, and store this information either locally on the endpoint or in a centralized database. Databases of known indicators of compromise (IOC), behavior analytics and machine-learning techniques are then used to continuously search the data for the early identification of breaches (including insider threats), and to rapidly respond to those attacks.

3.    Non-signature approaches for endpoint prevention

Purely signature-based approaches for malware prevention are ineffective against advanced and targeted attacks. Multiple techniques are emerging that augment traditional signature-based approaches, including memory protection and exploit prevention that prevent the common ways that malware gets onto systems, and machine learning-based malware prevention using mathematical models as an alternative to signatures for malware identification and blocking.

4.    User and entity behavioral analytics

User and entity behavioral analytics (UEBA) enables broad-scope security analytics, much like security information and event management (SIEM) enables broad-scope security monitoring. UEBA provides user-centric analytics around user behavior, but also around other entities such as endpoints, networks and applications. The correlation of the analyses across various entities makes the analytics’ results more accurate and threat detection more effective.

5.    Micro-segmentation and flow visibility

Once attackers have gained a foothold in enterprise systems, they typically can move unimpeded to other systems. To address this, there is an emerging requirement for “micro-segmentation” (more granular segmentation) of east/west traffic in enterprise networks. In addition, several of the solutions provide visibility and monitoring of the communication flows.

Visualization tools enable operations and security administrators to understand flow patterns, set segmentation policies and monitor for deviations. 

Finally, several vendors offer optional encryption of the network traffic (typically, point-to-point IPsec tunnels) between workloads for the protection of data in motion, and provide cryptographic isolation between workloads.

6.    Security testing for DevOps (DevSecOps)

Security needs to become an integral part of DevOps style workflows — DevSecOps. DevSecOps operating models are emerging that use scripts, “recipes,” blueprints and templates to drive the underlying configuration of security infrastructure — including security policies such as application testing during development or network connectivity at runtime.

In addition, several solutions perform automatic security scanning for vulnerabilities during the development process looking for known vulnerabilities before the system is released into production. Whether security is driven from models, blueprints, templates or toolchains, the concept and the desired outcome are the same — an automated, transparent and compliant configuration of the underlying security infrastructure based on policy reflecting the currently deployed state of the workloads.

7.    Intelligence-driven security operations center orchestration solutions

An intelligence-driven security operations center (SOC) goes beyond preventative technologies and the perimeter, and events-based monitoring. An intelligence-driven SOC has to be built for intelligence, and used to inform every aspect of security operations. To meet the challenges of the new “detection and response” paradigm, an intelligence-driven SOC also needs to move beyond traditional defenses, with an adaptive architecture and context-aware components.

To support these required changes in information security programs, the traditional SOC must evolve to become the intelligence-driven SOC (ISOC) with automation and orchestration of SOC processes being a key enabler.

8.    Remote browser

Most attacks start by targeting end-users with malware delivered via email, URLs or malicious websites. An emerging approach to address this risk is to remotely present the browser session from a “browser server” (typically Linux based) running on-premises or delivered as a cloud-based service.

By isolating the browsing function from the rest of the endpoint and corporate network, malware is kept off of the end-user’s system and the enterprise has significantly reduced the surface area for attack by shifting the risk of attack to the server sessions, which can be reset to a known good state on every new browsing session, tab opened or URL accessed.

9.    Deception

Deception technologies are defined by the use of deceits and/or tricks designed to thwart, or throw off, an attacker’s cognitive processes, disrupt an attacker’s automation tools, delay an attacker’s activities or disrupt breach progression. For example, deception capabilities create fake vulnerabilities, systems, shares and cookies. If an attacker tries to attack these fake resources, it is a strong indicator that an attack is in progress, as a legitimate user should not see or try to access these resources.

Deception technologies are emerging for network, application, endpoint and data, with the best systems combing multiple techniques. By 2018, Gartner predicts that 10 percent of enterprises will use deception tools and tactics, and actively participate in deception operations against attackers.

10.    Pervasive trust services

As enterprise security departments are asked to extend their protection capabilities to operational technology and the Internet of Things, new security models must emerge to provision and manage trust at scale. Trust services are designed to scale and support the needs of billions of devices, many with limited processing capability.

Enterprises looking for larger-scale, distributed trust or consensus-based services should focus on trust services that include secure provisioning, data integrity, confidentiality, device identity and authentication. Some leading-edge approaches use distributed trust and blockchain-like architectures to manage distributed trust and data integrity at a large scale.

HelpNetSecurity:

« How Will IOT Change Banking?
Responding To Russia´s Cyber Aggression »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ObserveIT

ObserveIT

ObserveIT helps companies identify & eliminate insider threats. Visually monitor & quickly investigate with our easy-deploy user activity monitoring solution.

CybSafe

CybSafe

CybSafe is a cloud-based platform focussed on addressing the human component of cyber security - an intelligent approach to awareness training.

Riskified

Riskified

Riskified is a leading eCommerce fraud-prevention company, trusted by hundreds of global brands – from luxury fashion houses and retail chains, to gift card and ticket marketplaces.

Monegasque Digital Security Agency (AMSN)

Monegasque Digital Security Agency (AMSN)

AMSN is the national authority in charge of the security of information systems in Monaco.

Fraud.com

Fraud.com

Fraud.com ensures trust at every step of the customer's digital journey; this complete end-to-end protection delivers unified identity, authentication and fraud detection and prevention.

Keepnet Labs

Keepnet Labs

Keepnet Labs is a phishing defence platform that provides a holistic approach to people, processes and technology to reduce breaches and data loss and presents anti-phishing solutions.

Conference Index

Conference Index

Conference Index provides an indexed listing of upcoming meetings, seminars, congresses, workshops, summits and symposiums across a wide range of subjects including Cybersecurity.

Securolytics

Securolytics

Securolytics offers the simplest, most complete and affordable IoT security for all organizations. Securolytics quickly identifies unmanaged devices to reduce security and compliance risks.

Cyber Chasse

Cyber Chasse

Cyber Chasse is an IT consulting and staffing company offering a full range of cybersecurity solutions, contract staffing services and online training courses.

Nemstar

Nemstar

Nemstar is a specialist in Information Security & Cyber Training with over 25 years' industry experience.

ZINAD IT

ZINAD IT

ZINAD is an information security company offering state-of-the-art cybersecurity awareness products, solutions and services.

Defence Innovation Accelerator for the North Atlantic (DIANA)

Defence Innovation Accelerator for the North Atlantic (DIANA)

The NATO DIANA accelerator programme is designed to equip businesses with the skills and knowledge to navigate the world of deep tech, dual-use innovation.

Driven Technologies

Driven Technologies

Driven is a cloud native service provider transforming the way companies leverage technology to improve business by securing, modernizing, and connecting applications, users, and data.

Opkalla

Opkalla

We started Opkalla because we believe IT professionals deserve better. We help our clients navigate the confusion in the marketplace and choose the solution that is right for your business.

Symbiotic Security

Symbiotic Security

Symbiotic Security revolutionizes code security by integrating an AI-driven security coach directly within developers' IDEs.

INETCO Systems

INETCO Systems

INETCO deliver essential real-time cybersecurity, payment fraud detection, operational monitoring and analytics solutions that empower our customers to grow their businesses without interruptions.