Top 10 tech for IT security in 2016


26 June 2016

IT research and advisory company Gartner has highlighted the top 10 technologies for information security and their implications for security organisations in 2016. Analysts presented their findings during the Gartner Security & Risk Management Summit, held recently in India.

Information security teams and infrastructure must adapt to support emerging digital business requirements, and simultaneously deal with the increasingly advanced threat environment, said Neil MacDonald, vice president, distinguished analyst and Gartner Fellow Emeritus at the Summit. "Security and risk leaders need to fully engage with the latest technology trends if they are to define, achieve and maintain effective security and risk management programmes that simultaneously enable digital business opportunities and manage risk," he said.

According to Gartner, the top 10 technologies for information security are:

Cloud Access Security Brokers
Cloud access security brokers (CASBs) solutions fill many of the gaps in individual cloud services, and allow chief information security officers (CISOs) to do it simultaneously across a growing set of cloud services, including infrastructure as a service (IaaS) and platform as a service (PaaS) providers. Gartner says CASBs can address a critical CISO requirement to set policy, monitor behaviour and manage risk across the entire set of enterprise cloud services being consumed.

Endpoint Detection and Response
According to Gartner, the market for endpoint detection and response (EDR) solutions is expanding quickly in response to the need for more effective endpoint protection and the emerging imperative to detect potential breaches and react faster. EDR tools typically record numerous endpoint and network events, and store this information either locally on the endpoint or in a centralised database. Databases of known indicators of compromise (IOC), behaviour analytics and machine-learning techniques are then used to continuously search the data for the early identification of breaches (including insider threats), and to rapidly respond to those attacks.

Nonsignature Approaches for Endpoint Prevention
Purely signature-based approaches for malware prevention are ineffective against advanced and targeted attacks, says Gartner. Multiple techniques are emerging that augment traditional signature-based approaches, including memory protection and exploit prevention that prevent the common ways that malware gets onto systems, and machine learning-based malware prevention using mathematical models as an alternative to signatures for malware identification and blocking.

User and Entity Behavioural Analytics
User and entity behavioural analytics (UEBA) enables broad-scope security analytics. It provides user-centric analytics around user behaviour, but also around other entities such as endpoints, networks and applications. The correlation of the analyses across various entities makes the analytics' results more accurate and threat detection more effective, according to Gartner.

Microsegmentation and Flow Visibility
Once attackers have gained a foothold in enterprise systems, they typically can move unimpeded laterally ("east/west") to other systems. To address this, Gartner says there is an emerging requirement for "microsegmentation" (more granular segmentation) of east/west traffic in enterprise networks. In addition, several of the solutions provide visibility and monitoring of the communication flows. Several vendors also offer optional encryption of the network traffic (typically, point-to-point IPsec tunnels) between workloads for the protection of data in motion, and provide cryptographic isolation between workloads.

Security Testing for DevOps (DevSecOps)
DevSecOps operating models are emerging that use scripts, "recipes," blueprints and templates to drive the underlying configuration of security infrastructure. In addition, several solutions perform automatic security scanning for vulnerabilities during the development process looking for known vulnerabilities before the system is released into production. Whether security is driven from models, blueprints, templates or toolchains, the concept and the desired outcome are the same — an automated, transparent and compliant configuration of the underlying security infrastructure based on policy reflecting the currently deployed state of the workloads, says Gartner.

Intelligence-Driven Security Operations Centre Orchestration Solutions
According to Gartner, to meet the challenges of the new "detection and response" paradigm, an intelligence-driven security operations centre (SOC) needs to move beyond traditional defenses, with an adaptive architecture and context-aware components. To support these required changes in information security programmes, the traditional SOC must evolve to become the intelligence-driven SOC (ISOC) with automation and orchestration of SOC processes being a key enabler.

Remote Browser
Most attacks start by targeting end-users with malware delivered via email, URLs or malicious websites. Gartner says an emerging approach to address this risk is to remotely present the browser session from a "browser server" (typically Linux based) running on-premises or delivered as a cloud-based service. By isolating the browsing function from the rest of the endpoint and corporate network, malware is kept off of the end-user's system and the enterprise has significantly reduced the surface area for attack by shifting the risk of attack to the server sessions, which can be reset to a known good state on every new browsing session, tab opened or URL accessed.

Deception technologies are defined by the use of deceits and/or tricks designed to thwart, or throw off, an attacker's cognitive processes, disrupt an attacker's automation tools, delay an attacker's activities or disrupt breach progression. Deception technologies are emerging for network, application, endpoint and data, with the best systems combing multiple techniques. By 2018, Gartner predicts that 10 per cent of enterprises will use deception tools and tactics, and actively participate in deception operations against attackers.

Pervasive Trust Services
According to Gartner, as enterprise security departments are asked to extend their protection capabilities to operational technology and the Internet of Things, new security models must emerge to provision and manage trust at scale. Enterprises looking for larger-scale, distributed trust or consensus-based services should focus on trust services that include secure provisioning, data integrity, confidentiality, device identity and authentication. Some leading-edge approaches use distributed trust and blockchain-like architectures to manage distributed trust and data integrity at a large scale, says Gartner.