Gartner's top 10 technologies for information security in 2014


25 June 2014
Information security

Gartner has identified the top 10 technologies for information security and their implications for security organisations in 2014. They are:

Cloud access security brokers

Cloud access security brokers are on-premise or cloud-based security policy enforcement points placed between cloud services consumers and cloud services providers to interject enterprise security policies as the cloud-based resources are accessed. With the initial adoption of cloud-based services often occurring outside the control of IT, these cloud access security brokers enable enterprises to gain visibility and control as their users access cloud resources.

Adaptive access control

Adaptive access control is a form of context-aware access control that seeks to balance the level of trust against risk at the moment of access.  With context awareness, access decisions can better reflect current conditions. This, together with dynamic risk mitigation, safely allows access where otherwise it would have been blocked.

Pervasive sandboxing (content detonation) and IOC confirmation

Many security platforms now include embedded capabilities to run ("detonate") executables and content in virtual machines (VMs) and observe the VMs for indications of compromise. Once a potential incident is detected, it is confirmed by correlating indicators of compromise across different entities.

Endpoint detection and response solutions

Endpoint detection and response tools record numerous endpoint and network events and store this information in a centralised database. Analytics tools are then used to continually search the database to provide early identification of ongoing attacks (including insider threats), and to rapidly respond to those attacks.

Big data security analytics at the heart of next-generation security platforms

Domain-specific embedded analytics will be included as a core capability in security protection platforms. Gartner predicts that by 2020, 40 per cent of enterprises will have established a "security data warehouse" for data generated through monitoring computing entities and layers. By storing and analysing this data over time, and by incorporating context and including outside threat and community intelligence, patterns of "normal" can be established and data analytics can be used to identify when meaningful deviations from normal have occurred.

Machine-readable threat intelligence, including reputation services

Next-generation security platforms will integrate with third-party sources for machine-readable threat intelligence and include reputation services that offer dynamic, real-time “trustability” rating that can be factored into security decisions.

Containment and isolation as a foundational security strategy

With signatures becoming increasingly ineffective in stopping attacks, an alternative strategy is to treat everything that is unknown as untrusted and isolate its handling and execution so that it cannot cause permanent damage to the system it is running on and cannot be used as a vector for attacks on other enterprise systems. Virtualisation and containment strategies will become a common element of a defence-in-depth protection strategy for enterprise systems, reaching 20 per cent adoption by 2016.

Software-defined security

While some dedicated security hardware will still be needed, software defined security will see the decoupling of security infrastructure capabilities and more of the value and intelligence moving into software.

Interactive application security testing

Interactive application security testing combines static and dynamic approaches to increase the accuracy of application security testing. This makes is possible to confirm or disprove the exploitability of a detected vulnerability and determine its point of origin in the application code.

Security gateways, brokers and firewalls to deal with the Internet of Things

More enterprise assets are being automated by operational technology systems based on commercial software products. These form an industrial subset of the "Internet of Things," which will include billions of interconnected sensors, devices and systems, many of which will communicate without human involvement and that will need to be protected and secured.